Class: Msf::MCP::Logging::Sinks::Sanitizing

Inherits:
Object
  • Object
show all
Includes:
Rex::Logging::LogSink
Defined in:
lib/msf/core/mcp/logging/sinks/sanitizing.rb

Overview

A Rex LogSink decorator that redacts sensitive information from log messages before delegating to a wrapped sink.

Examples:

Wrapping a JsonFlatfile sink

inner = Msf::MCP::Logging::Sinks::JsonFlatfile.new('msfmcp.log')
sink  = Msf::MCP::Logging::Sinks::Sanitizing.new(inner)
register_log_source('mcp', sink, Rex::Logging::LEV_0)

Constant Summary collapse

REDACTED = 
'[REDACTED]'
SENSITIVE_PATTERNS = 
{
  password:     /password[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  token_keyval: /token[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  token_header: /token\s+[a-zA-Z0-9_\-\.]+/i,
  api_key:      /api[_-]?key[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  secret:       /secret[_-]?key[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  credential:   /credential[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  auth:         /auth[\"']?\s*[:=]\s*[\"']?[^\"',\s}]+/i,
  bearer:       /bearer\s+[a-zA-Z0-9_\-\.]+/i
}.freeze
SENSITIVE_KEYS = 
/\A(password|token|secret|api_key|api_secret|credential|auth_token|bearer|access_token|private_key)\z/i

Instance Method Summary collapse

Methods included from Rex::Logging::LogSink

#get_current_timestamp

Constructor Details

#initialize(sink) ⇒ Sanitizing

Returns a new instance of Sanitizing.

Parameters:



34
35
36
 
# File 'lib/msf/core/mcp/logging/sinks/sanitizing.rb', line 34

def initialize(sink)
  @sink = sink
end

Instance Method Details

#cleanupObject 



42
43
44
 
# File 'lib/msf/core/mcp/logging/sinks/sanitizing.rb', line 42

def cleanup
  @sink.cleanup
end

#log(sev, src, level, msg) ⇒ Object 



38
39
40
 
# File 'lib/msf/core/mcp/logging/sinks/sanitizing.rb', line 38

def log(sev, src, level, msg)
  @sink.log(sev, src, level, sanitize(msg))
end