mr-clean

by trello

trello / mr-clean

Don't leak sensitive data.

205 Stars 5 Forks Last release: Not found Other 98 Commits 8 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

                                . .....                                     
                             .=OO:....$ZZ..                                 
                            .O........,~=+Z.                                
                           =Z ..,:~=~~=+???Z.                               
                          .Z .,+++++++???I7IZ.                              
                          .O.~7??????????7$7Z.                              
                          .?.+ZO+~,???..+Z.$Z.                              
                          .,.OZOOOZI?IOZ$ZII7.                              
                        .O,7,O7,+~Z=??:I7?ZI7+Z.                            
                        .O7+.$=~=+O++??+==~=7ZO.                            
                        .ZZ..IIIOOZI?IIO7+=IIZO.                            
                         .O..?O$ZI7?????7$II7Z.                             
                          OZ.,77Z=$$$I?I??7?ZOO                             
                          .Z..O$ZIZZ$????=I7ZO.                             
                           O...O~Z+~:=+II$$7~                               
                            Z,Z:+.OZ7ZZ$7Z?O.                               
                            O.ZOZOOOOOZ7I+?O...                             
                           .Z.$OZZOO77$7+=?Z.O~.                            
                    ......OO..$OZOOZ7I$?~+?=$Z...                           
             .,OZZO$,.... .,...OOOOI???++++O. =..ZZZZOO+...                 
          .=OI.            .   .OZ$???$OZ. .,~    ..,:~~~=ZO.               
         .O..                                         ..:===OO.             
        ,Z..                                             ,===:O.            
       .O.,.     ..                                      .~===,Z            
      .Z.,,.OZOZZOOZZ.                               ... .,====:Z           
     .Z..,O..?...++=?=Z.                           ...~.  .,::==Z:.         
    .O:...Z...?...=?+++IO..      ....+ZZOOO.....  .Z:+:.......~==O.         
    .Z..,:,ZZ+:.+Z7?????=O,IOZZZO..,+??????++++=ZZ,~OOI??++7OZ===~Z.        
    Z..OOI. .IZ$ZZI......   ..:+???????????????????+7Z7??~~+++ZZ==O.        
    O.O.,+  ..,~=+???~.,=?????????????????IZZ7????II?I$??==+++IZOO~Z        
    OO. .,~??????????????????????+++?I$Z77ZZZZOOOZZ7I?+??I??++?$$?ZO        
    O:.:7$I???????????????II?+++?IZZZ7ZO?$ZZZZ7+======+++++===?77?$O        
    .O+ZZZ$III7$ZZZZZZ7I?+++?I$OOO$O$??????++++++++??????????+?I?+O.        
    .OZOOOOOOZZ$$7I?++++?I$ZOOO$ZZ??+????????????????????????????$.         
    ,ZZOOOOZ$I?????????$ZOOZ7+~:,....,I7II??+++==~:,..,+?????????Z.         
    .OZZZZOZZZZ+,..... :::~...Z$$.$$.=$II$$=........$$.,==++++??+Z.         
     OOZZZZOOO$.$$..$..=  .$$$$$=,$=.,......$$$Z.$7.$$.ZIIII????+O.         
      OZZZ$ZZZ+.$$.~$.$. .$$$   .$$..I$ZZ.Z$.Z$.$$..$.$IOOOOOOZOOO          
       .,ZOOZZ:~.$$IZ$...$$$    .$$.$$.$7=$..$$.$$ $Z.ZZZZZ$$7ZO,           
              .$.$.I.. .$$$.    $$.$$$Z..$$.$$=,$..$$.O?$OZZZZ..            
              ...7OOO..$$$.    .$$.$$  ..$$$7$.7,...,Z.$~                   
             ..       .$$$.    .$$.$$$$,......OZZ,.                         
                      .$$$.  ..$$......ZO.$..                               
                       Z$$$$$$Z..OZ....                                     
                      ..?$$$..OZ                                            
                        $OOOZ,.                                             

Mr. Clean

Let Mr. Clean keep your logs clean of sensitive data.

Imagine you have the following model

data class SensitiveData(val creditCardNumber: String, val socialSecurityNumber: String)

This model might be inadvertently logged, leaking sensitive data to the world. One way to get around this is to override

toString
and manage your state.
data class SensitiveData(val creditCardNumber: String, val socialSecurityNumber: String) {
    override toString(): String {
        if (BuildConfig.DEBUG) {
            return "SensitiveData(
                creditCardNumber='$creditCardNumber'
                socialSecurityNumber='$socialSecurityNumber'
                )"
        }
        else {
            return "[email protected]${Integer.toHexString(hashCode())}"
        }
    }
}

But now you have to make sure this stays updated when you add/remove properties.

Enter Mr. Clean

Annotate your class with

@Sanitize
and delegate to the generated
sanitizedToString
function:
@Sanitize
data class SensitiveData(val creditCardNumber: String, val socialSecurityNumber: String) {
    override toString() = sanitizedToString()
}

Note: You don't have to build to get this function! The Gradle plugin will generate a default

Any.sanitizedToString
for use in the IDE.

Mr. Clean manages the implementation of the

toString
for you.
// in a debuggable build
inline fun SensitiveData.sanitizedToString(condition: Boolean): String =
        "SensitiveData(creditCardNumber = $creditCardNumber, socialSecurityNumber = $socialSecurityNumber)"

// in a non-debuggable build inline fun SensitiveData.sanitizedToString(condition: Boolean): String = "[email protected]${Integer.toHexString(hashCode())}"

Don't leak sensitive info ever again, trust in Mr. Clean.

Usage

buildscript {
  repositories {
    mavenCentral()
    google()
   }
  dependencies {
    classpath 'com.trello.mrclean:mr-clean-plugin:1.0.1'
  }
}

and then apply to your modules ```groovy apply plugin: 'com.trello.mrclean'

Contributors

Pull requests, issues and comments welcome. For pull requests:

  • Add tests for new features and bug fixes
  • Follow the existing style
  • Separate unrelated changes into multiple pull requests

See the existing issues for things to start contributing.

For bigger changes, make sure you start a discussion first by creating an issue and explaining the intended change.

Atlassian requires contributors to sign a Contributor License Agreement, known as a CLA. This serves as a record stating that the contributor is entitled to contribute the code/documentation/translation to the project and is willing to have it used in distributions and derivative works (or is willing to transfer ownership).

Prior to accepting your contributions we ask that you please follow the appropriate link below to digitally sign the CLA. The Corporate CLA is for those who are contributing as a member of an organization and the individual CLA is for those contributing as an individual.

License

Copyright (c) 2018 Atlassian and others. Apache 2.0 licensed, see LICENSE file.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.