Skip to content

Commit 0a6a027

Browse files
author
RSam25
authored
Merge pull request #587 from IABTechLab/srm-UID2-6477-implement-log-masking-optimization
Added early exit without doing regex matches for masking pattern layout
2 parents daee856 + ad9728f commit 0a6a027

2 files changed

Lines changed: 8 additions & 9 deletions

File tree

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55

66
<groupId>com.uid2</groupId>
77
<artifactId>uid2-shared</artifactId>
8-
<version>11.3.3</version>
8+
<version>11.3.4-alpha-333-SNAPSHOT</version>
99
<name>${project.groupId}:${project.artifactId}</name>
1010
<description>Library for all the shared uid2 operations</description>
1111
<url>https://github.com/IABTechLab/uid2docs</url>

src/main/java/com/uid2/shared/logback/MaskingPatternLayout.java

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,12 @@
33
import ch.qos.logback.classic.PatternLayout;
44
import ch.qos.logback.classic.spi.ILoggingEvent;
55

6-
import java.util.Map;
76
import java.util.regex.Pattern;
87

98
public class MaskingPatternLayout extends PatternLayout {
10-
private static final Map<Pattern, String> MASKING_PATTERNS = Map.of(
11-
Pattern.compile("\\S+s3\\.amazonaws\\.com/\\S*X-Amz-Security-Token=\\S+"), "REDACTED - S3"
12-
);
9+
private static final Pattern AWS_PRESIGNED_URL_REGEX_PATTERN = Pattern.compile("\\S+s3\\.amazonaws\\.com/\\S*X-Amz-Security-Token=\\S+");
10+
private static final String AWS_SECURITY_TOKEN_HEADER = "X-Amz-Security-Token=";
11+
private static final String AWS_PRESIGNED_URL_REDACTION_MASK = "REDACTED - S3";
1312

1413
@Override
1514
public String doLayout(ILoggingEvent event) {
@@ -22,11 +21,11 @@ private String mask(String message) {
2221
}
2322

2423
String maskedMessage = message;
25-
for (Map.Entry<Pattern, String> entry : MASKING_PATTERNS.entrySet()) {
26-
Pattern pattern = entry.getKey();
27-
String mask = entry.getValue();
28-
maskedMessage = pattern.matcher(maskedMessage).replaceAll(mask);
24+
// Perform a broad check to potentially skip regex
25+
if (maskedMessage.contains(AWS_SECURITY_TOKEN_HEADER)) {
26+
maskedMessage = AWS_PRESIGNED_URL_REGEX_PATTERN.matcher(maskedMessage).replaceAll(AWS_PRESIGNED_URL_REDACTION_MASK);
2927
}
28+
3029
return maskedMessage;
3130
}
3231
}

0 commit comments

Comments
 (0)