coheigea commented on a change in pull request #681:
URL: https://github.com/apache/cxf/pull/681#discussion_r453494145
##########
File path:
rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/DefaultLogEventMapper.java
##########
@@ -95,6 +97,17 @@ public LogEvent map(Message message) {
return event;
}
+ private Map<String, String> maskHeaders(
+ final Map<String, String> headerMap,
+ final Map<String, Boolean> sensitiveHeaderMap) {
+ final Map<String, String> maskedHeaderMap = new HashMap<>();
+ headerMap.keySet().forEach(key -> {
+ maskedHeaderMap.put(key, sensitiveHeaderMap.containsKey(key)
+ ? MASKED_HEADER_VALUE : headerMap.get(key));
+ });
Review comment:
It's probably more performant to use an entrySet here instead:
headerMap.entrySet().forEach(entry -> {
maskedHeaderMap.put(entry.getKey(),
sensitiveHeaderMap.containsKey(entry.getKey())
? MASKED_HEADER_VALUE : entry.getValue());
});
##########
File path:
rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
##########
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ext.logging;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+import org.apache.cxf.message.Message;
+
+public class MaskSensitiveHelper {
+ private static final String ELEMENT_NAME_TEMPLATE = "-ELEMENT_NAME-";
+ private static final String MATCH_PATTERN_XML =
"<-ELEMENT_NAME->(.*?)</-ELEMENT_NAME->";
+ private static final String MATCH_PATTERN_JSON = "\"-ELEMENT_NAME-\"[
\\t]*:[ \\t]*\"(.*?)\"";
+ private static final String REPLACEMENT_PATTERN_XML =
"<-ELEMENT_NAME->XXX</-ELEMENT_NAME->";
+ private static final String REPLACEMENT_PATTERN_JSON =
"\"-ELEMENT_NAME-\": \"XXX\"";
+
+ private static final String XML_CONTENT = "xml";
+ private static final String HTML_CONTENT = "html";
+ private static final String JSON_CONTENT = "json";
+
+ final List<String> sensitiveElementNames = new ArrayList<>();
+
+ public void addSensitiveElementNames(final List<String>
inSensitiveElementNames) {
+ this.sensitiveElementNames.addAll(inSensitiveElementNames);
+ }
+
+ public String maskSensitiveElements(
+ final Message message,
+ final String originalLogString) {
+ if (sensitiveElementNames.isEmpty() || message == null) {
+ return originalLogString;
+ }
+ final String contentType = (String) message.get(Message.CONTENT_TYPE);
+ if (contentType.toLowerCase().contains(XML_CONTENT)
+ || contentType.toLowerCase().contains(HTML_CONTENT)) {
+ return applyMasks(originalLogString, MATCH_PATTERN_XML,
REPLACEMENT_PATTERN_XML);
+ } else if (contentType.toLowerCase().contains(JSON_CONTENT)) {
+ return applyMasks(originalLogString, MATCH_PATTERN_JSON,
REPLACEMENT_PATTERN_JSON);
+ }
+ return originalLogString;
+ }
+
+ private String applyMasks(String originalLogString, String
matchElementPattern, String replacementElementPattern) {
+ return Optional.ofNullable(originalLogString)
+ .map(s -> applyExpression(s, matchElementPattern,
replacementElementPattern, sensitiveElementNames))
+ .orElse(originalLogString);
+ }
+
+ private String applyExpression(
+ final String originalLogString,
+ final String matchPatternTemplate,
+ final String replacementTemplate,
+ final List<String> sensitiveNames) {
+ String resultString = originalLogString;
+ for (final String sensitiveName : sensitiveNames) {
+ final String matchPattern =
matchPatternTemplate.replaceAll(ELEMENT_NAME_TEMPLATE, sensitiveName);
+ final String replacement =
replacementTemplate.replaceAll(ELEMENT_NAME_TEMPLATE, sensitiveName);
Review comment:
Could we move this template replacement into the constructor? Maybe
create a map of matchPattern -> replacement and iterate over this instead of
sensitiveNames?
##########
File path:
rt/features/logging/src/main/java/org/apache/cxf/ext/logging/AbstractLoggingInterceptor.java
##########
@@ -73,6 +82,15 @@ public long getInMemThreshold() {
return threshold;
}
+ public void addSensitiveElementNames(final List<String>
sensitiveElementNames) {
+ maskSensitiveHelper.addSensitiveElementNames(sensitiveElementNames);
+ }
+
+ public void addSensitiveProtocolHeaderNames(final List<String>
sensitiveProtocolHeaderNames) {
+ sensitiveProtocolHeaderMap = sensitiveProtocolHeaderNames.stream()
+ .collect(Collectors.toMap(Function.identity(), name ->
Boolean.TRUE));
+ }
Review comment:
Do we need to use a map here, as the boolean value isn't actually used
anywhere that I can see?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
