Protecting Sensitive Data with Gwen

A common secure coding practice is to never log passwords. Automated test cases often use passwords to log into applications under test in various environments. In such cases care should be taken to protect and hide passwords from logs, reports, error messages and console outputs.

Gwen masked settings

Gwen masked settings address this concern by making your sensitive data appear as ●●●●● in all outputs and reports.

To mask the value of a setting named user.password for example:

  • Define it as user.password\:masked=secret in your Gwen settings/properties file
  • Or as user.password:masked=secret through the JVM -D option

Then just reference the setting where you need as user.password .

Example

When I enter "${user.password}" in the password field

When evaluated, the above will be logged as follows:

When I enter "●●●●●" in the password field

Note that Gwen will enter the raw unmasked value into input fields and will mask the value in all logged output only. It is your responsibility to only enter sensitive data into fields that themselves mask the raw value so that they are not displayed as clear text on web pages or in captured screenshots.

You can also change the default masking character '●' by assigning the gwen.mask.char setting to a different character if desired.

Published by

Branko Juric

Imperative by day and functional by night. Co author of the Gwen automation platform.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s