This is a Logback Converter that masks any possible credit card numbers in your log messages.
If you use Logback, this is an easy way to ensure that no credit card numbers are exposed through your application logs.
First, add the logback-luhn-mask JAR to you runtime classpath. The latest release is always available from Maven Central. If you are using Maven, just add it to your runtime dependencies:
<dependency>
<groupId>ph.samson.logback</groupId>
<artifactId>logback-luhn-mask</artifactId>
<version>1.0</version>
<scope>runtime</scope>
</dependency>
Next, in your Logback configuration, define a new conversionRule to use the
LuhnMaskingConverter. In you appender's pattern configuration, use this new
conversionRule where you would usually use %msg
. For example, if your
existing Logback configuration went like.:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date [%thread] - %msg%n</pattern>
</encoder>
</appender>
<root level="DEBUG">
<appender-ref ref="STDOUT" />
</root>
</configuration>
You would modify it to:
<configuration>
<conversionRule conversionWord="maskedMsg"
converterClass="ph.samson.logback.luhn.LuhnMaskingConverter" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date [%thread] - %maskedMsg%n</pattern>
</encoder>
</appender>
<root level="DEBUG">
<appender-ref ref="STDOUT" />
</root>
</configuration>
The LuhnMaskingConverter takes the formatted message
of the event being logged and scans for consecutive numeric characters that
are long enough to form a credit card number. The space (
) and dash (-
)
characters are considered as separators. When such a substring is found, the
Luhn algorithm is used to check
if it forms a possible credit card number. When a possible credit card number
is found, all its digits except for the last four are replaced with the word
MASKED
centered in asterisk (*
) characters. So 5137 0049 8639 6403
becomes ****MASKED*****6403
.
Any and all contributions are appreciated.
This project uses maven Maven and can be built the usual Maven way.
Caliper is used for microbenchmarks. You can run
mvn -Pbenchmark
to execute them. Here's a sample run from my box.