From 510c202c91aa8c35d0937df6aa94f0424d978307 Mon Sep 17 00:00:00 2001
From: lleoduplooy <leo@bob.co.za>
Date: Wed, 26 Mar 2025 16:04:06 +0200
Subject: [PATCH] Mask credit card details that is being sent to Raygun in the
 body of an api request.

---
 logs/logs.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/logs/logs.go b/logs/logs.go
index d9aaf9f..a9d7a18 100644
--- a/logs/logs.go
+++ b/logs/logs.go
@@ -51,6 +51,7 @@ var raygunClient *raygun4go.Client
 // Password filtering
 var passwordRegex = regexp.MustCompile(`(?i:\\?"password\\?"\s*:\s*\\?"(.*)\\?").*`)
 var byteArrayRegex = regexp.MustCompile(`(?i:\\?"(?i:[\w]*)(?i:byte|data)(?i:[\w]*)\\?"\s*:\s*\[([\d\s,]+)*\])`)
+var creditCardDetailsRegex = regexp.MustCompile(`(?i)"(?:card_number|card_expiry_year|card_expiry_month|card_cvv)"\s*:\s*(?:")?([^,"}]+)(?:")?`)
 
 func SanitiseLogs(logString string) string {
 	var isValidJsonString bool
@@ -61,6 +62,7 @@ func SanitiseLogs(logString string) string {
 
 	logString = MaskByteArraysInJsonString(logString)
 	logString = MaskPasswordsInJsonString(logString)
+	logString = MaskCreditCardDetailsInJsonString(logString)
 
 	return logString
 }
@@ -77,6 +79,12 @@ func MaskByteArraysInJsonString(jsonString string) string {
 	return string_utils.ReplaceAllRegexStringSubmatch(byteArrayRegex, jsonString, "...")
 }
 
+// MaskCreditCardDetailsInJsonString takes a string and sanitises all the instances of fields named card_number,
+// "card_number" will become "{"card_number": "***"}"
+func MaskCreditCardDetailsInJsonString(jsonString string) string {
+	return string_utils.ReplaceAllRegexStringSubmatch(creditCardDetailsRegex, jsonString, "***")
+}
+
 func SanitiseFields(fields map[string]interface{}) map[string]interface{} {
 	sanitisedFields := make(map[string]interface{})
 
@@ -491,7 +499,7 @@ func sendRaygunError(fields map[string]interface{}, errToSend error) {
 	if apiRequest != nil {
 		methodAndPath := apiRequest.HTTPMethod + ": " + apiRequest.Path
 		tags = append(tags, methodAndPath)
-		fields["body"] = apiRequest.Body
+		fields["body"] = SanitiseLogs(apiRequest.Body)
 		fields["query"] = apiRequest.QueryStringParameters
 		fields["identity"] = apiRequest.RequestContext.Identity
 	}
-- 
GitLab