Light

localvore-today / secure_log_formatter Goto Github PK

View Code? Open in Web Editor NEW

10.0 4.0 3.0 11 KB

Secure log formatting for Elixir

License: MIT License

Elixir 100.00%

elixir logging formatting secure-logging

secure_log_formatter's Introduction

SecureLogFormatter

A secure formatter for Elixir Logger and replacement for Kernel.inspect/1. Using blacklisted keys and patterns SecureLogFormatter will identify and redact sensitive information from logs with ease.

Installation

def deps do
  [{:secure_log_formatter, "~> 1.0"}]
end

Like living on the edge? Want the latest and greatest?

def deps do
  [{:secure_log_formatter,
  	github: "localvore-today/secure_log_formatter"}]
end

Usage

config :logger,
  secure_log_formatter:
    [
      # Map and Keyword List keys who's value should be hidden
      fields: ["password", "credit_card", ~r/.*_token/],

      # Patterns which if found, should be hidden
      patterns: [~r/4[0-9]{15}/], # Simple credit card example

      # defaults to "[REDACTED]"
      replacement: "[PRIVATE]"
    ]

Log formatting

Using SecureLogFormatter is easy, we only need to pass a tuple to the :format option for our logging backend(s):

config :logger,
  console: [format: {SecureLogFormatter, :format}]

If we give it awhirl:

iex> Logger.info("Customer Credit Card: 4111111111111111")
15:39:40.169 [info]  Customer Credit Card: [PRIVATE]

Replacing `inspect/1`

To leverage SecureLogFormatter.inspect/1 in place of Kernel.inspect/1 we can add two lines to the top of our files:

import Kernel, except: [inspect: 1]
import SecureLogFormatter, only: [inspect: 1]

With this change calls to inspect/1 will be handled by SecureLogFormatter:

iex> inspect(%{access_token: "secret_token", password: "abc123", username: "doomspork"})
"%{access_token: \"[PRIVATE]\", password: \"[PRIVATE]\", username: \"doomspork\"}"

License

SecureLogFormatter source code is released under MIT.

See LICENSE for more information.

secure_log_formatter's People

Contributors

Stargazers

Watchers

Forkers

stephenmoloney danturn rodrigo-dap

secure_log_formatter's Issues

recompilation gottcha

Issue:

When you change the config for a pattern, field or replacement for the secure_log_formatter configuration, the dependency will have to be recompiled in order for the change to take effect. This is because the configuration is compiled as module attributes at compile time in SecureLogFormatter.

Proposed Solutions:

Recompilation
mix do deps.compile secure_log_formatter --force
?? Add to discussion below other solutions

handle_sasl_reports: true causes errors

Hi

i noticed today that if you have handle_sasl_reports set to true you get some errors.

It seems to be do to with structures like this: [1,2 | 3] which although is a list, cannot be enumerated over!

SecureLogFormatter.sanitize([1,2|3])

** (FunctionClauseError) no function clause matching in Enum."-map/2-lists^map/1-0-"/2
stacktrace:
(elixir) lib/enum.ex:1229: Enum."-map/2-lists^map/1-0-"(#Function<2.12591307/1 in SecureLogFormatter.sanitize/1>, 3)
(elixir) lib/enum.ex:1229: Enum."-map/2-lists^map/1-0-"/2
(elixir) lib/enum.ex:1229: Enum."-map/2-lists^map/1-0-"/2
test/secure_log_formatter_test.exs:22: (test)

[request] make the sanitize function public

Hi there,

I have a potential use case for this library to be optionally incorporate into Og and two possible ways of doing it.

The ideal approach would be where sanitize/1 functions are made public and docless perhaps in your library and then I can invoke them where I please in Og.
The less desirable approach is to apply the inspect function from SecureLogFormatter directly - because i was hoping to sanitize and then apply an option of different formatters.

This might not suit you though & I'll totally understand if it's 👎 .. I can probably work with option 2. if needs be.

Let me know what you think.

text in charlists is not replace

The erlang error logger gives us the text as a charlist so my regex is not correctly applied to it
in this example the elixir Logger correctly redacts the password but the error loggers output is not redacted

iex(1)> require Logger; Logger.error "password: "secret""
14:09:55.353 [error] password: [REDACTED]
iex(2)> :error_logger.error_msg "password: "secret""
14:10:13.134 [error] password: "secret"

i've fixed this as part of PR #11

dan

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs