Mask credit card details that is being sent to Raygun in the body of an api request.

logs/logs.go

@@ -51,6 +51,7 @@ var raygunClient *raygun4go.Client
 // Password filtering
 var passwordRegex = regexp.MustCompile(`(?i:\\?"password\\?"\s*:\s*\\?"(.*)\\?").*`)
 var byteArrayRegex = regexp.MustCompile(`(?i:\\?"(?i:[\w]*)(?i:byte|data)(?i:[\w]*)\\?"\s*:\s*\[([\d\s,]+)*\])`)
+var creditCardDetailsRegex = regexp.MustCompile(`(?i)"(?:card_number|card_expiry_year|card_expiry_month|card_cvv)"\s*:\s*(?:")?([^,"}]+)(?:")?`)
 
 func SanitiseLogs(logString string) string {
 	var isValidJsonString bool
@@ -61,6 +62,7 @@ func SanitiseLogs(logString string) string {
 
 	logString = MaskByteArraysInJsonString(logString)
 	logString = MaskPasswordsInJsonString(logString)
+	logString = MaskCreditCardDetailsInJsonString(logString)
 
 	return logString
 }
@@ -77,6 +79,12 @@ func MaskByteArraysInJsonString(jsonString string) string {
 	return string_utils.ReplaceAllRegexStringSubmatch(byteArrayRegex, jsonString, "...")
 }
 
+// MaskCreditCardDetailsInJsonString takes a string and sanitises all the instances of fields named card_number,
+// "card_number" will become "{"card_number": "***"}"
+func MaskCreditCardDetailsInJsonString(jsonString string) string {
+	return string_utils.ReplaceAllRegexStringSubmatch(creditCardDetailsRegex, jsonString, "***")
+}
+
 func SanitiseFields(fields map[string]interface{}) map[string]interface{} {
 	sanitisedFields := make(map[string]interface{})
 
@@ -491,7 +499,7 @@ func sendRaygunError(fields map[string]interface{}, errToSend error) {
 	if apiRequest != nil {
 		methodAndPath := apiRequest.HTTPMethod + ": " + apiRequest.Path
 		tags = append(tags, methodAndPath)
-		fields["body"] = apiRequest.Body
+		fields["body"] = SanitiseLogs(apiRequest.Body)
 		fields["query"] = apiRequest.QueryStringParameters
 		fields["identity"] = apiRequest.RequestContext.Identity
 	}