Logging: How to Mask Sensitive Data

​You can leverage the Log4j Framework by Apache to make changes to the message logger during application execution.  In the case where you are dealing with sensitive data in your application, it is difficult to mask at the code level because so many of the libraries log data that you do not have control over the message input.  What Log4j offers is a way to intercept the data before it logs it to a file by creating a Rewrite Policy.

Rewrite Policy

​You need to create a Java class that implements the Apache RewritePolicy class.  This will give you access to the log data before it is logged such as the logger name, level, message, throwable, etc…  You will notice that you need to invoke the class as a factory method.  In this case we are not passing any arguments so we just call the constructor and there is no logic involved.  To pass arguments you need to annotate them with @PluginAttribute(“attributeName”) and then pass them to the constructor when instantiating the object.

package com.deic.custom.logger;
 
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.appender.rewrite.RewritePolicy;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginFactory;
import org.apache.logging.log4j.core.impl.Log4jLogEvent;
import org.apache.logging.log4j.message.SimpleMessage;
import org.apache.logging.log4j.status.StatusLogger;
 
@Plugin(name = "LogInterceptor", category = "Core", elementType = "rewritePolicy", printObject = true)
public class CustomLogInterceptor implements RewritePolicy {
               protected static final Logger logger = StatusLogger.getLogger();
 
               private CustomLogInterceptor() {
               }
              
               @PluginFactory
               public static CustomLogInterceptor createPolicy() {
                               return new CustomLogInterceptor();
               }
              
               @Override
               public LogEvent rewrite(LogEvent event) {
                               String message = event.getMessage().getFormattedMessage();
                               
                               // write your code to manipulate your message here
                               message = message.replaceAll("password", "*******");
                                                             
                               return Log4jLogEvent.newBuilder()
                           .setLoggerName(event.getLoggerName())
                           .setMarker(event.getMarker())
                           .setLoggerFqcn(event.getLoggerFqcn())
                           .setLevel(event.getLevel())
                           .setMessage(new SimpleMessage(message))
                           .setThrown(event.getThrown())
                           .setContextMap(event.getContextMap())
                           .setContextStack(event.getContextStack())
                           .setThreadName(event.getThreadName())
                           .setSource(event.getSource())
                           .setTimeMillis(event.getTimeMillis())
                           .build();
               }
}

Log4j XML

Below in an example of how you can wire in your Rewrite Policy for Log4j.
In this example;

  • The AsyncRoot references the Rewrite Appender
  • The Rewrite Appender references the Rewrite Policy found in the package specified in the Configuration node
  • The Rewrite Appender references the Rolling File Appender

When you run your application you will notice that the logger is intercepted after it writes to the console and before it writes to the log file.  If you add a Console Appender and reference it from the Rewrite Appender the console will show log every line twice, once with the modified log line and one without.  Therefore it is better to leave it as just the Rolling File Appender so that no sensitive data is persisted and the console stays legible.

<?xml version="1.0" encoding="utf-8"?>
<Configuration status="trace" packages="com.deic.custom.logger">
<Appenders>
<RollingFile name="file" fileName="${sys:mule.home}${sys:file.separator}logs${sys:file.separator}test.log"
                              filePattern="${sys:mule.home}${sys:file.separator}logs${sys:file.separator}test-%i.log">
                                             <PatternLayout pattern="%d [%t] %-5p %c - %m%n" />
                                             <SizeBasedTriggeringPolicy size="10 MB" />
                                             <DefaultRolloverStrategy max="10"/>
                              </RollingFile>
                              <Rewrite name="rewrite">
                                             <LogInterceptor />
                                             <AppenderRef ref="file"/>
                              </Rewrite>
               </Appenders>
               <Loggers>
                    // some loggers here
       
                              <AsyncRoot level="INFO">
                                             <AppenderRef ref="rewrite" />
                              </AsyncRoot>
               </Loggers>
</Configuration>
0

Leave a Reply

Your email address will not be published. Required fields are marked *