From 1826c680d5c7ab76712cd1c7b3cde9b0948b4231 Mon Sep 17 00:00:00 2001
From: Sam Snyder <sam@moderne.io>
Date: Thu, 27 Jun 2024 15:32:40 -0700
Subject: [PATCH] Add recipe which masks the back half of string literals which
 look like credit card numbers with "X"

---
 .../staticanalysis/MaskCreditCardNumbers.java | 69 +++++++++++++++++++
 .../MaskCreditCardNumbersTest.java            | 65 +++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 src/main/java/org/openrewrite/staticanalysis/MaskCreditCardNumbers.java
 create mode 100644 src/test/java/org/openrewrite/staticanalysis/MaskCreditCardNumbersTest.java

diff --git a/src/main/java/org/openrewrite/staticanalysis/MaskCreditCardNumbers.java b/src/main/java/org/openrewrite/staticanalysis/MaskCreditCardNumbers.java
new file mode 100644
index 000000000..8e5c45d66
--- /dev/null
+++ b/src/main/java/org/openrewrite/staticanalysis/MaskCreditCardNumbers.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2024 the original author or authors.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.staticanalysis;
+
+import lombok.EqualsAndHashCode;
+import lombok.Value;
+import org.openrewrite.ExecutionContext;
+import org.openrewrite.Recipe;
+import org.openrewrite.TreeVisitor;
+import org.openrewrite.java.JavaIsoVisitor;
+import org.openrewrite.java.tree.J;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@Value
+@EqualsAndHashCode(callSuper = false)
+public class MaskCreditCardNumbers extends Recipe {
+
+    @Override
+    public String getDisplayName() {
+        return "Mask credit card numbers";
+    }
+
+    @Override
+    public String getDescription() {
+        return "When encountering string literals which appear to be credit card numbers, " +
+               "mask the last eight digits with the letter 'X'.";
+    }
+
+    private static final Pattern CC_PATTERN = Pattern.compile("([0-9]{4} ?[0-9]{4} ?)([0-9]{4} ?[0-9]{4} ?)");
+
+    @Override
+    public TreeVisitor<?, ExecutionContext> getVisitor() {
+        return new JavaIsoVisitor<ExecutionContext>() {
+            @Override
+            public J.Literal visitLiteral(J.Literal literal, ExecutionContext executionContext) {
+                J.Literal l = super.visitLiteral(literal, executionContext);
+                if(l.getValue() instanceof String) {
+                    String value = (String) l.getValue();
+                    Matcher m = CC_PATTERN.matcher(value);
+                    if(m.matches()) {
+                        String masked = m.group(1) +maskDigits(m.group(2));
+                        l = l.withValue(masked)
+                                .withValueSource("\"" + masked + "\"");
+                    }
+                }
+                return l;
+            }
+        };
+    }
+
+    private static String maskDigits(String digits) {
+        return digits.replaceAll("[0-9]", "X");
+    }
+}
diff --git a/src/test/java/org/openrewrite/staticanalysis/MaskCreditCardNumbersTest.java b/src/test/java/org/openrewrite/staticanalysis/MaskCreditCardNumbersTest.java
new file mode 100644
index 000000000..b188f7242
--- /dev/null
+++ b/src/test/java/org/openrewrite/staticanalysis/MaskCreditCardNumbersTest.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2024 the original author or authors.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.staticanalysis;
+
+import org.junit.jupiter.api.Test;
+import org.openrewrite.test.RecipeSpec;
+import org.openrewrite.test.RewriteTest;
+
+import static org.openrewrite.java.Assertions.java;
+
+
+class MaskCreditCardNumbersTest implements RewriteTest {
+
+    @Override
+    public void defaults(RecipeSpec spec) {
+        spec.recipe(new MaskCreditCardNumbers());
+    }
+
+    @Test
+    void noSpaces() {
+        rewriteRun(
+          //language=java
+          java("""
+          class A {
+              String cc = "1234567890123456";
+          }
+          """,
+            """
+            class A {
+                String cc = "12345678XXXXXXXX";
+            }
+            """)
+        );
+    }
+
+    @Test
+    void withSpaces() {
+        rewriteRun(
+          //language=java
+          java("""
+          class A {
+              String cc = "1234 5678 9012 3456";
+          }
+          """,
+          """
+          class A {
+              String cc = "1234 5678 XXXX XXXX";
+          }
+          """)
+        );
+    }
+}