MaskingRewritePolicy.java example

Explorer

owasp-security-logging-master
- owasp-security-logging-common
  - src
    - main
      - java
        org
        owasp
        security
        logging
        MultiMarker.java
        SecurityMarkers.java
        Utils.java
        mdc
        IPlugin.java
        MDCFilter.java
        plugins
        ForwardedIPAddressPlugin.java
        IPAddressPlugin.java
        SessionPlugin.java
        UsernamePlugin.java
        util
        ByteIntervalProperty.java
        DefaultIntervalLoggerController.java
        DefaultIntervalLoggerModel.java
        DefaultIntervalLoggerView.java
        DefaultIntervalProperty.java
        IntervalLoggerController.java
        IntervalLoggerControllerWrapper.java
        IntervalLoggerModel.java
        IntervalLoggerView.java
        IntervalProperty.java
        OutputStreamRedirector.java
        SecurityLoggingFactory.java
        SecurityUtil.java
- owasp-security-logging-log4j
  - src
    - main
      - java
        org
        owasp
        security
        logging
        log4j
        filter
        ExcludeClassifiedMarkerFilter.java
        SecurityMarkerFilter.java
        mask
        MaskingRewritePolicy.java
    - test
      - java
        org
        owasp
        security
        logging
        log4j
        ExcludeClassifiedMarkerFilterTest.java
        PureLog4jTest.java
        SecurityMarkerFilterTest.java
        mask
        CRLFConverterTest.java
        MaskingRewritePolicyTest.java
- owasp-security-logging-logback
  - src
    - main
      - java
        org
        owasp
        security
        logging
        filter
        ExcludeClassifiedMarkerFilter.java
        MarkerFilter.java
        SecurityMarkerFilter.java
        layout
        SecurityLoggingLayout.java
        cef
        CEFLoggingLayout.java
        Prefix.java
        SyslogHeader.java
        rich
        RichContext.java
        RichMDCFilter.java
        RichSecurityLoggingLayout.java
        mask
        CRLFConverter.java
        DefinedRegexMaskingConverter.java
        MaskingConverter.java
    - test
      - java
        org
        owasp
        security
        logging
        SecurityMarkersTest.java
        SecurityTest.java
        filter
        ExcludeClassifiedMarkerFilterTest.java
        MarkerFilterTest.java
        SecurityMarkerFilterTest.java
        layout
        cef
        CEFLoggingLayoutTest.java
        rich
        RichContextTest.java
        mask
        CRLFConverterTest.java
        DefinedRegexMaskingConverterTest.java
        MaskingConverterTest.java
        util
        ExtendedIntervalLoggingTest.java
        SecurityUtilLoggingTest.java
        SimpleIntervalLoggingTest.java
        StreamRedirectionTest.java
        StreamRedirectionWithCustomLoggersTest.java

/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.owasp.security.logging.log4j.mask;

import org.apache.logging.log4j.Marker;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.appender.rewrite.RewritePolicy;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.impl.Log4jLogEvent;
import org.apache.logging.log4j.message.Message;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.slf4j.Log4jMarker;
import org.owasp.security.logging.SecurityMarkers;

/**
 *
 * @author adetlefsen
 */
@Plugin(name = "MaskingRewritePolicy", category = "Core", elementType = "rewritePolicy", printObject = true)
public class MaskingRewritePolicy implements RewritePolicy {

	private static final Object MASKED_PASSWORD = "********";

	/**
	 * Rewrite the event.
	 * 
	 * @param source
	 *            a logging event that may be returned or used to create a new
	 *            logging event.
	 * @return The LogEvent after rewriting.
	 */
	public LogEvent rewrite(LogEvent source) {
		// get the markers for the log event. If no markers, nothing can be
		// tagged confidential and we can return
		Marker sourceMarker = source.getMarker();
		if (sourceMarker == null)
			return source;

		// get the message. If no message we can return
		final Message msg = source.getMessage();
		if (msg == null || !(msg instanceof ParameterizedMessage))
			return source;

		// get the parameters. If no params we can return
		Object[] params = msg.getParameters();
		if (params == null || params.length == 0)
			return source;

		// check if this event is actually marked as confidential. If not,
		// return
		Log4jMarker eventMarker = new Log4jMarker(sourceMarker);
		if (!eventMarker.contains(SecurityMarkers.CONFIDENTIAL))
			return source;

		// we have a message, parameters, a marker, and it is confidential.
		// Process
		for (int i = 0; i < params.length; i++) {
			params[i] = MASKED_PASSWORD;
		}
		Message outMessage = new ParameterizedMessage(msg.getFormat(), params,
				msg.getThrowable());
		LogEvent output = new Log4jLogEvent(source.getLoggerName(),
				source.getMarker(), source.getLoggerFqcn(), source.getLevel(),
				outMessage, source.getThrown(), source.getContextMap(),
				source.getContextStack(), source.getThreadName(),
				source.getSource(), source.getTimeMillis());

		return output;
	}

}