Skip to content

oxsecurity/MaskerLogger

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Flake Status PyPI version GitHub release License GitHub stars PRs Welcome

MaskerLoggerTitle

Masker Logger

Keep Your logs safe!
This formatter ensures the security of your logs and prevents sensitive data leaks. For example -
Using this Formatter will print this line:
logger.info(f'Dont Give Your {secrets} away')
like this:
Dont Give Your ****** away

Getting started

This formatter utilizes the standard logging.Formatter module.
Before printing each record to any destination (file, stdout, etc.), it ensures sensitive data is masked with asterisks to prevent leaks.

Install the library

pip install maskerlogger

Basic Usage

Like any formatter - just init your logger handler with the MaskerLogger formatter.

from maskerlogger import MaskerFormatter
logger = logging.getLogger('logger')
logger.setLevel(logging.DEBUG)
handler = logging.StreamHandler()
handler.setFormatter(
    MaskerFormatter("%(asctime)s %(name)s %(levelname)s %(message)s"))
logger.addHandler(handler)

skip masking

If, for some reason, you want to disable masking on a specific log line, use the SKIP_MASK mechanism.

from masker_formatter import MaskerFormatter, SKIP_MASK
...
...
logger.info('Line you want to skip', extra=SKIP_MASK)

redact

Here’s a rewritten version suitable for inclusion in a README.md file:


Partial Masking of Secrets

If you prefer to mask only a portion of a secret (rather than its entire length), you can set the redact parameter in the formatter. The redact parameter specifies the percentage of the secret to be masked.

Here’s an example of how to use it:

handler.setFormatter(
    MaskerFormatter("%(asctime)s %(name)s %(levelname)s %(message)s",
                    redact=30))

In this example, 30% of the secret will be masked. Adjust the redact value as needed to suit your requirements.

The Config File

Here's where the magic happens!
Our tool is built upon the powerful Gitleaks tool,
leveraging its default configuration to scan for sensitive data leaks in repositories.
You can find the default configuration here

Use custom config file

To create and use your own config file, set the path when initializing the formatter:

handler.setFormatter(
    MaskerFormatter("%(asctime)s %(name)s %(levelname)s %(message)s",
                    regex_config_path="your/config/gitleaks.toml"))

Good luck!

Brought to you by OX Security