Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mask value of stacktrace does not work as expected #641

Closed
nilsmagnus opened this issue Sep 10, 2021 · 3 comments
Closed

Mask value of stacktrace does not work as expected #641

nilsmagnus opened this issue Sep 10, 2021 · 3 comments

Comments

@nilsmagnus
Copy link

nilsmagnus commented Sep 10, 2021
edited
Loading

Describe the bug
I expected the valueMask to mask the string in the stacktrace as well as the message. It does not.

To Reproduce

Steps to reproduce the behavior:

  1. Use this logback.xml configuration
<configuration>
  <appender name="json" class="ch.qos.logback.core.ConsoleAppender">
    <encoder class="net.logstash.logback.encoder.LogstashEncoder">
      <jsonGeneratorDecorator class="net.logstash.logback.mask.MaskingJsonGeneratorDecorator">
        <!---  apikey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx1234f)  -->

        <valueMask>
          <value>(.*apikey=)(.{36})(.*)</value>
          <mask>$1***$3</mask>
        </valueMask>
      </jsonGeneratorDecorator>

    </encoder>
  </appender>

  <root level="info">
    <appender-ref ref="json" />
  </root>
</configuration>
  1. Execute this logger statement log.error("message key is apikey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx1234f", new RuntimeException("stacktrace key is apikey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx1234f"));
  2. The output for the stacktrace is not masked, but the message is:
{"@timestamp":"2021-09-10T12:31:27.400+02:00","@version":"1","message":"message key is apikey=***","logger_name":"com.example.Main","thread_name":"main","level":"ERROR","level_value":40000,"stack_trace":"java.lang.RuntimeException: stacktrace key is apikey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx1234f\n\tat com.example.MainKt.main(Main.kt:45)\n\tat com.example.MainKt.main(Main.kt)\n"}

Expected behavior
The output for the stack_trace should not contain the apikey.

Additional context

  • logstash-logback-encoder 6.6
  • logback 1.2.5
  • jackson 2.12.2
  • java 15
@brenuart
Copy link
Collaborator

brenuart commented Sep 10, 2021
edited
Loading

Hi Nils. Thanks for the report.

I think your issue is related to #400, and the comment #400 (comment) in particular.

The good news is I could reproduce your issue following your instructions with 6.6 but not with the current development version (7.0-SNAPSHOT) anymore. In the meantime I'm afraid your only option is to write a custom ValueMasker yourself like this:

public class StackTraceValueMasker implements ValueMasker {
    @Override
    public Object mask(JsonStreamContext context, Object value) {
        if ("stack_trace".equals(context.getCurrentName()) {
            return <masked value>;
        }
        else {
            return value;
        }
    }
}

and register it in your configuration as follows:

<jsonGeneratorDecorator class="net.logstash.logback.mask.MaskingJsonGeneratorDecorator">
    ...
    <valueMasker class="....StackTraceValueMasker"/>
</jsonGeneratorDecorator>

@brenuart brenuart added the status/waiting-for-feedback Waiting for feedback from the original author. Issue will be closed if feedback is not received soon label Sep 10, 2021
@nilsmagnus
Copy link
Author

Ok, that solution is ok for me. Closing this issue and waiting for the 7.0 release 👍

@no-response no-response bot removed the status/waiting-for-feedback Waiting for feedback from the original author. Issue will be closed if feedback is not received soon label Sep 13, 2021
@brenuart
Copy link
Collaborator

@nilsmagnus 7.0 shouldn't be too long now... stay tuned ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nilsmagnus @brenuart