How do I mask a secret/confidential string in an exception message?

Nina.Wolinsky · ‎09-14-2018

Suppose your application is throwing an exception that contains some confidential or secret data exposed in the exception message and you don't want to display that information on the Controller.

You could add a block like below in <AgentHomeDir>/ver.x.x.x/conf/app-agent-config.xml

<sensitive-message-filters>
      <sensitive-message-filter message-type="throwable"
             match-type="CONTAINS"
             match-pattern="<Exception Message Static Text>"
             redaction-regex="<Regular Expression>"/>
</sensitive-message-filters>

Example

Suppose there is an exception thrown like the one below:
com.TestException("AccountNumber1111111111")

If you don't want to expose the actual account number on the Controller, use below block:

<sensitive-message-filters>
      <sensitive-message-filter message-type="throwable"
             match-type="CONTAINS"
             match-pattern="AccountNumber"
             redaction-regex="[0-9]+"/>
</sensitive-message-filters>

Agent restart is required for the changes to take effect. After the changes and restart, this is what it should look like on the Controller:

Attached a sample app-agent-config.xml

Pooja.S R · ‎07-10-2019

By default what type of data is sent to SaaS controller?

Vijay.Venkatarajulu · ‎07-10-2019

Hi Pooja,

Errors/Exceptions, URL's, Data collectors, MBeans, etc would be sent to
controller from the agent.

Knowledge Base

How do I mask a secret/confidential string in an exception message?

Example

Controller (SaaS and On-Premise)