Aug 12, 2019
Sekret — risk-free toString() of Kotlin data class?
Problem
Kotlin compiler automatically generates equals, hashCode, componentN, copy and toString functions for Data classes. It’s super useful because you as a developer don’t have to spend time writing boilerplate code and testing. But there is one problem (at least for me) — a result of toString() will contain all properties of Data class.
Let me explain why it can be a problem. For example in Android development, if you use MVI pattern, Views tend to have a single render() that accepts a state to render on the screen:
data class ViewState(
val username: String,
val password: String,
val isButtonEnabled: Boolean
)// PS: never keep passwords in String
Great, now you may want to add some logging system to able to understand what your customer’s behavior or what they have seen before a crash or for just debugging purpose:
fun render(viewState: ViewState) {
logger.info("render $viewState")
...
}Logger class can use Log.d() internally and just prints on logcat. Or it can be your own analytics system that sends data to the web or just saves in files. It can even be Google Analytics, Crashlytics.log or any other 3rd party vendor. Your application can be a reason for PII, passwords, credit card info or any other sensitive data leakage. I agree that the logging system should be much smarter than just saving everything and everywhere.
It’s not only about Android, but it can also be an issue everywhere especially on microservices architecture where every component is independent and logs all in / out data. It can happen in Repository with sealed class results + data classes, Actions from View to Presenter, State of StateMachine, etc…
Solution
There are many ways how we can exclude our properties from toString() result. But all of them need manual work. Since developers are lazy I’ve implemented a tool that helps with this. Sekret is Kotlin compiler plugin which changes generated Java bytecode of toString() method during the compilation process. You just need to annotate your property with a special annotation and that’s it!
data class Data(
val username: String,
@Secret val password: String
)print(Data("james.bond", "123456"))// prints out
// Data(username=james.bond, password=■■■)
More info on Github: https://github.com/aafanasev/sekret
Perhaps JetBrains will allow changing toString() body with an out-of-box solution like Transient annotation for serialization.
