Browse Source
* modify FileUtils.readFile2Str * #1300 Add right alignment function in sql email content * cancel formatted for alert_mail_template.ftl * #747 sql task password Log desensitization * cancel mail_temple * edit ExcelUtils * modify test method name * #747 sql task password Log desensitization * Constants add DATASOURCE_PASSWORD_REGEXpull/2/head
Yelli
5 years ago
committed by
bao liang
6 changed files with 268 additions and 2 deletions
@ -0,0 +1,39 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.server.utils; |
||||||
|
|
||||||
|
import org.apache.commons.lang.StringUtils; |
||||||
|
import org.apache.dolphinscheduler.common.Constants; |
||||||
|
|
||||||
|
/** |
||||||
|
* sensitive log Util |
||||||
|
*/ |
||||||
|
public class SensitiveLogUtil { |
||||||
|
|
||||||
|
/** |
||||||
|
* @param dataSourcePwd data source password |
||||||
|
* @return String |
||||||
|
*/ |
||||||
|
public static String maskDataSourcePwd(String dataSourcePwd){ |
||||||
|
|
||||||
|
if (StringUtils.isNotEmpty(dataSourcePwd)) { |
||||||
|
dataSourcePwd = Constants.PASSWORD_DEFAULT; |
||||||
|
} |
||||||
|
return dataSourcePwd; |
||||||
|
} |
||||||
|
|
||||||
|
} |
@ -0,0 +1,92 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.server.worker.log; |
||||||
|
|
||||||
|
|
||||||
|
import ch.qos.logback.classic.pattern.MessageConverter; |
||||||
|
import ch.qos.logback.classic.spi.ILoggingEvent; |
||||||
|
import lombok.extern.slf4j.Slf4j; |
||||||
|
import org.apache.commons.lang3.StringUtils; |
||||||
|
import org.apache.dolphinscheduler.common.Constants; |
||||||
|
import org.apache.dolphinscheduler.server.utils.SensitiveLogUtil; |
||||||
|
|
||||||
|
import java.util.regex.Matcher; |
||||||
|
import java.util.regex.Pattern; |
||||||
|
|
||||||
|
/** |
||||||
|
* sensitive data log converter |
||||||
|
*/ |
||||||
|
@Slf4j |
||||||
|
public class SensitiveDataConverter extends MessageConverter { |
||||||
|
|
||||||
|
/** |
||||||
|
* password pattern |
||||||
|
*/ |
||||||
|
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX); |
||||||
|
|
||||||
|
|
||||||
|
@Override |
||||||
|
public String convert(ILoggingEvent event) { |
||||||
|
|
||||||
|
// get original log
|
||||||
|
String requestLogMsg = event.getFormattedMessage(); |
||||||
|
|
||||||
|
// desensitization log
|
||||||
|
return convertMsg(requestLogMsg); |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
* deal with sensitive log |
||||||
|
* |
||||||
|
* @param oriLogMsg original log |
||||||
|
*/ |
||||||
|
private String convertMsg(final String oriLogMsg) { |
||||||
|
|
||||||
|
String tempLogMsg = oriLogMsg; |
||||||
|
|
||||||
|
if (StringUtils.isNotEmpty(tempLogMsg)) { |
||||||
|
tempLogMsg = passwordHandler(pwdPattern, tempLogMsg); |
||||||
|
} |
||||||
|
return tempLogMsg; |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
* password regex |
||||||
|
* |
||||||
|
* @param logMsg original log |
||||||
|
*/ |
||||||
|
private String passwordHandler(Pattern pwdPattern, String logMsg) { |
||||||
|
|
||||||
|
Matcher matcher = pwdPattern.matcher(logMsg); |
||||||
|
|
||||||
|
StringBuffer sb = new StringBuffer(logMsg.length()); |
||||||
|
|
||||||
|
while (matcher.find()) { |
||||||
|
|
||||||
|
String password = matcher.group(); |
||||||
|
|
||||||
|
String maskPassword = SensitiveLogUtil.maskDataSourcePwd(password); |
||||||
|
|
||||||
|
matcher.appendReplacement(sb, maskPassword); |
||||||
|
} |
||||||
|
matcher.appendTail(sb); |
||||||
|
|
||||||
|
return sb.toString(); |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
} |
@ -0,0 +1,37 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.server.utils; |
||||||
|
|
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.common.Constants; |
||||||
|
import org.junit.Assert; |
||||||
|
import org.junit.Test; |
||||||
|
|
||||||
|
|
||||||
|
public class SensitiveLogUtilTest { |
||||||
|
|
||||||
|
@Test |
||||||
|
public void testMaskDataSourcePwd() { |
||||||
|
|
||||||
|
String password = "123456"; |
||||||
|
String emptyPassword = ""; |
||||||
|
|
||||||
|
Assert.assertEquals(Constants.PASSWORD_DEFAULT, SensitiveLogUtil.maskDataSourcePwd(password)); |
||||||
|
Assert.assertEquals("", SensitiveLogUtil.maskDataSourcePwd(emptyPassword)); |
||||||
|
|
||||||
|
} |
||||||
|
} |
@ -0,0 +1,92 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.server.worker.log; |
||||||
|
|
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.common.Constants; |
||||||
|
import org.apache.dolphinscheduler.server.utils.SensitiveLogUtil; |
||||||
|
import org.junit.Assert; |
||||||
|
import org.junit.Test; |
||||||
|
import org.slf4j.Logger; |
||||||
|
import org.slf4j.LoggerFactory; |
||||||
|
|
||||||
|
import java.util.regex.Matcher; |
||||||
|
import java.util.regex.Pattern; |
||||||
|
|
||||||
|
public class SensitiveDataConverterTest { |
||||||
|
|
||||||
|
private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class); |
||||||
|
|
||||||
|
/** |
||||||
|
* password pattern |
||||||
|
*/ |
||||||
|
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX); |
||||||
|
|
||||||
|
|
||||||
|
/** |
||||||
|
* mask sensitive logMsg - sql task datasource password |
||||||
|
*/ |
||||||
|
@Test |
||||||
|
public void testPwdLogMsgConverter() { |
||||||
|
|
||||||
|
String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + |
||||||
|
"\"database\":\"carbond\"," + |
||||||
|
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + |
||||||
|
"\"user\":\"view\"," + |
||||||
|
"\"password\":\"view1\"}"; |
||||||
|
|
||||||
|
String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + |
||||||
|
"\"database\":\"carbond\"," + |
||||||
|
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + |
||||||
|
"\"user\":\"view\"," + |
||||||
|
"\"password\":\"******\"}"; |
||||||
|
|
||||||
|
|
||||||
|
logger.info("parameter : {}", logMsg); |
||||||
|
logger.info("parameter : {}", passwordHandler(pwdPattern, logMsg)); |
||||||
|
|
||||||
|
Assert.assertNotEquals(logMsg, passwordHandler(pwdPattern, logMsg)); |
||||||
|
Assert.assertEquals(maskLogMsg, passwordHandler(pwdPattern, logMsg)); |
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
* password regex test |
||||||
|
* |
||||||
|
* @param logMsg original log |
||||||
|
*/ |
||||||
|
private static String passwordHandler(Pattern pattern, String logMsg) { |
||||||
|
|
||||||
|
Matcher matcher = pattern.matcher(logMsg); |
||||||
|
|
||||||
|
StringBuffer sb = new StringBuffer(logMsg.length()); |
||||||
|
|
||||||
|
while (matcher.find()) { |
||||||
|
|
||||||
|
String password = matcher.group(); |
||||||
|
|
||||||
|
String maskPassword = SensitiveLogUtil.maskDataSourcePwd(password); |
||||||
|
|
||||||
|
matcher.appendReplacement(sb, maskPassword); |
||||||
|
} |
||||||
|
matcher.appendTail(sb); |
||||||
|
|
||||||
|
return sb.toString(); |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
} |
Loading…
Reference in new issue