From f4b74c837e8d02b7a5723fbf91c5c88ae06a744f Mon Sep 17 00:00:00 2001
From: Tuan Nghia Nguyen <nghia.nguyen@anscenter.com>
Date: Sun, 26 Apr 2026 07:53:37 +1000
Subject: [PATCH] protect sensitive information from logs

---
 core/ANSLicensingSystem/ANSLicense.cpp | 42 ++++++++++++--------------
 1 file changed, 19 insertions(+), 23 deletions(-)

diff --git a/core/ANSLicensingSystem/ANSLicense.cpp b/core/ANSLicensingSystem/ANSLicense.cpp
index 4698b7e..42e4224 100644
--- a/core/ANSLicensingSystem/ANSLicense.cpp
+++ b/core/ANSLicensingSystem/ANSLicense.cpp
@@ -70,6 +70,16 @@ namespace {
         return out;
     }
 
+    // Redacts sensitive strings (license keys, activation keys, hardware IDs)
+    // for logging while preserving enough surface for support-call correlation.
+    // Keeps the first 4 and last 4 chars; replaces the middle with '*'.
+    // Strings <= 8 chars are fully masked. Empty strings pass through.
+    inline std::string mask_secret(const std::string& s) {
+        if (s.empty()) return s;
+        if (s.size() <= 8) return std::string(s.size(), '*');
+        return s.substr(0, 4) + std::string(s.size() - 8, '*') + s.substr(s.size() - 4);
+    }
+
     // Append both `\` and `/` slash flavours of `raw` to `dst`, lower-cased
     // and with a trailing separator forced. Empty / pathologically short
     // entries are skipped.
@@ -1015,7 +1025,7 @@ namespace ANSCENTER
 			ANSCENTER::ANSLSHelper ansHelper(privateKey, licensingServiceURL);
 			ansHelper.SetupLicenseTemplate();
 			std::string hwid = ansHelper.GetCurrentHardwareId();
-			std::cout << "Current HWID: " << hwid << std::endl;
+			std::cout << "Current HWID: " << mask_secret(hwid) << std::endl;
 			boost::property_tree::ptree root;
 			size_t lSize = licenseKeyFiles.size();
 			boost::property_tree::ptree children;
@@ -1216,8 +1226,6 @@ namespace ANSCENTER
 		try {
 			this->_privateKey = _T("AQlSAiRTNtS7X20=");
 			this->_licenseServiceURL = _T("https://licensingservice.anscenter.com/");
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. License URL:", WString2String(this->_licenseServiceURL), __FILE__, __LINE__);
 			this->_sdkLicenseKey = _T("MYNSU-GBQ2Q-SF5U5-S3RVF-5ZKFD");
 			SDKRegistration::SetLicenseKey(_sdkLicenseKey.c_str());
 			this->SetupLicenseTemplate();
@@ -1233,8 +1241,6 @@ namespace ANSCENTER
 		try {
 			this->_privateKey = _T("AQlSAiRTNtS7X20=");
 			this->_licenseServiceURL = String2WString(licenseServiceURL);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. License URL:", WString2String(this->_licenseServiceURL), __FILE__, __LINE__);
 			this->_sdkLicenseKey = _T("MYNSU-GBQ2Q-SF5U5-S3RVF-5ZKFD");
 			SDKRegistration::SetLicenseKey(_sdkLicenseKey.c_str());
 			this->SetupLicenseTemplate();
@@ -1258,8 +1264,6 @@ namespace ANSCENTER
 				this->_licenseServiceURL = _T("https://licensingservice.anscenter.com/");
 			}
 			this->_licenseServiceURL = String2WString(licenseServiceURL);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. License URL:", WString2String(this->_licenseServiceURL), __FILE__, __LINE__);
 			this->_sdkLicenseKey = _T("MYNSU-GBQ2Q-SF5U5-S3RVF-5ZKFD");
 			SDKRegistration::SetLicenseKey(_sdkLicenseKey.c_str());
 			this->SetupLicenseTemplate();
@@ -1289,8 +1293,6 @@ namespace ANSCENTER
 				this->_licenseServiceURL = _T("https://licensingservice.anscenter.com/");
 			}
 			this->_licenseServiceURL = String2WString(licenseServiceURL);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-			//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. License URL:", WString2String(this->_licenseServiceURL), __FILE__, __LINE__);
 			this->_sdkLicenseKey = _T("MYNSU-GBQ2Q-SF5U5-S3RVF-5ZKFD");
 			SDKRegistration::SetLicenseKey(_sdkLicenseKey.c_str());
 			this->SetupLicenseTemplate();
@@ -1348,7 +1350,6 @@ namespace ANSCENTER
 				FILE* licenseFile;
 				const char* jsonLicense = this->_license->SaveJson();
 				std::string result(jsonLicense);
-				//this->_logger.LogDebug("ANSLSHelper::ANSLSHelper. License Key Path:", WString2String(this->_licenseFilePath), __FILE__, __LINE__);
 				if (!result.empty()) {
 					if ((licenseFile = _tfopen(WString2String(_licenseFilePath).c_str(), "wt")) != NULL) {
 						fputs(jsonLicense, licenseFile);
@@ -1375,7 +1376,6 @@ namespace ANSCENTER
 		try
 		{
 			std::string jsonContent = ReadFileContent(WString2String(_licenseFilePath));
-			//this->_logger.LogDebug("ANSLSHelper::LoadLicenseContent. License file:", WString2String(this->_licenseFilePath), __FILE__, __LINE__);
 			if (!jsonContent.empty()) {
 				this->_license->LoadJson(jsonContent.c_str());
 				return jsonContent;
@@ -1444,9 +1444,7 @@ namespace ANSCENTER
 					const wchar_t* cpKey = this->_licenseTemplate->GetPrivateKey();
 					std::wstring wpKey(cpKey);
 					if (!wpKey.empty()) this->_privateKey = wpKey;
-				/*	this->_logger.LogDebug("ANSLSHelper::LoadLicenseTemplate. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-					this->_logger.LogDebug("ANSLSHelper::LoadLicenseTemplate. Public Key:", WString2String(this->_licenseTemplate->GetPublicKeyCertificate()), __FILE__, __LINE__);
-			*/		return true;
+					return true;
 				}
 				else { // Otherwise it will be xml
 					this->_licenseTemplate->LoadXml(result.c_str());
@@ -1454,8 +1452,6 @@ namespace ANSCENTER
 					const wchar_t* cpKey = this->_licenseTemplate->GetPrivateKey();
 					std::wstring wpKey(cpKey);
 					if (!wpKey.empty()) this->_privateKey = wpKey;
-				/*	this->_logger.LogDebug("ANSLSHelper::LoadLicenseTemplate. Private Key:", WString2String(this->_privateKey), __FILE__, __LINE__);
-					this->_logger.LogDebug("ANSLSHelper::LoadLicenseTemplate. Public Key:", WString2String(this->_licenseTemplate->GetPublicKeyCertificate()), __FILE__, __LINE__);*/
 					return true;
 				}
 			}
@@ -2012,7 +2008,7 @@ namespace ANSCENTER
 			licensingClient.SetLicenseKey(_licenseKey.c_str());
 			licensingClient.SetHardwareId(hardwareId.c_str());
 			licensingClient.SetActivationKey(_activationKey.c_str());
-			this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey. Hardware Id", _hardwareId, __FILE__, __LINE__);
+			this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey. Hardware Id", mask_secret(_hardwareId), __FILE__, __LINE__);
 
 			bool validLicense = licensingClient.IsLicenseValid();
 			if (!validLicense)
@@ -2119,8 +2115,8 @@ namespace ANSCENTER
 						std::wstring wHardwareId(hardwareId);
 						std::string sHardwareId = WString2String(wHardwareId);
 
-						std::string loggerActivationMessage = str(boost::format("Activation Successful. The returned activation key: %1%") % sActivationKey);
-						std::string loggerHWIDMessage = str(boost::format("Computer's hardware id: %1%") % sHardwareId);
+						std::string loggerActivationMessage = str(boost::format("Activation Successful. The returned activation key: %1%") % mask_secret(sActivationKey));
+						std::string loggerHWIDMessage = str(boost::format("Computer's hardware id: %1%") % mask_secret(sHardwareId));
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey", "Product is activated", __FILE__, __LINE__);
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey", loggerActivationMessage, __FILE__, __LINE__);
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey", loggerHWIDMessage, __FILE__, __LINE__);
@@ -2226,7 +2222,7 @@ namespace ANSCENTER
 			licensingClient.SetLicenseKey(_licenseKey.c_str());
 			licensingClient.SetHardwareId(hardwareId.c_str());
 			licensingClient.SetActivationKey(_activationKey.c_str());
-			this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey. Hardware Id", _hardwareId, __FILE__, __LINE__);
+			this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey. Hardware Id", mask_secret(_hardwareId), __FILE__, __LINE__);
 
 			bool validLicense = licensingClient.IsLicenseValid();
 			if (!validLicense)
@@ -2333,8 +2329,8 @@ namespace ANSCENTER
 						std::wstring wHardwareId(hardwareId);
 						std::string sHardwareId = WString2String(wHardwareId);
 
-						std::string loggerActivationMessage = str(boost::format("Activation Successful. The returned activation key: %1%") % sActivationKey);
-						std::string loggerHWIDMessage = str(boost::format("Computer's hardware id: %1%") % sHardwareId);
+						std::string loggerActivationMessage = str(boost::format("Activation Successful. The returned activation key: %1%") % mask_secret(sActivationKey));
+						std::string loggerHWIDMessage = str(boost::format("Computer's hardware id: %1%") % mask_secret(sHardwareId));
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey", "Product is activated", __FILE__, __LINE__);
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey.", loggerActivationMessage, __FILE__, __LINE__);
 						this->_logger.LogDebug("ANSLSHelper::ValidateLicenseKey.", loggerHWIDMessage, __FILE__, __LINE__);
@@ -2537,7 +2533,7 @@ namespace ANSCENTER
 					std::wstring wactKey(actKey);
 					activationKey = WString2String(wactKey);
 					//delete newLicense;
-					this->_logger.LogDebug("ANSLSHelper::ActivateLicenseWithCustomHWID. New license has been received from the licensing server", activationKey, __FILE__, __LINE__);
+					this->_logger.LogDebug("ANSLSHelper::ActivateLicenseWithCustomHWID. New license has been received from the licensing server", mask_secret(activationKey), __FILE__, __LINE__);
 					//SaveLicense();
 				}
 				else {// Existing _license