Log sanitizer for masking sensitive data. More...

#include <log_sanitizer.h>

Collaboration diagram for kcenon::logger::security::log_sanitizer:

Public Member Functions
log_sanitizer &	add_pattern (sensitive_data_type type)
	Add a built-in pattern for sensitive data detection.

log_sanitizer &	add_custom_pattern (std::string_view name, std::string_view regex_pattern, std::string_view replacement="[REDACTED]", bool preserve_partial=false)
	Add a custom sanitization pattern.

log_sanitizer &	remove_pattern (std::string_view name)
	Remove a pattern by name.

std::string	sanitize (std::string_view input) const
	Sanitize a string by masking all detected sensitive data.

bool	contains_sensitive_data (std::string_view input) const
	Check if a string contains sensitive data.

std::vector< std::string >	active_patterns () const
	Get list of active pattern names.

log_sanitizer &	clear ()
	Clear all patterns.

log_sanitizer &	add_common_patterns ()
	Add all common patterns at once.

Private Member Functions
void	add_credit_card_pattern ()

void	add_ssn_pattern ()

void	add_api_key_pattern ()

void	add_password_pattern ()

void	add_email_pattern ()

void	add_ip_address_pattern ()

void	add_phone_number_pattern ()

Static Private Member Functions
static std::string	apply_rule (const std::string &input, const sanitization_rule &rule)

Private Attributes
std::vector< sanitization_rule >	rules_

Detailed Description

Log sanitizer for masking sensitive data.

Thread-safe sanitizer that detects and masks sensitive information in log messages. Supports both built-in patterns for common sensitive data types and custom patterns for organization-specific needs.

Built-in patterns:

Credit cards: Masks all but last 4 digits
SSN: Masks all but last 4 digits
API keys: Fully redacted
Passwords: Fully redacted
Emails: Partial masking of local part
IP addresses: Masks last two octets
Phone numbers: Masks middle digits

Definition at line 82 of file log_sanitizer.h.

Member Function Documentation

◆ active_patterns()

std::vector< std::string > kcenon::logger::security::log_sanitizer::active_patterns ( ) const

inline

Get list of active pattern names.

Returns: Vector of pattern names currently active

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 190 of file log_sanitizer.h.

                                                 {
        std::vector<std::string> names;
        names.reserve(rules_.size());
        for (const auto& rule : rules_) {
            names.push_back(rule.name);
        }
        return names;
    }

References rules_.

◆ add_api_key_pattern()

void kcenon::logger::security::log_sanitizer::add_api_key_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 244 of file log_sanitizer.h.

                               {
        // Matches common API key formats
        rules_.emplace_back(
            "api_key",
            R"(\b(sk[-_]|api[-_]|key[-_]|token[-_]|bearer\s+)([a-zA-Z0-9]{16,})\b)",
            "$1[REDACTED]",
            false);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_common_patterns()

log_sanitizer & kcenon::logger::security::log_sanitizer::add_common_patterns ( )

inline

Add all common patterns at once.

Returns: Reference to this sanitizer for method chaining

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 212 of file log_sanitizer.h.

                                         {
        add_pattern(sensitive_data_type::credit_card);
        add_pattern(sensitive_data_type::ssn);
        add_pattern(sensitive_data_type::api_key);
        add_pattern(sensitive_data_type::password);
        add_pattern(sensitive_data_type::email);
        return *this;
    }

References add_pattern(), kcenon::logger::security::api_key, kcenon::logger::security::credit_card, kcenon::logger::security::email, kcenon::logger::security::password, and kcenon::logger::security::ssn.

Referenced by kcenon::logger::security::make_default_sanitizer().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ add_credit_card_pattern()

void kcenon::logger::security::log_sanitizer::add_credit_card_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 224 of file log_sanitizer.h.

                                   {
        // Matches credit card numbers with or without separators
        // Preserves last 4 digits
        rules_.emplace_back(
            "credit_card",
            R"(\b(\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?)(\d{4})\b)",
            "****-****-****-$2",
            true);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_custom_pattern()

log_sanitizer & kcenon::logger::security::log_sanitizer::add_custom_pattern	(	std::string_view	name,
		std::string_view	regex_pattern,
		std::string_view	replacement = "[REDACTED]",
		bool	preserve_partial = false )

inline

Add a custom sanitization pattern.

Parameters

name	Identifier for the pattern
regex_pattern	Regular expression to match sensitive data
replacement	Replacement string (use $1, $2 for capture groups)
preserve_partial	If true, preserve last few characters

Returns: Reference to this sanitizer for method chaining

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 127 of file log_sanitizer.h.

                                           {
        rules_.emplace_back(
            std::string(name),
            std::string(regex_pattern),
            std::string(replacement),
            preserve_partial);
        return *this;
    }

References rules_.

◆ add_email_pattern()

void kcenon::logger::security::log_sanitizer::add_email_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 262 of file log_sanitizer.h.

                             {
        // Matches email addresses, masks local part partially
        rules_.emplace_back(
            "email",
            R"(\b([a-zA-Z0-9._%+-])([a-zA-Z0-9._%+-]*)(@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})\b)",
            "$1***$3",
            true);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_ip_address_pattern()

void kcenon::logger::security::log_sanitizer::add_ip_address_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 271 of file log_sanitizer.h.

                                  {
        // Matches IPv4 addresses, masks last two octets
        rules_.emplace_back(
            "ip_address",
            R"(\b(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\b)",
            "$1.$2.x.x",
            true);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_password_pattern()

void kcenon::logger::security::log_sanitizer::add_password_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 253 of file log_sanitizer.h.

                                {
        // Matches password=xxx, pwd=xxx, passwd=xxx patterns
        rules_.emplace_back(
            "password",
            R"(((?:password|passwd|pwd|secret|credential)[\s]*[=:]\s*)([^\s&]+))",
            "$1[REDACTED]",
            false);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_pattern()

log_sanitizer & kcenon::logger::security::log_sanitizer::add_pattern ( sensitive_data_type type )

inline

Add a built-in pattern for sensitive data detection.

Parameters

type	The type of sensitive data to detect

Returns: Reference to this sanitizer for method chaining

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 89 of file log_sanitizer.h.

                                                         {
        switch (type) {
            case sensitive_data_type::credit_card:
                add_credit_card_pattern();
                break;
            case sensitive_data_type::ssn:
                add_ssn_pattern();
                break;
            case sensitive_data_type::api_key:
                add_api_key_pattern();
                break;
            case sensitive_data_type::password:
                add_password_pattern();
                break;
            case sensitive_data_type::email:
                add_email_pattern();
                break;
            case sensitive_data_type::ip_address:
                add_ip_address_pattern();
                break;
            case sensitive_data_type::phone_number:
                add_phone_number_pattern();
                break;
            case sensitive_data_type::custom:
                // Custom patterns are added via add_custom_pattern()
                break;
        }
        return *this;
    }

References add_api_key_pattern(), add_credit_card_pattern(), add_email_pattern(), add_ip_address_pattern(), add_password_pattern(), add_phone_number_pattern(), add_ssn_pattern(), kcenon::logger::security::api_key, kcenon::logger::security::credit_card, kcenon::logger::security::custom, kcenon::logger::security::email, kcenon::logger::security::ip_address, kcenon::logger::security::password, kcenon::logger::security::phone_number, and kcenon::logger::security::ssn.

Referenced by add_common_patterns().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ add_phone_number_pattern()

void kcenon::logger::security::log_sanitizer::add_phone_number_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 280 of file log_sanitizer.h.

                                    {
        // Matches phone numbers in various formats
        rules_.emplace_back(
            "phone_number",
            R"(\b(\+?\d{1,3}[-.\s]?)(\d{3})[-.\s]?(\d{3})[-.\s]?(\d{4})\b)",
            "$1***-***-$4",
            true);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ add_ssn_pattern()

void kcenon::logger::security::log_sanitizer::add_ssn_pattern ( )

inlineprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 234 of file log_sanitizer.h.

                           {
        // Matches SSN format XXX-XX-XXXX
        // Preserves last 4 digits
        rules_.emplace_back(
            "ssn",
            R"(\b(\d{3})[-\s]?(\d{2})[-\s]?(\d{4})\b)",
            "***-**-$3",
            true);
    }

References rules_.

Referenced by add_pattern().

Here is the caller graph for this function:

◆ apply_rule()

static std::string kcenon::logger::security::log_sanitizer::apply_rule	(	const std::string &	input,
		const sanitization_rule &	rule )

inlinestaticprivate

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 289 of file log_sanitizer.h.

                                                                                       {
        return std::regex_replace(input, rule.pattern, rule.replacement);
    }

References kcenon::logger::security::sanitization_rule::pattern, and kcenon::logger::security::sanitization_rule::replacement.

Referenced by sanitize().

Here is the caller graph for this function:

◆ clear()

log_sanitizer & kcenon::logger::security::log_sanitizer::clear ( )

inline

Clear all patterns.

Returns: Reference to this sanitizer for method chaining

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 203 of file log_sanitizer.h.

                           {
        rules_.clear();
        return *this;
    }

References clear(), and rules_.

Referenced by clear().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ contains_sensitive_data()

bool kcenon::logger::security::log_sanitizer::contains_sensitive_data ( std::string_view input ) const

inline

Check if a string contains sensitive data.

Parameters

input The string to check

Returns: true if sensitive data is detected, false otherwise

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 177 of file log_sanitizer.h.

                                                             {
        for (const auto& rule : rules_) {
            if (std::regex_search(input.begin(), input.end(), rule.pattern)) {
                return true;
            }
        }
        return false;
    }

References rules_.

◆ remove_pattern()

log_sanitizer & kcenon::logger::security::log_sanitizer::remove_pattern ( std::string_view name )

inline

Remove a pattern by name.

Parameters

name	Name of the pattern to remove

Returns: Reference to this sanitizer for method chaining

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 145 of file log_sanitizer.h.

                                                       {
        rules_.erase(
            std::remove_if(rules_.begin(), rules_.end(),
                [name](const sanitization_rule& rule) {
                    return rule.name == name;
                }),
            rules_.end());
        return *this;
    }

References rules_.

◆ sanitize()

std::string kcenon::logger::security::log_sanitizer::sanitize ( std::string_view input ) const

inline

Sanitize a string by masking all detected sensitive data.

Parameters

input The string to sanitize

Returns: Sanitized string with sensitive data masked

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 160 of file log_sanitizer.h.

                                                   {
        if (rules_.empty()) {
            return std::string(input);
        }
 
        std::string result(input);
        for (const auto& rule : rules_) {
            result = apply_rule(result, rule);
        }
        return result;
    }

References apply_rule(), and rules_.

Here is the call graph for this function:

Member Data Documentation

◆ rules_

std::vector<sanitization_rule> kcenon::logger::security::log_sanitizer::rules_

private

Examples: /home/runner/work/logger_system/logger_system/include/kcenon/logger/security/log_sanitizer.h.

Definition at line 222 of file log_sanitizer.h.

Referenced by active_patterns(), add_api_key_pattern(), add_credit_card_pattern(), add_custom_pattern(), add_email_pattern(), add_ip_address_pattern(), add_password_pattern(), add_phone_number_pattern(), add_ssn_pattern(), clear(), contains_sensitive_data(), remove_pattern(), and sanitize().

The documentation for this class was generated from the following file:

include/kcenon/logger/security/log_sanitizer.h

Public Member Functions

Private Member Functions

Static Private Member Functions

Private Attributes

Detailed Description

Member Function Documentation

◆ active_patterns()

◆ add_api_key_pattern()

◆ add_common_patterns()

◆ add_credit_card_pattern()

◆ add_custom_pattern()

◆ add_email_pattern()

◆ add_ip_address_pattern()

◆ add_password_pattern()

◆ add_pattern()

◆ add_phone_number_pattern()

◆ add_ssn_pattern()

◆ apply_rule()

◆ clear()

◆ contains_sensitive_data()

◆ remove_pattern()

◆ sanitize()

Member Data Documentation

◆ rules_