[MODEXPS-251] - Delete sensitive information from the log (folio-org#288

) * [MODEXPS-251] - Delete sensitive information from the log * [MODEXPS-251] - Added LogMaskingConverter * [MODEXPS-251] - Smell fix * [MODEXPS-251] - Refactoring
ualibweb · Feb 8, 2024 · ee13c78 · ee13c78
1 parent ac109de
commit ee13c78
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 4 deletions.
diff --git a/src/main/java/org/folio/des/service/impl/JobServiceImpl.java b/src/main/java/org/folio/des/service/impl/JobServiceImpl.java
@@ -1,6 +1,5 @@
 package org.folio.des.service.impl;
 
-import static java.util.Objects.nonNull;
 import static org.folio.des.domain.dto.ExportType.BULK_EDIT_IDENTIFIERS;
 import static org.folio.des.domain.dto.ExportType.BULK_EDIT_QUERY;
 import static org.folio.des.domain.dto.ExportType.BULK_EDIT_UPDATE;

diff --git a/src/main/java/org/folio/des/util/LogMaskingConverter.java b/src/main/java/org/folio/des/util/LogMaskingConverter.java
@@ -0,0 +1,86 @@
+package org.folio.des.util;
+
+import lombok.extern.log4j.Log4j2;
+import org.apache.logging.log4j.core.LogEvent;
+import org.apache.logging.log4j.core.config.plugins.Plugin;
+import org.apache.logging.log4j.core.pattern.ConverterKeys;
+import org.apache.logging.log4j.core.pattern.LogEventPatternConverter;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@Plugin(name = "LogMaskingConverter", category = "Converter")
+@ConverterKeys({"spi"})
+@Log4j2
+public class LogMaskingConverter extends LogEventPatternConverter {
+  private static final Pattern SERVER_ADDRESS_PATTERN = Pattern.compile("ftps?://[a-zA-Z0-9.]+/");
+  private static final String SERVER_ADDRESS_PATTERN_REPLACEMENT = "**********";
+  public static final Pattern PASSWORD_PATTERN = Pattern.compile("password: [a-zA-Z0-9@#$?&%!~]+");
+  public static final String PASSWORD_PATTERN_REPLACEMENT = "password: **********";
+  public static final Pattern PASSWORD_SECOND_PATTERN = Pattern.compile("\"password\":\"[a-zA-Z0-9@#$?&%!~]+\"");
+  public static final String PASSWORD_SECOND_PATTERN_REPLACEMENT = "\"password\":\"**********\"";
+  public static final Pattern USERNAME_PATTERN = Pattern.compile("username: [a-zA-Z0-9]+");
+  public static final String USERNAME_PATTERN_REPLACEMENT = "username: **********";
+  public static final Pattern USERNAME_SECOND_PATTERN = Pattern.compile("\"username\":\"[a-zA-Z0-9]+\"");
+  public static final String USERNAME_SECOND_PATTERN_REPLACEMENT = "\"username\":\"**********\"";
+
+
+  protected LogMaskingConverter(String name, String style) {
+    super(name, style);
+  }
+
+  public static LogMaskingConverter newInstance() {
+    return new LogMaskingConverter("spi", Thread.currentThread().getName());
+  }
+
+  @Override
+  public void format(LogEvent event, StringBuilder toAppendTo) {
+    String messageString = toAppendTo.toString();
+    toAppendTo.delete(0, toAppendTo.length());
+    String maskedMessage;
+    try {
+      maskedMessage = mask(messageString);
+    } catch (Exception e) {
+      log.error("Failed while masking with message: {}", e.getMessage());
+      maskedMessage = messageString;
+    }
+    toAppendTo.append(maskedMessage);
+  }
+
+  private String mask(String message) {
+    Matcher matcher;
+    StringBuffer buffer = new StringBuffer();
+
+    matcher = SERVER_ADDRESS_PATTERN.matcher(message);
+    maskMatcher(matcher, buffer, SERVER_ADDRESS_PATTERN_REPLACEMENT);
+    message = buffer.toString();
+    buffer.setLength(0);
+
+    matcher = PASSWORD_PATTERN.matcher(message);
+    maskMatcher(matcher, buffer, PASSWORD_PATTERN_REPLACEMENT);
+    message = buffer.toString();
+    buffer.setLength(0);
+
+    matcher = PASSWORD_SECOND_PATTERN.matcher(message);
+    maskMatcher(matcher, buffer, PASSWORD_SECOND_PATTERN_REPLACEMENT);
+    message = buffer.toString();
+    buffer.setLength(0);
+
+    matcher = USERNAME_PATTERN.matcher(message);
+    maskMatcher(matcher, buffer, USERNAME_PATTERN_REPLACEMENT);
+    message = buffer.toString();
+    buffer.setLength(0);
+
+    matcher = USERNAME_SECOND_PATTERN.matcher(message);
+    maskMatcher(matcher, buffer, USERNAME_SECOND_PATTERN_REPLACEMENT);
+
+    return buffer.toString();
+  }
+
+  private void maskMatcher(Matcher matcher, StringBuffer buffer, String maskStr) {
+    while (matcher.find()) {
+      matcher.appendReplacement(buffer, maskStr);
+    }
+    matcher.appendTail(buffer);
+  }
+}
diff --git a/src/main/resources/log4j2-json.properties b/src/main/resources/log4j2-json.properties
@@ -1,6 +1,6 @@
 status = error
 name = PropertiesConfig
-packages = org.folio.spring.logging
+packages = org.folio.des.util
 
 filters = threshold
 

diff --git a/src/main/resources/log4j2.properties b/src/main/resources/log4j2.properties
@@ -1,6 +1,6 @@
 status = error
 name = PropertiesConfig
-packages = org.folio.spring.logging
+packages = org.folio.des.util
 
 filters = threshold
 
@@ -13,7 +13,7 @@ appender.console.type = Console
 appender.console.name = STDOUT
 
 appender.console.layout.type = PatternLayout
-appender.console.layout.pattern = %d{HH:mm:ss} [$${folio:requestid:-}] [$${folio:tenantid:-}] [$${folio:userid:-}] [$${folio:moduleid:-}] %-5p %-20.20C{1} %m%n
+appender.console.layout.pattern = %d{HH:mm:ss} [$${folio:requestid:-}] [$${folio:tenantid:-}] [$${folio:userid:-}] [$${folio:moduleid:-}] %-5p %-20.20C{1} %m%n %ex{full} %spi
 
 rootLogger.level = info
 rootLogger.appenderRefs = info