Avoid logging message payloads that contain sensitive data (#4537)

Don't log payloads - they may contain sensitive data.
2023-02-10 09:30:55 -05:00 · 2023-02-10 09:30:55 -05:00 · fb0512f78f
parent 03ccf3e3d3
commit fb0512f78f
2 changed files with 7 additions and 1 deletions
--- a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4537-message-to-string-redaction.yaml
+++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4537-message-to-string-redaction.yaml
@ -0,0 +1,5 @@
+---
+type: change
+issue: 4537
+title: "ResourceDeliveryMessage no longer includes the payload in toString().
+   This avoids leaking sensitive data to logs and other channels."
--- a/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/model/ResourceDeliveryMessage.java
+++ b/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/model/ResourceDeliveryMessage.java
@ -128,7 +128,8 @@ public class ResourceDeliveryMessage extends BaseResourceMessage implements IRes
 	public String toString() {
 		return new ToStringBuilder(this)
 			.append("mySubscription", mySubscription)
-			.append("myPayloadString", myPayloadString)
+			// it isn't safe to log payloads
+			.append("myPayloadString", "[Not Logged]")
 			.append("myPayload", myPayloadDecoded)
 			.append("myPayloadId", myPayloadId)
 			.append("myPartitionId", myPartitionId)