From 4aad92a9d0785ebaadb29c01bd60f1bfc385ee9f Mon Sep 17 00:00:00 2001
From: Renuka Fernando <renukapiyumal@gmail.com>
Date: Mon, 19 Feb 2024 12:50:50 +0530
Subject: [PATCH] Mask Azure SharedAccessKey in connection URL

Signed-off-by: Renuka Fernando <renukapiyumal@gmail.com>
---
 adapter/pkg/messaging/azure_connection.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/adapter/pkg/messaging/azure_connection.go b/adapter/pkg/messaging/azure_connection.go
index c4f27bebb6..05f5412896 100644
--- a/adapter/pkg/messaging/azure_connection.go
+++ b/adapter/pkg/messaging/azure_connection.go
@@ -22,12 +22,14 @@ import (
 	"context"
 	"errors"
 	"os"
+	"regexp"
 	"strconv"
 	"time"
 
 	asb "github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus"
 	"github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/admin"
 	"github.com/google/uuid"
+	"github.com/sirupsen/logrus"
 	logger "github.com/wso2/product-microgateway/adapter/pkg/loggers"
 )
 
@@ -83,7 +85,9 @@ func InitiateBrokerConnectionAndValidate(connectionString string, componentName
 	_, err := asb.NewClientFromConnectionString(connectionString, nil)
 
 	if err == nil {
-		logger.LoggerMsg.Debugf("ASB client initialized for connection url: %s", connectionString)
+		if logger.LoggerMsg.IsLevelEnabled(logrus.DebugLevel) {
+			logger.LoggerMsg.Debugf("ASB client initialized for connection url: %s", maskSharedAccessKey(connectionString))
+		}
 
 		for j := 0; j < reconnectRetryCount || reconnectRetryCount == -1; j++ {
 			err = nil
@@ -169,3 +173,9 @@ func logError(reconnectRetryCount int, reconnectInterval time.Duration, errVal e
 	}
 	logger.LoggerMsg.Errorf("%v. %s .Retrying after %s seconds", errVal, retryAttemptMessage, reconnectInterval)
 }
+
+func maskSharedAccessKey(endpoint string) string {
+	re := regexp.MustCompile(`(SharedAccessKey=)([^;]+)`)
+	maskedEndpoint := re.ReplaceAllString(endpoint, "${1}************")
+	return maskedEndpoint
+}