I created a pattern to match JWT(ES256).
(([a-zA-Z] ([0-9] [a-zA-Z] ) )9).*?([a-zA-Z] ([0-9] [a-zA-Z] ) ).(.*?)(?=[\s\"\\,\)\]])
Which works and finds jwt tokens in the logs for further masking. But it also has a lot of false positives and matches content it shouldn't match.
Example string:
(traceId content was masked, I changed it to jwt to reproduce issue)
[traceId=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0Iiwic3ViIjoiam9obiIsImF1ZCI6ImNvbm5vciIsImlhdCI6NjY2NjY2NjY5OSwiZXhwIjo2NjcwNTc0NTk5fQ.fh3NKfJMO3QNYrC6Lq6TG5qdJ8kgQmubfJh5bqTengiVB8q2MdfjNwVajZNMpaPKOCSoReVuRcVyJoFQwT16-w] DEBUG something
I want to add exclusions with the negative lookbehind, to match only if it doesn't contain certain words like traceId or other params. But it's not working for this pattern.
(?<=(?<!traceId))(([a-zA-Z] ([0-9] [a-zA-Z] ) )9).*?([a-zA-Z] ([0-9] [a-zA-Z] ) ).(.*?)(?=[\s\"\\,\)\]])
Sidenote: the matches aren't at the beginning all the time as with traceId case. They can be in any part of the string.
Java 11
CodePudding user response:
If you want to exclude [traceId= you might write the pattern as
(?<!\[traceId=)\b[\w-] \.[\w-] \.[\w-] \b
Or if you want to match a 9 before the first dot and assert one of the chars listed in the character class or the end of the string at the end of the pattern:
(?<!\[traceId=)\b[\w-]*9\.[\w-] \.[\w-] (?=[\s\"\\,)\]]|$)