问题
In our logs we're seeing credit-card numbers due to people hitting some of the ULRs in our app with CC info (I have no idea why they are doing this). We want to sanitize this information (because of PCI considerations) and not even persist it to disk.
Hence, I want to be able to sanitize the log entry before it hits the log file. I've been looking at Tomcat Valves (Access Log Valve). Is this the way to go?
回答1:
I was able to solve this problem by extending AccessLogValve and overriding public log(java.lang.String message):
public class SanitizedAccessLogValve extends AccessLogValve {
private static Pattern pattern = Pattern.compile("\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})\\b");
/*
This method will sanitize any cc numbers in the string and replace them with x's
*/
private String sanitize(String string) {
String sanitizedString = string;
if(string != null) {
StringBuffer buffer = new StringBuffer();
Matcher matcher = pattern.matcher(string);
while(matcher.find()) {
MatchResult matchResult = matcher.toMatchResult();
int start = matchResult.start();
int end = matchResult.end();
String matchedText = string.substring(start, end);
matcher.appendReplacement(buffer, "xxxxxxxxxxxxxxxx");
}
matcher.appendTail(buffer);
sanitizedString = buffer.toString();
}
return sanitizedString;
}
@Override
public void log(String message) {
super.log(sanitize(message));
}
}
You need to compile this into a jar, and then put that jar file in $CATALINA_HOME/lib.
Then in your server.xml:
<Valve className="my.valves.SanitizedAccessLogValve"
directory="access_logs" prefix="localhost." suffix=".log"
pattern='%v %h %t "%r" %s %B %T "%{User-Agent}i"'/>
来源:https://stackoverflow.com/questions/5812238/sanitizing-tomcat-access-log-entries