[
https://issues.apache.org/jira/browse/LANG-1400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16521296#comment-16521296
]
ASF GitHub Bot commented on LANG-1400:
--------------------------------------
GitHub user stokito opened a pull request:
https://github.com/apache/commons-lang/pull/335
LANG-1400: Add StringUtils.mask() function
My alternative implementation for #332
See https://issues.apache.org/jira/browse/LANG-1400 for details
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/stokito/commons-lang LANG-1400
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/commons-lang/pull/335.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #335
----
commit 001b769fab526f2034c155dab422dfe10bf48cff
Author: Sergey Ponomarev <stokito@...>
Date: 2018-06-23T22:47:33Z
LANG-1400: Add StringUtils.mask() function
----
> StringUtils: Add method for masking strings
> -------------------------------------------
>
> Key: LANG-1400
> URL: https://issues.apache.org/jira/browse/LANG-1400
> Project: Commons Lang
> Issue Type: Improvement
> Components: lang.*
> Reporter: Sergey Ponomarev
> Priority: Minor
>
> It would be great to have a function which allows to mask the original str by
> replacing it's
> characters with the specified character-mask. For eaxmple to mask credit card:
> {code}
> mask("3566002020360505", 4, 4, '*') = "3566********0505"
> {code}
> Thus the number was hidden by asterisks while first and last four digits are
> unmasked and seen.
> Common use case is to hide sensitive information from logs, by using it in
> toString() of classes or in inputs to log calls.
> I think this is "must have" functionality for Commons Lang library because
> from my experience in almost all bit projects what I saw was their home grown
> masking function.
> I think this is very important also because this is required for masking
> credit card numbers by PCI compliance. Also new GDPR rules requires to hide
> personal info as much as possible so masking of First and Last names now is
> required by laws.
> To make the world safer place the utility for masking should be already
> existing in platform to avoid situations when developer think "this is
> better to mask but I don't have enough time now so let's do this latter"
> until leak happens.
> IMHO this should be implemented even in `String` class itself.
> From my experience what I saw was usually few masking usages and styles:
> 1. masking of passwords and names: only first and last symbols are shown,
> mask char is `*`
> 2. masking of credit cards: only first and last 4 or 6 symbols are shown,
> mask char is `*`.
> 3. credit card number shortest masking of last symbols i.e.
> `mask("4242424242424242") == " *4242"` but it's not so often used, I just
> wanted to mention.
> 4. not masking but showing a length just so see that value was passed. This
> can be easily achieved by usual `String.legth()` method.
> There is already some pull request
> [https://github.com/apache/commons-lang/pull/332] but I decided to create the
> ticket because we also need to support masking for @ToString annotation and I
> would like to propose my own implementation of mask() function.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
