|
41 | 41 | import java.util.List; |
42 | 42 | import java.util.Map; |
43 | 43 | import java.util.Set; |
| 44 | +import java.util.Arrays; |
44 | 45 | import java.util.TimeZone; |
45 | 46 | import java.util.concurrent.ExecutorService; |
46 | 47 | import java.util.concurrent.LinkedBlockingQueue; |
@@ -624,10 +625,29 @@ public String handleRequest(final Map params, final String responseType, final S |
624 | 625 | logger.error("invalid request, no command sent"); |
625 | 626 | if (logger.isTraceEnabled()) { |
626 | 627 | logger.trace("dumping request parameters"); |
627 | | - for (final Object key : params.keySet()) { |
628 | | - final String keyStr = (String)key; |
629 | | - final String[] value = (String[])params.get(key); |
630 | | - logger.trace(" key: " + keyStr + ", value: " + ((value == null) ? "'null'" : value[0])); |
| 628 | + |
| 629 | + // define sensitive fields that need to be masked in the logs |
| 630 | + Set<String> sensitiveFields = new HashSet<>(Arrays.asList( |
| 631 | + "password", "secretkey", "apikey", "token", |
| 632 | + "sessionkey", "accesskey", "signature", |
| 633 | + "authorization", "credential", "secret" |
| 634 | + )); |
| 635 | + |
| 636 | + for (final Object key : params.keySet()) { |
| 637 | + final String keyStr = (String) key; |
| 638 | + final String[] value = (String[]) params.get(key); |
| 639 | + |
| 640 | + boolean isSensitive = sensitiveFields.stream() |
| 641 | + .anyMatch(field -> keyStr.toLowerCase().contains(field)); |
| 642 | + |
| 643 | + String logValue; |
| 644 | + if (isSensitive) { |
| 645 | + logValue = "******"; // mask sensitive values |
| 646 | + } else { |
| 647 | + logValue = (value == null) ? "'null'" : value[0]; |
| 648 | + } |
| 649 | + |
| 650 | + logger.trace(" key: " + keyStr + ", value: " + logValue); |
631 | 651 | } |
632 | 652 | } |
633 | 653 | throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent"); |
|
0 commit comments