0

I am using the library scalikejdbc for my Application. And when i read the logs, that scalikejdbc generates itself, it gives me something like that:

06:02:16.891 [main] DEBUG scalikejdbc.ConnectionPool$ - Registered connection pool : ConnectionPool(url:jdbc:sqlserver://foo.bar:8080;databaseName=foobar;user=user;password=**PASSWORD**;...

So scalike itself throws my database user's password into the logs, which is inappropriate.

I was thinking about filtering those logs at all with something like https://logback.qos.ch/manual/filters.html , but I do need the odd information from those logs from scalike, so I cannot filter them fully.

What do I have now:

06:02:16.891 [main] DEBUG scalikejdbc.ConnectionPool$ - Registered connection pool : ConnectionPool(url:jdbc:sqlserver://foo.bar:8080;databaseName=foobar;user=user;password=somepassword;

What am I try to get:

06:02:16.891 [main] DEBUG scalikejdbc.ConnectionPool$ - Registered connection pool : ConnectionPool(url:jdbc:sqlserver://foo.bar:8080;databaseName=foobar;user=user;password=CENSORED;
Keith Thompson
  • 254,901
  • 44
  • 429
  • 631
danya tekunov
  • 113
  • 1
  • 7

1 Answers1

0

Consider using replace conversion word in logback.xml configuration, for example,

%replace(%msg){"password=.*", "password=CENSORED"}

which given 

logger.debug("password=123456")

should output something like

[debug] application - password=CENSORED

Docs state

replace(p){r, t} Replaces occurrences of 'r', a regex, with its replacement 't' in the string produces by the sub-pattern 'p'. For example, "%replace(%msg){'\s', ''}" will remove all spaces contained in the event message.

Here is an example of my logback.xml:

<configuration>

  <conversionRule conversionWord="coloredLevel" converterClass="play.api.libs.logback.ColoredLevel" />

  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>%coloredLevel %logger{15} - %replace(%msg){"password=.*", "password=CENSORED"}%n %xException{10}</pattern>
    </encoder>
  </appender>

  <logger name="play" level="INFO" />
  <logger name="application" level="DEBUG" />

  <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF" />

  <root level="WARN">
    <appender-ref ref="STDOUT" />
  </root>

</configuration>
Mario Galic
  • 47,285
  • 6
  • 56
  • 98