mask.yml
mask.yml is the configuration file for masking logging info.
this configuration file can also be used for centralizing mask rules.
dump handler and audit handler will use this config to mask logging info based on those predefined fields, those fields will be shown in below.
| Field Name | Type | Description |
|---|---|---|
| string | [MaskString Object](#MaskString Object) | |
| regex | [MaskRegex Object](#MaskRegex Object) | |
| json | [MaskJson Object](#MaskJson Object) |
MaskString Object
| Field Name | Type | Description |
|---|---|---|
| uri | map(${Pattern}: ${Replacement}) | Predefined field for AuditHandler and DumpHandler mask url by trying to match child keys(patterns), then replace the matches with values defined example: in mask.yml defines as following: uri: password=[^&]: password=***** number=\d{1,16}: number=—————- |
| ${key} | map(${Pattern}: ${Replacement}) | |
| **Usage:** | ||
| Mask a String by matching each child key(pattern) defined in ${key} |
String url1 = "/v1/customer?sin=123456789&password=secret&number=1234567890123456";
String output = Mask.maskString(url1, "uri");
Assert.assertEquals("/v1/customer?sin=masked&password=******&number=----------------", output);
MaskRegex Object
| Field Name | Type | Description |
|---|---|---|
| queryParameter | map(${ParameterName}: ${Pattern}) | Predefined field for AuditHandler and DumpHandler mask query parameters based on parameter name defined inside, then replace the matches with values defined example: in mask.yml defines as following: queryParameter: accountNo: “(.*)” |
| requestHeader | map(${headerName}: ${Pattern}) | Predefined field for AuditHandler and DumpHandler mask request headers based on header name defined inside, then replace the matches with values defined example: in mask.yml defines as following: requestHeader: header1: “(.*)” |
| responseHeader | map(${headerName}: ${Pattern}) | Predefined field for AuditHandler and DumpHandler mask response headers based on header name defined inside, then replace the matches with values defined example: in mask.yml defines as following: responseHeader: header1: “(.*)” |
| requestCookies | map(${cookieName}: ${Pattern}) | Predefined field for AuditHandler and DumpHandler mask request cookies based on header name defined inside, then replace the matches with values defined example: in mask.yml defines as following: requestCookies: cookie1: “(.*)” |
| responseCookies | map(${cookieName}: ${Pattern}) | Predefined field for AuditHandler and DumpHandler mask response cookies based on header name defined inside, then replace the matches with values defined example: in mask.yml defines as following: responseCookies: cookie2: “(.*)” |
| ${set} | map(${key}: ${Pattern}) |
**Usage:** Mask a String based on key:
- find the ${key} defined in ${set}
- try to match the string with ${Pattern}
- replace the match with “*”
String testHeader2 = "tests";
String output2 = Mask.maskRegex(testHeader2, "requestHeader", "header2");
Assert.assertEquals(output2, "*****");
MaskJson Object
| Field Name | Type | Description |
|---|---|---|
| requestBody | map(${JsonPath}: ${Pattern}) | Predefined field for DumpHandler mask request body json based on json path defined inside, then replace the matches with values defined example: in mask.yml defines as following: requestBody: “$.*.email”: “(.*)” |
| responseBody | map(${JsonPath}: ${Pattern}) | Predefined field for DumpHandler mask response body json based on json path defined inside, then replace the matches with values defined example: in mask.yml defines as following: responseBody: “$.product[*].item[*].name”: “(.*)” |
**Usage:** Mask.maskJson(inputJsonStr, “test2”) Config in mask.yml:
test2:
"$.list.*.name": "(.*)"
"$.list.*.accounts.*": "(.*)"
"$.list1": "(.*)"
"$.password": "(.*)"
Input Json:
{"name":"Steve",
"list":[
{"name": "Nick"},
{
"name": "Wen",
"accounts": ["1", "2", "3"]
},
{
"name": "Steve",
"accounts": ["4", "5", "666666"]
},
"secret1", "secret2"],
"list1": ["1", "333", "55555"],
"password":"secret"}
Output Json
{"name":"Steve","list":[{"name":"****"},{"name":"***","accounts":["*","*","*"]},{"name":"*****","accounts":["*","*","******"]},"secret1","secret2"],"list1":["*","***","*****"],"password":"******"}
An Example of mask.yml
description: mask configuration for different type of inputs
string:
uri:
# password=[^&]*: password=******
# number=\d{1,16}: number=----------------
# sin=\d{1,9}: sin=masked
regex:
queryParameter:
# accountNo: "(.*)"
requestHeader:
# header1: "(.*)"
# header2: "(.*)"
responseHeader:
# header3: "(.*)"
requestCookies:
# userName: "(.*)"
responseCookies:
# sensitiveData: "(.*)"
json:
requestBody:
# "$.*.email": "(.*)"
# "$.product[*].item[*].name": "(.*)"
responseBody:
# "$.product[*].item[*].name": "(.*)"
# "$.product[*].item[*].name[0]": "(.*)"