Releases: cockroachdb/redact
Feature Enhancements and Performance Improvements
Note: Behavior Change in Redact()
There is a subtle behavior change in how the Redact method operates in this version.
Previously, Redact() worked with a regexp based search-and-replace methodology which would, in the case of nested markers, redact the inner markers only: ‹a‹b›c› would be redacted to ‹a‹×›c›. Mis-matched markers would also leak information.
The changes in v1.1.8 modify behavior to be more greedy when encountering a redaction start marker. You can expect information after a start marker to be consistently redacted until we see an end marker.
Please note that the library already takes steps to prevent mismatched markers from being output. It already escapes redaction markers within provided strings automatically so nested or mismatched markers can only occur if the library is manipulating RedactableString instances it did not create.
Some examples below highlight what's different:
| Input | Match | Result | Stray markers | Exposed content | |
|---|---|---|---|---|---|
| Regex (Old) | ‹a‹b›c› |
‹b› (inner pair only) |
‹a‹×›c› |
‹ left, › right |
"a", "c" |
| Iteration (New) | ‹a‹b›c› |
‹a‹b› (first ‹ to first ›) |
‹×›c› |
› right |
"c" |
| Input | Match | Result | Stray markers | Exposed content | |
|---|---|---|---|---|---|
| Regex (Old) | ‹SECRET‹inner› |
‹inner› (inner pair only) |
‹SECRET‹×› |
‹ |
"SECRET" |
| Iteration (New) | ‹SECRET‹inner› |
‹SECRET‹inner› (first ‹ to first ›) |
‹×› |
none | none |
| Input | Match | Result | Stray markers | Exposed content | |
|---|---|---|---|---|---|
| Regex (Old) | ‹inner›SECRET› |
‹inner› (inner pair only) |
‹×›SECRET› |
› |
"SECRET" |
| Iteration (New) | ‹inner›SECRET› |
‹inner› (first ‹ to first ›) |
‹×›SECRET› (same as before) |
› |
"SECRET" |
What's Changed
v1.1.8 — Performance: replace regexp with manual scanning
- Replace regexp-based implementation in Redact() with manual byte scanning (#36)
- Replace regexp-based implementation in StripMarkers() and EscapeMarkers() with manual byte scanning (#37)
- Add comprehensive tests and benchmarks for StripMarkers and EscapeMarkers
v1.1.7 — Hash-based redaction and OTel processor
- Introduce hash-based redaction: redacted values are replaced with a SHA-256 hash, enabling correlation of redacted values across log entries without revealing the original content (#33)
- Add OpenTelemetry collector processor for redacting log data in OTel pipelines (#31)
v1.1.6 — SafeByte/SafeBytes support
- Add SafeByte and SafeBytes interfaces, allowing types to indicate they produce safe (non-sensitive) byte output (#30)
Full Changelog: v1.1.5...v1.1.8
Incremental improvements
This release bundles all the changes since v1.1.0 - including API fixes, better handling of some corner cases, a few bug fixes.
Better go fmt compatibility, fewer edge cases, faster code
This "major" release provides a revamped implementation which generally increases the compatibility of the redact code with Go's native fmt package.
In particular, it makes it possible to recursively format structs and arrays and expose safe details from them, without including the whole struct or array within redaction markers, with a few caveats. See this commit for details.
Additionally, it introduces new safe types SafeInt, SafeUint and SafeFloat to emit safe numbers in SafePrinter / SafeWriter.