Mask sensitive information from the logs (FF-2514) (#55)

* Mask sensitive information from the logs (FF-2514)

* feat: [add ability to users to provide a ApplicationLogger implementation in their preference library (zap, logrus, etc)] (FF-1940)

* Add generic application logger interface, zap implementation and documentation for adding custom implementation

* add masking to scrubbing logger

* fix readme

* instantiate once

* add test for masking url parameters in a different order

* fixup

* rename package to v5

* update readme

* required param

Author: leoromanovsky

README.md

@@ -22,14 +22,14 @@ In your `go.mod`, add the SDK package as a dependency:
 
 ```
 require (
-    github.com/Eppo-exp/golang-sdk/v4
+    github.com/Eppo-exp/golang-sdk/v5
 )
 ```
 
 Or you can install the SDK from the command line with:
 
 ```
-go get github.com/Eppo-exp/golang-sdk/v4
+go get github.com/Eppo-exp/golang-sdk/v5
 ```
 
 ## Quick start
@@ -40,7 +40,7 @@ Begin by initializing a singleton instance of Eppo's client. Once initialized, t
 
 ```go
 import (
-    "github.com/Eppo-exp/golang-sdk/v4/eppoclient"
+    "github.com/Eppo-exp/golang-sdk/v5/eppoclient"
 )
 
 var eppoClient *eppoclient.EppoClient
@@ -62,7 +62,7 @@ func main() {
 
 ```go
 import (
-    "github.com/Eppo-exp/golang-sdk/v4/eppoclient"
+    "github.com/Eppo-exp/golang-sdk/v5/eppoclient"
 )
 
 var eppoClient *eppoclient.EppoClient
@@ -107,7 +107,7 @@ The code below illustrates an example implementation of a logging callback using
 
 ```go
 import (
-  "github.com/Eppo-exp/golang-sdk/v4/eppoclient"
+  "github.com/Eppo-exp/golang-sdk/v5/eppoclient"
   "gopkg.in/segmentio/analytics-go.v3"
 )
 
@@ -133,6 +133,68 @@ func main() {
 }
 ```
 
+## Provide a custom logger
+
+If you want to provide a logging implementation to the SDK to capture errors and other application logs, you can do so by passing in an implementation of the `ApplicationLogger` interface to the `InitClient` function.
+
+You can use the `eppoclient.ScrubbingLogger` to scrub PII from the logs.
+
+```go
+import (
+    "github.com/Eppo-exp/golang-sdk/v5/eppoclient"
+    "github.com/sirupsen/logrus"
+)
+
+type LogrusApplicationLogger struct {
+    logger *logrus.Logger
+    logLevel logrus.Level
+}
+
+func NewLogrusApplicationLogger(logLevel logrus.Level) *LogrusApplicationLogger {
+    logger := logrus.New()
+    logger.SetFormatter(&logrus.JSONFormatter{})
+    return &LogrusApplicationLogger{logger: logger, logLevel: logLevel}
+}
+
+func (l *LogrusApplicationLogger) Debug(args ...interface{}) {
+    if l.logLevel <= logrus.DebugLevel {
+        l.logger.Debug(args...)
+    }
+}
+
+func (l *LogrusApplicationLogger) Info(args ...interface{}) {
+    if l.logLevel <= logrus.InfoLevel {
+        l.logger.Info(args...)
+    }
+}
+
+func (l *LogrusApplicationLogger) Warn(args ...interface{}) {
+    if l.logLevel <= logrus.WarnLevel {
+        l.logger.Warn(args...)
+    }
+}
+
+func (l *LogrusApplicationLogger) Error(args ...interface{}) {
+    if l.logLevel <= logrus.ErrorLevel {
+        l.logger.Error(args...)
+    }
+}
+
+func main() {
+  // Initialize a custom logger; example using logrus
+  // Set log level to Info
+  applicationLogger := NewLogrusApplicationLogger(logrus.InfoLevel)
+  scrubbingLogger := eppoclient.NewScrubbingLogger(applicationLogger)
+
+  // Initialize the Eppo client
+  eppoClient, _ = eppoclient.InitClient(eppoclient.Config{
+      SdkKey:            "<your_sdk_key>",
+      AssignmentLogger:  assignmentLogger,
+      ApplicationLogger: scrubbingLogger
+  })
+}
+```
+
 ### De-duplication of assignments
 
 The SDK may see many duplicate assignments in a short period of time, and if you
@@ -145,15 +207,15 @@ It can be configured with a maximum size to fit your desired memory allocation.
 
 ```go
 import (
-  "github.com/Eppo-exp/golang-sdk/v4/eppoclient"
+  "github.com/Eppo-exp/golang-sdk/v5/eppoclient"
 )
 
 var eppoClient *eppoclient.EppoClient
 
 func main() {
   assignmentLogger := NewExampleAssignmentLogger()
 
-  eppoClient = eppoclient.InitClient(eppoclient.Config{
+  eppoClient, _ = eppoclient.InitClient(eppoclient.Config{
     ApiKey:           "<your_sdk_key>",
     // 10000 is the maximum number of assignments to cache
     // Depending on the length of your flag and subject keys, taking a median

eppoclient/applicationlogger/interface.go

@@ -0,0 +1,8 @@
+package applicationlogger
+
+type Logger interface {
+	Debug(args ...interface{})
+	Info(args ...interface{})
+	Warn(args ...interface{})
+	Error(args ...interface{})
+}

eppoclient/applicationlogger/scrubbing_logger.go

@@ -0,0 +1,53 @@
+package applicationlogger
+
+import (
+	"regexp"
+)
+
+type ScrubbingLogger struct {
+	innerLogger Logger
+}
+
+func NewScrubbingLogger(innerLogger Logger) *ScrubbingLogger {
+	return &ScrubbingLogger{innerLogger: innerLogger}
+}
+
+func (s *ScrubbingLogger) scrub(args ...interface{}) []interface{} {
+	scrubbedArgs := make([]interface{}, len(args))
+	for i, arg := range args {
+		strArg, ok := arg.(string)
+		if ok {
+			strArg = maskSensitiveInfo(strArg)
+			scrubbedArgs[i] = strArg
+		} else {
+			scrubbedArgs[i] = arg
+		}
+	}
+	return scrubbedArgs
+}
+
+// maskSensitiveInfo replaces sensitive information (like apiKey or sdkKey)
+// in the error message with 'XXXXXX' to prevent exposure of these keys in
+// logs or error messages.
+func maskSensitiveInfo(errMsg string) string {
+	// Scrub apiKey and sdkKey from error messages containing URLs
+	// Matches any string that starts with apiKey or sdkKey followed by any characters until the next & or the end of the string
+	re := regexp.MustCompile(`(apiKey|sdkKey)=[^&]*`)
+	return re.ReplaceAllString(errMsg, "$1=XXXXXX")
+}
+
+func (s *ScrubbingLogger) Debug(args ...interface{}) {
+	s.innerLogger.Debug(s.scrub(args...)...)
+}
+
+func (s *ScrubbingLogger) Info(args ...interface{}) {
+	s.innerLogger.Info(s.scrub(args...)...)
+}
+
+func (s *ScrubbingLogger) Warn(args ...interface{}) {
+	s.innerLogger.Warn(s.scrub(args...)...)
+}
+
+func (s *ScrubbingLogger) Error(args ...interface{}) {
+	s.innerLogger.Error(s.scrub(args...)...)
+}

eppoclient/applicationlogger/scrubbing_logger_test.go

@@ -0,0 +1,48 @@
+package applicationlogger
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_maskSensitiveInfo(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "mask apiKey",
+			input:    "https://example.com?apiKey=123456&anotherParam=foo",
+			expected: "https://example.com?apiKey=XXXXXX&anotherParam=foo",
+		},
+		{
+			name:     "mask sdkKey",
+			input:    "https://example.com?sdkKey=abcdef&anotherParam=foo",
+			expected: "https://example.com?sdkKey=XXXXXX&anotherParam=foo",
+		},
+		{
+			name:     "no sensitive info",
+			input:    "https://example.com?param=value&anotherParam=foo",
+			expected: "https://example.com?param=value&anotherParam=foo",
+		},
+		{
+			name:     "mask apiKey and sdkKey",
+			input:    "https://example.com?apiKey=123456&sdkKey=abcdef&anotherParam=foo",
+			expected: "https://example.com?apiKey=XXXXXX&sdkKey=XXXXXX&anotherParam=foo",
+		},
+		{
+			name:     "mask apiKey and sdkKey out of order",
+			input:    "https://example.com?anotherParam=foo&apiKey=123456&sdkKey=abcdef",
+			expected: "https://example.com?anotherParam=foo&apiKey=XXXXXX&sdkKey=XXXXXX",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := maskSensitiveInfo(tt.input)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}

eppoclient/applicationlogger/zap_logger.go

@@ -0,0 +1,32 @@
+package applicationlogger
+
+import (
+	"go.uber.org/zap"
+)
+
+/**
+ * The default logger for the SDK.
+ */
+type ZapLogger struct {
+	logger *zap.Logger
+}
+
+func NewZapLogger(logger *zap.Logger) *ZapLogger {
+	return &ZapLogger{logger: logger}
+}
+
+func (z *ZapLogger) Debug(args ...interface{}) {
+	z.logger.Sugar().Debug(args...)
+}
+
+func (z *ZapLogger) Info(args ...interface{}) {
+	z.logger.Sugar().Info(args...)
+}
+
+func (z *ZapLogger) Warn(args ...interface{}) {
+	z.logger.Sugar().Warn(args...)
+}
+
+func (z *ZapLogger) Error(args ...interface{}) {
+	z.logger.Sugar().Error(args...)
+}

eppoclient/bandits_test.go

@@ -61,7 +61,7 @@ func Test_bandits_sdkTestData(t *testing.T) {
 	logger := new(mockLogger)
 	logger.Mock.On("LogAssignment", mock.Anything).Return()
 	logger.Mock.On("LogBanditAction", mock.Anything).Return()
-	client := newEppoClient(configStore, nil, nil, logger)
+	client := newEppoClient(configStore, nil, nil, logger, applicationLogger)
 
 	tests := readJsonDirectory[banditTest]("test-data/ufc/bandit-tests/")
 	for file, test := range tests {

eppoclient/client.go

@@ -3,6 +3,8 @@ package eppoclient
 import (
 	"fmt"
 	"time"
+
+	"github.com/Eppo-exp/golang-sdk/v5/eppoclient/applicationlogger"
 )
 
 type Attributes map[string]interface{}
@@ -14,14 +16,22 @@ type EppoClient struct {
 	configRequestor    *configurationRequestor
 	poller             *poller
 	logger             IAssignmentLogger
+	applicationLogger  applicationlogger.Logger
 }
 
-func newEppoClient(configurationStore *configurationStore, configRequestor *configurationRequestor, poller *poller, assignmentLogger IAssignmentLogger) *EppoClient {
+func newEppoClient(
+	configurationStore *configurationStore,
+	configRequestor *configurationRequestor,
+	poller *poller,
+	assignmentLogger IAssignmentLogger,
+	applicationLogger applicationlogger.Logger,
+) *EppoClient {
 	return &EppoClient{
 		configurationStore: configurationStore,
 		configRequestor:    configRequestor,
 		poller:             poller,
 		logger:             assignmentLogger,
+		applicationLogger:  applicationLogger,
 	}
 }
 
@@ -32,6 +42,7 @@ func (ec *EppoClient) GetBoolAssignment(flagKey string, subjectKey string, subje
 	}
 	result, ok := variation.(bool)
 	if !ok {
+		ec.applicationLogger.Error("failed to cast %v to bool", variation)
 		return defaultValue, fmt.Errorf("failed to cast %v to bool", variation)
 	}
 	return result, err
@@ -44,6 +55,7 @@ func (ec *EppoClient) GetNumericAssignment(flagKey string, subjectKey string, su
 	}
 	result, ok := variation.(float64)
 	if !ok {
+		ec.applicationLogger.Error("failed to cast %v to float64", variation)
 		return defaultValue, fmt.Errorf("failed to cast %v to float64", variation)
 	}
 	return result, err
@@ -56,6 +68,7 @@ func (ec *EppoClient) GetIntegerAssignment(flagKey string, subjectKey string, su
 	}
 	result, ok := variation.(int64)
 	if !ok {
+		ec.applicationLogger.Error("failed to cast %v to int64", variation)
 		return defaultValue, fmt.Errorf("failed to cast %v to int64", variation)
 	}
 	return result, err
@@ -68,6 +81,7 @@ func (ec *EppoClient) GetStringAssignment(flagKey string, subjectKey string, sub
 	}
 	result, ok := variation.(string)
 	if !ok {
+		ec.applicationLogger.Error("failed to cast %v to string", variation)
 		return defaultValue, fmt.Errorf("failed to cast %v to string", variation)
 	}
 	return result, err
@@ -183,16 +197,19 @@ func (ec *EppoClient) getAssignment(config configuration, flagKey string, subjec
 
 	flag, err := config.getFlagConfiguration(flagKey)
 	if err != nil {
+		ec.applicationLogger.Info("failed to get flag configuration: %v", err)
 		return nil, err
 	}
 
 	err = flag.verifyType(variationType)
 	if err != nil {
+		ec.applicationLogger.Info("failed to verify flag type: %v", err)
 		return nil, err
 	}
 
-	assignmentValue, assignmentEvent, err := flag.eval(subjectKey, subjectAttributes)
+	assignmentValue, assignmentEvent, err := flag.eval(subjectKey, subjectAttributes, ec.applicationLogger)
 	if err != nil {
+		ec.applicationLogger.Info("failed to evaluate flag: %v", err)
 		return nil, err
 	}
 
@@ -202,7 +219,7 @@ func (ec *EppoClient) getAssignment(config configuration, flagKey string, subjec
 			defer func() {
 				r := recover()
 				if r != nil {
-					fmt.Println("panic occurred:", r)
+					ec.applicationLogger.Error("panic occurred: %v", r)
 				}
 			}()