Obfuscate json body fields using json path or json pointer

Question

Obfuscate json body fields using json path or json pointer

karim-elngr opened this issue a year ago · 1 comments

I would like to propose a new change to allow to obfuscate json body fields by specifying a json pointer such as /child/elem

Detailed Description

I am proposing a new change so that we can provide the following configuration

logbook:
  obfuscate:
    json-body-fields:
      - /user/name/
    replacement: ZZZ

Which will obfuscate the following payload without issues

{
  "user": {
    "name": "karim"
  },
  "resource": {
    "name": "resource name"
  }
}

Into

{
  "user": {
    "name": "ZZZ"
  },
  "resource": {
    "name": "resource name"
  }
}

Context

This change is useful because currently we are only able to obfuscate by providing name of the field without context about its location so for example we obfuscate all fields with name name instead of only obfuscating the /user/name

Possible Implementation

Changing the implementation of JacksonJsonFieldBodyFilter::filter to JacksonJsonFieldBodyFilter - L63

if (nextToken == JsonToken.FIELD_NAME && fields.contains(parser.getParsingContext().pathAsPointer().toString())) {

Your Environment

Version used: 3.5.0

Answer 1 · 2023-10-25T19:22:12.000Z

by specifying a json pointer

I'm not sure a JSON Pointer is the right tool here. A JSON Pointer will always uniquely identify a single node within the JSON tree. As soon as you have arrays you end up in a situation where you can't say something like /users/*/name.

More powerful, for this use case, is JSON Path - for which Logbook already has support: https://github.com/zalando/logbook#jsonpath-body-filtering-experimental