I am trying to replace multiple values in logback logger which logs Cassandra CQL statements and used example from this post: Mask sensitive data in logs with logback
where invocation of %replace function is used:
%replace( %replace(%msg){'regex1', 'replacement1'} ){'regex2', 'replacement2'}
In my case I want to replace 3 fields - name, last name and password. Statement used is:
%replace(%replace(%replace(%msg){"first_name='.*'", "first_name='xxxxx'"}){"last_name='.*'", "last_name='yyyyyy'"}){"password='.*'", "password='zzzzzz'"}%n
It seemed to work ok, but I noticed that if order of fields is different, values are removed sometimes. For example,
1) when statement is in this order it is ok:
Executed:
UPDATE usertest.users SET password='secret_pw', last_name='Smith', first_name='John' where user_id = 1745;
Logged:
UPDATE usertest.users SET password=zzzzzz, last_name=yyyyyy, first_name=xxxxx where user_id = 1745;
2) In this case last name is removed
Executed:
UPDATE usertest.users SET password='secret_pw', first_name='John', last_name='Smith' where user_id = 1745;
Logged:
UPDATE usertest.users SET password=zzzzzz, first_name=xxxxx where user_id = 1745;
3) In this case password is removed
Executed:
UPDATE usertest.users SET last_name='Smith', password='secret_pw', first_name='John' where user_id = 1745;
Logged:
UPDATE usertest.users SET last_name=yyyyyy, first_name=xxxxx where user_id = 1745;
Could someone advice why it could happen and how it could be fixed or is there any other way to solve?
This is an issue with the regex pattern picking up more than you intend it to, so the replaces are overwriting each other.
I reproduced the issue you saw, and then changed the regex to include just alphanumerics (\w instead of .) so the pattern looks like this:
%replace( %replace( %replace(%msg){"first_name='\w*'", "first_name='xxxxx'"} ){"last_name='\w*'", "last_name='yyyyyy'"} ){"password='\w*'", "password='zzzzzz'"}%n
Here are some tests:
UPDATE usertest.users SET password='secret_pw', last_name='Smith', first_name='John' where user_id = 1745;
UPDATE usertest.users SET last_name='Smith', first_name='John', password='secret_pw' where user_id = 1745;
UPDATE usertest.users SET first_name='John', password='secret_pw', last_name='Smith' where user_id = 1745;
UPDATE usertest.users SET first_name='John', last_name='Smith', password='secret_pw' where user_id = 1745;
And the logging results:
Received: QUERY UPDATE usertest.users SET password='zzzzzz', last_name='yyyyyy', first_name='xxxxx' where user_id = 1745;[pageSize = 100], v=4/v4
Received: QUERY UPDATE usertest.users SET last_name='yyyyyy', first_name='xxxxx', password='zzzzzz' where user_id = 1745;[pageSize = 100], v=4/v4
Received: QUERY UPDATE usertest.users SET first_name='xxxxx', password='zzzzzz', last_name='yyyyyy' where user_id = 1745;[pageSize = 100], v=4/v4
Received: QUERY UPDATE usertest.users SET first_name='xxxxx', last_name='yyyyyy', password='zzzzzz' where user_id = 1745;[pageSize = 100], v=4/v4