How to Mask Sensitive Fields in Logs With Asterisks. C++

Question

I have a requirement to mask sensitive fields(like SSN, Address, Names) from logs using '***' instesd of the text. The codebase is entirely C++. It is a huge code base. I have noticed that most of the sensitive info is printed in xml tags in the logs. I am very new to C++. I would appreciate if someone could point me in the right direction on how to go about this. Here is an example of how the fields are logged in the code:

 AppMsg rsp(a_dictionary::a_dictionary, XML_RSP, 1);
 ........

 log_msg(CONSOLE, " ResponseTime: %d", response_time);

  rsp.add_field(OUTPUT_XML, rsp_xml);
  rsp.add_field(STATUS_CODE, status_code);
  rsp.add_field(STATUS_DESC, status_desc);

the the logs lookk like:

14:02:58 C--[abcInterfaceServer-1]: abc Query ResponseTime: 0
aRspXml:<?xml version="1.0" encoding="UTF-8"?>   //rsp.add_field(OUTPUT_XML, rsp_xml);
 <CustomerInfo>
     <sourceFlag>1</sourceFlag>
     <Response>
         <Data>
             <LastName>aa</LastName>         //these are the fieds I need to mask
             <FirstName>aaa</FirstName>
             <PhoneNumber>aaaa</PhoneNumber>
             <Street>aaaa</Street>
             <City>aa</City>
             <State>aaaa</State>
             <Zip>aaa</Zip>
               .....
             [1] STATUS_CODE[1234] : num_inst = 1
          [0] 0
          [2] STATUS_DESC[12345] : num_inst = 1
             [0] "SUCCESS"

Any ideas would be helpful.

Answer 1

• Identify the objects that contain/print sensitive data
• Add another method (e.g. publicDataString()) to serialize public data into a printable string
• Modify logging directives to use this method.

Alternatively, modify the operator<<() of those objects to output only public data by default.

Alternatively, output to private logs with no modifications and create a transform script to strip all private info while copying private logs to public ones.