-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add log masking feature #138
base: main
Are you sure you want to change the base?
Conversation
code/src/main/kotlin/com/expediagroup/sdk/core/logging/masking/LogMasker.kt
Outdated
Show resolved
Hide resolved
* @return The current instance of MaskingPatternBuilder. | ||
*/ | ||
fun pathFields(vararg paths: List<String>) = apply { | ||
pathFields += paths.map { it.takeLast(2) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we document this behavior in the method doc? we need to keep track of this workaround
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will this affect us? Didn't you mention you have a workaround for it?
And to make sure I understand, I wouldn't be able to mask x in a.b.c.x
without masking a.x.y.z
because of this limit. Right? Please add a clear example to the doc.
...tlin/com/expediagroup/sdk/lodgingconnectivity/configuration/LodgingConnectivityLogMasking.kt
Outdated
Show resolved
Hide resolved
code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/payment/PaymentClient.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskerTest.kt
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.kt
Outdated
Show resolved
Hide resolved
code/src/main/kotlin/com/expediagroup/sdk/core/common/Feature.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.kt
Outdated
Show resolved
Hide resolved
get() = setOf(listOf("field3", "field4")) | ||
} | ||
|
||
assertEquals(maskingConfiguration.globalMaskedFields.size, 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more assertions should be added to reflect the test name
/** | ||
* Object implementing the PatternBasedMask interface. | ||
*/ | ||
internal val mask = object : PatternBasedMask { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this to be an object? Couldn't we build and pass the masking configs somewhere?
import org.junit.jupiter.api.Test | ||
import org.junit.jupiter.api.TestInstance | ||
|
||
@TestInstance(TestInstance.Lifecycle.PER_METHOD) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the default behaviour, I think we could/should remove the annotation.
} | ||
|
||
@Test | ||
fun `passed path fields are truncated to the last two elements`() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please document that this test should fail once support for more elements is added.
* @return The current instance of MaskingPatternBuilder. | ||
*/ | ||
fun pathFields(vararg paths: List<String>) = apply { | ||
pathFields += paths.map { it.takeLast(2) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will this affect us? Didn't you mention you have a workaround for it?
And to make sure I understand, I wouldn't be able to mask x in a.b.c.x
without masking a.x.y.z
because of this limit. Right? Please add a clear example to the doc.
# Conflicts: # code/src/main/kotlin/com/expediagroup/sdk/core/logging/LoggingInterceptor.kt # code/src/main/kotlin/com/expediagroup/sdk/core/logging/common/LoggerDecorator.kt # code/src/main/kotlin/com/expediagroup/sdk/core/logging/masking/JsonFieldFilter.kt # code/src/main/kotlin/com/expediagroup/sdk/core/logging/masking/JsonFieldPatternBuilder.kt # code/src/main/kotlin/com/expediagroup/sdk/core/logging/masking/MaskLogsUtils.kt # code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/common/RequestExecutor.kt # code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/payment/PaymentClient.kt # code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/sandbox/SandboxDataManagementClient.kt # code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/supply/reservation/ReservationClient.kt
|
||
@Test | ||
fun `masks path fields in json payload`() { | ||
val pathFields = setOf(listOf("first", "second"), listOf("first1", "second1", "third1", "as")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would happen to the output if you targeted a complex object? In other words, if you changed this line to:
val pathFields = setOf(listOf("first", "second"), listOf("first1", "second1", "third1"))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whether or not that is a valid case, we should probably have a test for that.
Situation
Our SDKs are responsible for logging requests and responses transmitted over the network. Some requests include fields subject to the Payment Card Industry Data Security Standard (PCI DSS). To ensure compliance and safeguard sensitive information, these fields, along with other critical data, need to be masked in logs.
Task
The task was to implement a more flexible and context-aware log masking solution in the SDK. The current implementation using the
ejmask
library had limitations such as static configuration and global masking behavior, which could lead to unintended masking across different client instances.Action
To address these issues, we introduced a pattern-based masking approach that allows for more granular and configurable masking rules. This approach ensures that sensitive information is appropriately masked in logs while providing the flexibility to define masking rules specific to each client instance. Key components of the new implementation include:
LogMasker
class: Handles pattern-based masking.LogMaskingFeature
class: Configures and enables log masking.MaskingPatternBuilder
class: Builds masking patterns.Result
The new implementation ensures that sensitive information is securely masked in logs, enhancing the overall security of the SDK. It provides the flexibility to define masking rules specific to each client instance, addressing the limitations of the previous implementation.
Test
Added the following new unit-test files:
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskerTest.kt
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskingFeatureTest.kt
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.kt
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.kt
Notes
NaN