Skip to content

Imrovement on logging of sensitive data

Summary

Our customers complain that they could find some sensitive data are printed in TTCN log. (such as k, op, opc…) So we want to check whether Titan team could support a new function to protect these sensitive data in logs.

What is the expected correct behavior?

No sensitive data is written to logs

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)

Possible fixes

We have a proposal for this function: To fulfil generic product security requirement, Titan could provide log API to filter out sensitive contents before output to log file. Sensitive contents can be described by e.g. regular expression patterns. The API could be set in whole process level since typhon framework is used by AAT and AAT can’t change typhon code directly.

Example imlementation:

type record UserData{
  charstring    username,
  octetstring  secret_key
} with {
  extension (secret_key) “sensitive_data”
}

type octetstring OPc with {extension “sensitive_data” }

If
FileMask:=LOG_ALL

Then the log would contain
{ username := “User1”, secret_key=<redacted>}

If 
FileMask:=LOG_ALL | SENSITIVE

Then the log would contain
{ username := “User1”, secret_key=’11223344’O}

Titan version

8.2

Platform details (OS type and version)

All

/cc @aknappqwt

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent