Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • T titan.core
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 124
    • Issues 124
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1
    • Merge requests 1
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Eclipse ProjectsEclipse Projects
  • Eclipse Titan
  • titan.core
  • Issues
  • #612
Closed
Open
Issue created Jul 21, 2022 by Lenard Nagy@lnagyMaintainer

Imrovement on logging of sensitive data

Summary

Our customers complain that they could find some sensitive data are printed in TTCN log. (such as k, op, opc…) So we want to check whether Titan team could support a new function to protect these sensitive data in logs.

What is the expected correct behavior?

No sensitive data is written to logs

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)

Possible fixes

We have a proposal for this function: To fulfil generic product security requirement, Titan could provide log API to filter out sensitive contents before output to log file. Sensitive contents can be described by e.g. regular expression patterns. The API could be set in whole process level since typhon framework is used by AAT and AAT can’t change typhon code directly.

Example imlementation:

type record UserData{
  charstring    username,
  octetstring  secret_key
} with {
  extension (secret_key) “sensitive_data”
}

type octetstring OPc with {extension “sensitive_data” }

If
FileMask:=LOG_ALL

Then the log would contain
{ username := “User1”, secret_key=<redacted>}

If 
FileMask:=LOG_ALL | SENSITIVE

Then the log would contain
{ username := “User1”, secret_key=’11223344’O}

Titan version

8.2

Platform details (OS type and version)

All

/cc @aknappqwt

Assignee
Assign to
Time tracking

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent