cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Java app-agent-config.xml - use of regex to mask url segment data does not work properly

Alex.Oliveira
New Poster

Hi,

I'm trying to use match-pattern - regex inside the app-agent-config.xml in our java microservice, but it does not work properly.
E.g.:

 

        <sensitive-url-filter delimiter="/"
                              segment="3,4,5,6"
                              match-filter="REGEX"
                              match-pattern=":"
                              param-pattern="myParam|myAnotherParam"/>

 

this should mask selected segments that contains : but it masks everything.
If I do match-pattern="=" it works as expected (masking segment that contains "=" in the string)

Another examples that do not work (they mask everything):
match-pattern=":"
match-pattern="\x3A" (3A is ":" in ASCII table)
match-pattern="[^a-z¦-]+" (should return true if there is anything other than lower letters and "-")
match-pattern=":|="

Thank you

Best regards,
Alex Oliveira

2 REPLIES 2

Kenji.Kumada
AppDynamics Team

I have checked the implementation for this URL filtering feature in the Java agent in version 22.9.0, the latest version as of now. This feature matches the specified "match-pattern" against the whole URL, not against each segment content. After finding matches against the URL, it masks the segments specified in the configuration regardless of the segments' content.

I tested your configuration
<sensitive-url-filter delimiter="/"
segment="3,4,5,6"
match-filter="REGEX"
match-pattern=":"
param-pattern="myParam|myAnotherParam"/>​


with this URL
http://dummy.com:443/seg2/seg3/seg4/seg5/seg6/seg7?myParam=1&yourParam=2

It resulted in
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2
This is because `:` matches in the http protocol and segments 3, 4, 5 and 6 are specified.

When I changed match-patter from ":" to "=", the result was the same
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2​

This is because '=' matches in the last segment `seg7?myParam=1&yourParam=2`.

This is different from the result you described when you put match-pattern=":". This may be due to different java agent versions or different java environments. If you share information about your environment and example URLs, maybe we can investigate further.

Best regards,
Kenji

Hi Kenji,

I didn't realize that the regex would consider the full url.
Now I did a proper regex taking this into consideration.

Thank you