-
Notifications
You must be signed in to change notification settings - Fork 0
LoggingUtils
Dokkaltek edited this page Apr 10, 2025
·
1 revision
You can use the encodeForLog method to prevent log forgery attacks on your logging.
log.info(LoggingUtils.encodeForLog("Some log"));
log.info(LoggingUtils.encodeForLog(new SamplePojo()));
// This would output "\nINFO: forged log" in the log, instead of adding a new line.
log.info(LoggingUtils.encodeForLog("\nINFO: forged log"));You can mask field values on logs in different ways.
// This would output "username: guybrush, password: *****"
log.info(LoggingUtils.maskField("username: guybrush, password: secret-password", "password"));
// This would output "username=guybrush, password=*****"
log.info(LoggingUtils.maskField("username=guybrush, password=secret-password", "password"));This masks only a subset of the field
// This would output "username: guybrush, password: ******-password"
log.info(LoggingUtils.maskFieldRange("username: guybrush, password: secret-password", "password", 0, 7));This masks up to a character in the field value, like '@', which can be useful for emails.
// This would output "email: ********@threepwood.com"
log.info(LoggingUtils.maskFieldUntilChar("email: [email protected]", '@', "email"));
// This would output "tags=****#tag, password = test"
log.info(LoggingUtils.maskFieldUntilChar("tags=some#tag, password = test", '#', "tags"));This masks up to a character, and then a range after the character.
// This would output "email: ********@******wood.com"
log.info(LoggingUtils.maskFieldUntilCharWithRange("email: [email protected]", '@', 0, 6, "email"));