Filter Sensitive Data
If your application contains sensitive data that should not be displayed in the Controller, you can apply the following data filters to the require statement of the Node.js Agent.
Add a Sensitive Data Filter
When you enable a sensitive data filter, the Controller displays asterisks for the values of matching environment variables or system properties.
dataFilters: [{
"appliesTo": "http-headers",
"matchPattern": "host"
}],Environment Variable Filter
By default, the Node.js Agent enables a sensitive data filter with an environment variables/system properties that contain the case-insensitive substring password|key.
dataFilters: [{
"appliesTo": "env-vars",
"matchPattern": "password|key"
}],Sensitive URL Filter
You can use sensitive URL filters to configure the agent to obfuscate sensitive information from the URLs in the Transaction Snapshot details.
urlFilters: [{
"delimiter": "/",
"segment": "1",
"matchPattern": "a",
"paramPattern": "bar"
}],The sensitive URL filter checks for the matchPattern in one segment. To check for additional segments, you can add an additional JSON array.
The filter processes requests in the following format: /aa/bb/cc → ***/bb/cc.
matchpattern/parampattern is a standard regex.
| Property Name | Description |
|---|---|
urlFilters |
An array that you can add more objects to if you want more rules on the segment. |
delimiter |
Specifies the desired character as the URL segment endpoints. The agent splices the URL at each delimiter instance to create the segments. |
segment |
Needs to be at least one number and in ascending order (such as 3,5 or 2,6). Wildcards (*) are not possible. |
URL Segment Filter
With the matchpattern regex, the Node.js Agent decides whether or not to filter a specified segment.
If you have multiple rules, list the more specific rule before the more general rule. The rules listed in the array are evaluated based on order.
Rule A:
{
'delimiter': '/',
'matchPattern': '[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}\/.{50,}',
'segment': '3,5'
}Rule B:
{
'delimiter': '/',
'matchPattern': '[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}',
'segment': '3'
}In this example, the first rule, Rule A, should be listed before Rule B because rule A masks the third and fifth segment.
If Rule B were to be listed and evaluated before Rule A, the third segment will be masked and the fifth segment will not masked, potentially revealing sensitive information.
URL Parameter Filter
With the paramPattern regex, the Node.js Agent decides whether or not to filter a specified query parameter.
If you need to mask all URL parameters, you can add further instruction to the array.
{ "delimiter": "/", "matchPattern": "", "segment": "99", "paramPattern": ".+"}The Node.js Agent will filter out all URL parameters.
Sensitive Message Filter
You can use sensitive message filters to configure the agent to obfuscate sensitive information contained within text messages collected by the agent from log messages or detail messages from exceptions.
messageFilters: [{
"messageType":
"throwable",
"matchPattern":
"Error.*MySQL.",
"redactionRegex": "SQL"
}]