Neel1210 commented on issue #4015: URL: https://github.com/apache/logging-log4j2/issues/4015#issuecomment-3706074231
@ppkarwasz @vy Attached is a reference implementation for a masking plugin designed to be loosely coupled with specific regex logic. By moving the pattern definitions into the Log4j2 configuration file, the plugin remains generic, highly reusable, and avoids the "maintenance tail" associated with hard-coded patterns. You can find the full implementation and demo here: [[Link to Repo](https://github.com/Neel1210/logging-activity)] The goal was to create a "plug-and-play" solution that _we can suggest to other developers facing similar masking challenges_ until a native multi-regex feature is finalized. This approach allows users to define or update sensitive data patterns (emails, tokens, etc.) directly in the XML/YAML config without needing to recompile or redeploy custom plugin binaries for every new requirement. **Key Features:** Loosely Coupled: The masking engine is independent of the data patterns it processes. Fully Configurable: All regex patterns are injected via the configuration file, allowing for real-time updates to security policies. **Implementation Details:** ``` @Plugin( name = "LogWrapper", category = "Core", printObject = true ) public class LogWrapper implements RewritePolicy { private final RegexReplacement[] replace; private LogWrapper(final RegexReplacement[] replace) { this.replace = replace; } @PluginFactory public static LogWrapper createPlugin(@PluginElement("Replace") final RegexReplacement[] replace) { return new LogWrapper(replace); } @Override public LogEvent rewrite(LogEvent event) { String message = event.getMessage().getFormattedMessage(); for (RegexReplacement r : replace) { message = r.format(message); } MutableLogEvent newEvent = new MutableLogEvent(); newEvent.initFrom(event); newEvent.setMessage(new SimpleMessage(message)); return newEvent; } } ``` **Configuration File ( xml ) :** ``` <Appenders> <Console name="Console" target="SYSTEM_OUT"> <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} [%t] %-5level %c{1} - %msg%n"/> </Console> <Rewrite name="rewrite"> <LogWrapper> <replace regex="([A-Za-z0-9._%+-])([A-Za-z0-9._%+-]*)(@[A-Za-z0-9.-]+\.[A-Za-z]{2,})" replacement="[EMAIL]"/> <replace regex="\+?1?\s*\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}" replacement="[PHONE]"/> <replace> <!-- Uses a CDATA Section --> <regex><![CDATA[[A-Za-z0-9_%+-]{20,}\.[A-Za-z0-9_%+-]{20,}\.[A-Za-z0-9_%+-]+\b]]></regex> <replacement>[TOKEN]</replacement> </replace> </LogWrapper> <Appender-Ref ref="Console"/> </Rewrite> </Appenders> ``` **Configuration File ( yml ) :** ``` appenders: console: - name: Console target: SYSTEM_OUT PatternLayout: pattern: "%d{yyyy-MM-dd HH:mm:ss} [%t] %-5level %c{1} - %msg%n" rewrite: - name: rewrite LogWrapper: replace: - regex: "([A-Za-z0-9._%+-])([A-Za-z0-9._%+-]*)(@[A-Za-z0-9.-]+\\.[A-Za-z]{2,})" replacement: "[EMAIL MASKED]" - regex: "\\+?1?\\s*\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}" replacement: "[PHONE]" - regex: "[A-Za-z0-9_%+-]{20,}\\.[A-Za-z0-9_%+-]{20,}\\.[A-Za-z0-9_%+-]+\\b" replacement: "[TOKEN]" AppenderRef: - ref: Console ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
