masked sensitive information in logs

monu-kumar-visa · monu-kumar-visa · commit ad5ab6863ba5 · 2025-11-06T12:35:49.000+05:30
diff --git a/src/authentication/logging/SensitiveDataMasker.js b/src/authentication/logging/SensitiveDataMasker.js
@@ -14,8 +14,15 @@ function maskSensitiveData(message) {
         return Constants.LOG_REQUEST_AFTER_MLE + maskSensitiveData(message.substring(Constants.LOG_REQUEST_AFTER_MLE.length));
     }
 
+    if (typeof message === 'string' && message.startsWith(Constants.LOG_RESPONSE_AFTER_MLE)) {
+        return Constants.LOG_RESPONSE_AFTER_MLE + maskSensitiveData(message.substring(Constants.LOG_RESPONSE_AFTER_MLE.length));
+    }
+    if (typeof message === 'string' && message.startsWith(Constants.LOG_RESPONSE_BEFORE_MLE)) {
+        return Constants.LOG_RESPONSE_BEFORE_MLE + maskSensitiveData(message.substring(Constants.LOG_RESPONSE_BEFORE_MLE.length));
+    }
+
     if (Utility.isJsonString(message)) {
-        jsonMsg = JSON.parse(message)
+        jsonMsg = JSON.parse(message);
     } else {
         jsonMsg = JSON.parse(JSON.stringify(message));
     }
diff --git a/src/authentication/logging/SensitiveDataTags.js b/src/authentication/logging/SensitiveDataTags.js
@@ -35,6 +35,6 @@ exports.getSensitiveDataTags = function () {
     tags.push("prefix");
     tags.push("bin");
     tags.push("encryptedRequest");
-
+    tags.push("encryptedResponse");
     return tags;
 }
diff --git a/src/authentication/util/Constants.js b/src/authentication/util/Constants.js
@@ -44,6 +44,8 @@ module.exports = {
     END_TRANSACTION                   :  "************************  LOGGING END  ************************",
     LOG_REQUEST_BEFORE_MLE            :  "Request before MLE: ",
     LOG_REQUEST_AFTER_MLE             :  "Request after MLE: ",
+    LOG_RESPONSE_BEFORE_MLE           :  "Response before MLE decryption: ",
+    LOG_RESPONSE_AFTER_MLE            :  "Response after MLE decryption: ",
     MERCHANTID                        :  "MERCHANTID",
     MERCHANT_KEY_ID                   :  "MERCHANT_KEY_ID",
     MERCHANT_SECERT_KEY               :  "MERCHANT_SECERT_KEY",
diff --git a/src/authentication/util/MLEUtility.js b/src/authentication/util/MLEUtility.js
@@ -73,7 +73,7 @@ exports.checkAndDecryptEncryptedResponse = function (responseBody, merchantConfi
   }
 
   logger.debug('Response body contains encrypted data, attempting to decrypt');
-  logger.debug('LOG_NETWORK_RESPONSE_BEFORE_MLE_DECRYPTION: ' + JSON.stringify(responseBody));
+  logger.debug(Constants.LOG_RESPONSE_BEFORE_MLE + JSON.stringify(responseBody));
   
   try {
     // Private key from config will take precedence over file path.
@@ -90,7 +90,7 @@ exports.checkAndDecryptEncryptedResponse = function (responseBody, merchantConfi
     
     return JWEUtility.decryptJWEUsingPrivateKey(privateKey, responseBody.encryptedResponse)
       .then(decryptedData => {
-        logger.debug('LOG_NETWORK_RESPONSE_AFTER_MLE_DECRYPTION: ' + JSON.stringify(decryptedData));
+        logger.debug(Constants.LOG_RESPONSE_AFTER_MLE + JSON.stringify(decryptedData));
         return JSON.parse(decryptedData);
       })
       .catch(error => {

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,6 @@ exports.getSensitiveDataTags = function () {`
`35`	`35`	`tags.push("prefix");`
`36`	`36`	`tags.push("bin");`
`37`	`37`	`tags.push("encryptedRequest");`
`38`		`-`
	`38`	`+ tags.push("encryptedResponse");`
`39`	`39`	`return tags;`
`40`	`40`	`}`