Merge pull request #33 from labbsr0x/feature/CustomMessageFilter

flaviostutz · web-flow · commit 3865f7746f9b · 2021-06-08T09:19:39.000-03:00
Implements filter on ErrorMessage
diff --git a/README.md b/README.md
@@ -174,6 +174,10 @@ Your java code should look like this:
 req.setAttribute("error-info", "Page not found");
 ```
 
+###### Improving error messages
+
+It is possible to filter the error message to avoid long messages or personal info exposed in the metrics. To do it, two params may be used: `error-info-regex` and `error-info-max-size`. The first will set the regex to apply in the message, with `[^A-zÀ-ú .,]+` as the default value. The second, `error-info-max-size`, defines the max size of the message to be truncated and has `50` as the default value.
+
 #### Setting application version
 
 ##### Manually
diff --git a/src/main/java/br/com/labbs/monitor/filter/MetricsCollectorFilter.java b/src/main/java/br/com/labbs/monitor/filter/MetricsCollectorFilter.java
@@ -17,7 +17,10 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
-
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 /**
  * The MetricsFilter class provides a high-level filter that enables collection of (latency, amount and response
  * size metrics) for Servlet performance, based on schema, status code, HTTP method and URI path.
@@ -57,7 +60,14 @@ public class MetricsCollectorFilter implements Filter {
     private static final String ERROR_MESSAGE_PARAM = "error-message";
     private static final String DEBUG = "debug";
     private static final String APPLICATION_VERSION = "application-version";
+    private static final String DEFAULT_FILTER_REGEX = "[^A-zÀ-ú .,]+";
+    private static final String FILTER_REGEX_PARAM = "error-info-regex";
+    private static final String FILTER_MAX_SIZE_PARAM = "error-info-max-size";
+    private static final Logger LOGGER = Logger.getLogger(MetricsCollectorFilter.class.getName());
     private final List<String> exclusions = new ArrayList<String>();
+    private int filter_max_size = 50;
+    private String filter_regex = "";
+
 
     private int pathDepth = 0;
     private String errorMessageParam = "";
@@ -109,6 +119,11 @@ public void init(FilterConfig filterConfig) {
                 exportJvmMetrics = Boolean.parseBoolean(exportJvmMetricsStr);
             }
             exportApplicationVersion = filterConfig.getInitParameter(APPLICATION_VERSION);
+
+            filter_max_size = filterConfig.getInitParameter(FILTER_MAX_SIZE_PARAM) != null ?
+                Integer.valueOf(filterConfig.getInitParameter(FILTER_MAX_SIZE_PARAM)) : filter_max_size;
+            filter_regex = filterConfig.getInitParameter(FILTER_REGEX_PARAM) != null ?
+                filterConfig.getInitParameter(FILTER_REGEX_PARAM) : DEFAULT_FILTER_REGEX;
         }
         String version = isNotEmpty(exportApplicationVersion) ? exportApplicationVersion : getApplicationVersionFromPropertiesFile();
         // Allow users to capture error messages
@@ -209,20 +224,37 @@ private boolean isErrorStatus(int status) {
     /**
      * Get the error message from a request.
      * If error message is null, sets the string to empty string.
+     * If a regex is defined, use it to filter message
+     * 
+     * Default regex: [^A-zÀ-ú .,]+
+     * Default max size: 50
      *
      * @param httpRequest request
      * @return string with the error message or empty string if error message not found.
      */
     private String getErrorMessage(HttpServletRequest httpRequest) {
-    	if (errorMessageParam == null) {
-    		return "";
-    	}
-    	String errorMessage = (String) httpRequest.getAttribute(errorMessageParam);
-    	if (errorMessage == null) {
-    		return "";
-    	}
 
-    	return errorMessage;
+        if (errorMessageParam == null) {
+            return "";
+        }
+        String errorMessage = (String) httpRequest.getAttribute(errorMessageParam);
+        String result = "";
+        if (errorMessage == null) {
+            return result;
+        }
+
+        try {
+            // apply whitelist filter
+            result = errorMessage.replaceAll(filter_regex, "");
+            if (result.length() > filter_max_size) {
+                result = result.substring(0, filter_max_size);
+            }
+        } catch (Exception e) {
+            // avoid invalid regex or invalid matcher group index
+            result = "";
+            LOGGER.warning("Invalid regex: " + e.getMessage());
+        }
+        return result;
     }
 
     /**
