feat: add log masking feature #138
Conversation
code/src/main/kotlin/com/expediagroup/sdk/core/logging/masking/LogMasker.kt
Show resolved
Hide resolved
| * @return The current instance of MaskingPatternBuilder. | ||
| */ | ||
| fun pathFields(vararg paths: List<String>) = apply { | ||
| pathFields += paths.map { it.takeLast(2) } |
There was a problem hiding this comment.
can we document this behavior in the method doc? we need to keep track of this workaround
There was a problem hiding this comment.
How will this affect us? Didn't you mention you have a workaround for it?
And to make sure I understand, I wouldn't be able to mask x in a.b.c.x without masking a.x.y.z because of this limit. Right? Please add a clear example to the doc.
...tlin/com/expediagroup/sdk/lodgingconnectivity/configuration/LodgingConnectivityLogMasking.kt
Outdated
Show resolved
Hide resolved
code/src/main/kotlin/com/expediagroup/sdk/lodgingconnectivity/payment/PaymentClient.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskerTest.kt
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.kt
Outdated
Show resolved
Hide resolved
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.kt
Outdated
Show resolved
Hide resolved
| get() = setOf(listOf("field3", "field4")) | ||
| } | ||
|
|
||
| assertEquals(maskingConfiguration.globalMaskedFields.size, 2) |
There was a problem hiding this comment.
more assertions should be added to reflect the test name
| /** | ||
| * Object implementing the PatternBasedMask interface. | ||
| */ | ||
| internal val mask = object : PatternBasedMask { |
There was a problem hiding this comment.
Why do we need this to be an object? Couldn't we build and pass the masking configs somewhere?
| import org.junit.jupiter.api.Test | ||
| import org.junit.jupiter.api.TestInstance | ||
|
|
||
| @TestInstance(TestInstance.Lifecycle.PER_METHOD) |
There was a problem hiding this comment.
This is the default behaviour, I think we could/should remove the annotation.
| } | ||
|
|
||
| @Test | ||
| fun `passed path fields are truncated to the last two elements`() { |
There was a problem hiding this comment.
Please document that this test should fail once support for more elements is added.
| * @return The current instance of MaskingPatternBuilder. | ||
| */ | ||
| fun pathFields(vararg paths: List<String>) = apply { | ||
| pathFields += paths.map { it.takeLast(2) } |
There was a problem hiding this comment.
How will this affect us? Didn't you mention you have a workaround for it?
And to make sure I understand, I wouldn't be able to mask x in a.b.c.x without masking a.x.y.z because of this limit. Right? Please add a clear example to the doc.
Situation
Our SDKs are responsible for logging requests and responses transmitted over the network. Some requests include fields subject to the Payment Card Industry Data Security Standard (PCI DSS). To ensure compliance and safeguard sensitive information, these fields, along with other critical data, need to be masked in logs.
Task
The task was to implement a more flexible and context-aware log masking solution in the SDK. The current implementation using the
ejmasklibrary had limitations such as static configuration and global masking behavior, which could lead to unintended masking across different client instances.Action
To address these issues, we introduced a pattern-based masking approach that allows for more granular and configurable masking rules. This approach ensures that sensitive information is appropriately masked in logs while providing the flexibility to define masking rules specific to each client instance. Key components of the new implementation include:
LogMaskerclass: Handles pattern-based masking.LogMaskingFeatureclass: Configures and enables log masking.MaskingPatternBuilderclass: Builds masking patterns.Result
The new implementation ensures that sensitive information is securely masked in logs, enhancing the overall security of the SDK. It provides the flexibility to define masking rules specific to each client instance, addressing the limitations of the previous implementation.
Test
Added the following new unit-test files:
code/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskerTest.ktcode/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/LogMaskingFeatureTest.ktcode/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/MaskingPatternBuilderTest.ktcode/src/test/kotlin/com/expediagroup/sdk/core/logging/masking/PatternBuildersTest.ktNotes
NaN