From ee13c789e5bcc967e601709d5b2ccd159dcdeca3 Mon Sep 17 00:00:00 2001 From: Dmitriy-Butramyou <49509644+Dmitriy-Butramyou@users.noreply.github.com> Date: Thu, 8 Feb 2024 12:21:57 +0300 Subject: [PATCH] [MODEXPS-251] - Delete sensitive information from the log (#288) * [MODEXPS-251] - Delete sensitive information from the log * [MODEXPS-251] - Added LogMaskingConverter * [MODEXPS-251] - Smell fix * [MODEXPS-251] - Refactoring --- .../des/service/impl/JobServiceImpl.java | 1 - .../folio/des/util/LogMaskingConverter.java | 86 +++++++++++++++++++ src/main/resources/log4j2-json.properties | 2 +- src/main/resources/log4j2.properties | 4 +- 4 files changed, 89 insertions(+), 4 deletions(-) create mode 100644 src/main/java/org/folio/des/util/LogMaskingConverter.java diff --git a/src/main/java/org/folio/des/service/impl/JobServiceImpl.java b/src/main/java/org/folio/des/service/impl/JobServiceImpl.java index 8ba224d4..0b46100d 100644 --- a/src/main/java/org/folio/des/service/impl/JobServiceImpl.java +++ b/src/main/java/org/folio/des/service/impl/JobServiceImpl.java @@ -1,6 +1,5 @@ package org.folio.des.service.impl; -import static java.util.Objects.nonNull; import static org.folio.des.domain.dto.ExportType.BULK_EDIT_IDENTIFIERS; import static org.folio.des.domain.dto.ExportType.BULK_EDIT_QUERY; import static org.folio.des.domain.dto.ExportType.BULK_EDIT_UPDATE; diff --git a/src/main/java/org/folio/des/util/LogMaskingConverter.java b/src/main/java/org/folio/des/util/LogMaskingConverter.java new file mode 100644 index 00000000..b7d893ed --- /dev/null +++ b/src/main/java/org/folio/des/util/LogMaskingConverter.java @@ -0,0 +1,86 @@ +package org.folio.des.util; + +import lombok.extern.log4j.Log4j2; +import org.apache.logging.log4j.core.LogEvent; +import org.apache.logging.log4j.core.config.plugins.Plugin; +import org.apache.logging.log4j.core.pattern.ConverterKeys; +import org.apache.logging.log4j.core.pattern.LogEventPatternConverter; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +@Plugin(name = "LogMaskingConverter", category = "Converter") +@ConverterKeys({"spi"}) +@Log4j2 +public class LogMaskingConverter extends LogEventPatternConverter { + private static final Pattern SERVER_ADDRESS_PATTERN = Pattern.compile("ftps?://[a-zA-Z0-9.]+/"); + private static final String SERVER_ADDRESS_PATTERN_REPLACEMENT = "**********"; + public static final Pattern PASSWORD_PATTERN = Pattern.compile("password: [a-zA-Z0-9@#$?&%!~]+"); + public static final String PASSWORD_PATTERN_REPLACEMENT = "password: **********"; + public static final Pattern PASSWORD_SECOND_PATTERN = Pattern.compile("\"password\":\"[a-zA-Z0-9@#$?&%!~]+\""); + public static final String PASSWORD_SECOND_PATTERN_REPLACEMENT = "\"password\":\"**********\""; + public static final Pattern USERNAME_PATTERN = Pattern.compile("username: [a-zA-Z0-9]+"); + public static final String USERNAME_PATTERN_REPLACEMENT = "username: **********"; + public static final Pattern USERNAME_SECOND_PATTERN = Pattern.compile("\"username\":\"[a-zA-Z0-9]+\""); + public static final String USERNAME_SECOND_PATTERN_REPLACEMENT = "\"username\":\"**********\""; + + + protected LogMaskingConverter(String name, String style) { + super(name, style); + } + + public static LogMaskingConverter newInstance() { + return new LogMaskingConverter("spi", Thread.currentThread().getName()); + } + + @Override + public void format(LogEvent event, StringBuilder toAppendTo) { + String messageString = toAppendTo.toString(); + toAppendTo.delete(0, toAppendTo.length()); + String maskedMessage; + try { + maskedMessage = mask(messageString); + } catch (Exception e) { + log.error("Failed while masking with message: {}", e.getMessage()); + maskedMessage = messageString; + } + toAppendTo.append(maskedMessage); + } + + private String mask(String message) { + Matcher matcher; + StringBuffer buffer = new StringBuffer(); + + matcher = SERVER_ADDRESS_PATTERN.matcher(message); + maskMatcher(matcher, buffer, SERVER_ADDRESS_PATTERN_REPLACEMENT); + message = buffer.toString(); + buffer.setLength(0); + + matcher = PASSWORD_PATTERN.matcher(message); + maskMatcher(matcher, buffer, PASSWORD_PATTERN_REPLACEMENT); + message = buffer.toString(); + buffer.setLength(0); + + matcher = PASSWORD_SECOND_PATTERN.matcher(message); + maskMatcher(matcher, buffer, PASSWORD_SECOND_PATTERN_REPLACEMENT); + message = buffer.toString(); + buffer.setLength(0); + + matcher = USERNAME_PATTERN.matcher(message); + maskMatcher(matcher, buffer, USERNAME_PATTERN_REPLACEMENT); + message = buffer.toString(); + buffer.setLength(0); + + matcher = USERNAME_SECOND_PATTERN.matcher(message); + maskMatcher(matcher, buffer, USERNAME_SECOND_PATTERN_REPLACEMENT); + + return buffer.toString(); + } + + private void maskMatcher(Matcher matcher, StringBuffer buffer, String maskStr) { + while (matcher.find()) { + matcher.appendReplacement(buffer, maskStr); + } + matcher.appendTail(buffer); + } +} diff --git a/src/main/resources/log4j2-json.properties b/src/main/resources/log4j2-json.properties index ea45560e..6e9d09d0 100644 --- a/src/main/resources/log4j2-json.properties +++ b/src/main/resources/log4j2-json.properties @@ -1,6 +1,6 @@ status = error name = PropertiesConfig -packages = org.folio.spring.logging +packages = org.folio.des.util filters = threshold diff --git a/src/main/resources/log4j2.properties b/src/main/resources/log4j2.properties index 0a4d49fb..5beb8ff2 100644 --- a/src/main/resources/log4j2.properties +++ b/src/main/resources/log4j2.properties @@ -1,6 +1,6 @@ status = error name = PropertiesConfig -packages = org.folio.spring.logging +packages = org.folio.des.util filters = threshold @@ -13,7 +13,7 @@ appender.console.type = Console appender.console.name = STDOUT appender.console.layout.type = PatternLayout -appender.console.layout.pattern = %d{HH:mm:ss} [$${folio:requestid:-}] [$${folio:tenantid:-}] [$${folio:userid:-}] [$${folio:moduleid:-}] %-5p %-20.20C{1} %m%n +appender.console.layout.pattern = %d{HH:mm:ss} [$${folio:requestid:-}] [$${folio:tenantid:-}] [$${folio:userid:-}] [$${folio:moduleid:-}] %-5p %-20.20C{1} %m%n %ex{full} %spi rootLogger.level = info rootLogger.appenderRefs = info