Browse Source
* modify FileUtils.readFile2Str * #1300 Add right alignment function in sql email content * cancel formatted for alert_mail_template.ftl * #747 sql task password Log desensitization * cancel mail_temple * edit ExcelUtils * modify test method name * #747 sql task password Log desensitization * Constants add DATASOURCE_PASSWORD_REGEXpull/2/head
Yelli
5 years ago
committed by
bao liang
6 changed files with 268 additions and 2 deletions
@ -0,0 +1,39 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.apache.dolphinscheduler.server.utils; |
||||
|
||||
import org.apache.commons.lang.StringUtils; |
||||
import org.apache.dolphinscheduler.common.Constants; |
||||
|
||||
/** |
||||
* sensitive log Util |
||||
*/ |
||||
public class SensitiveLogUtil { |
||||
|
||||
/** |
||||
* @param dataSourcePwd data source password |
||||
* @return String |
||||
*/ |
||||
public static String maskDataSourcePwd(String dataSourcePwd){ |
||||
|
||||
if (StringUtils.isNotEmpty(dataSourcePwd)) { |
||||
dataSourcePwd = Constants.PASSWORD_DEFAULT; |
||||
} |
||||
return dataSourcePwd; |
||||
} |
||||
|
||||
} |
@ -0,0 +1,92 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.apache.dolphinscheduler.server.worker.log; |
||||
|
||||
|
||||
import ch.qos.logback.classic.pattern.MessageConverter; |
||||
import ch.qos.logback.classic.spi.ILoggingEvent; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.apache.commons.lang3.StringUtils; |
||||
import org.apache.dolphinscheduler.common.Constants; |
||||
import org.apache.dolphinscheduler.server.utils.SensitiveLogUtil; |
||||
|
||||
import java.util.regex.Matcher; |
||||
import java.util.regex.Pattern; |
||||
|
||||
/** |
||||
* sensitive data log converter |
||||
*/ |
||||
@Slf4j |
||||
public class SensitiveDataConverter extends MessageConverter { |
||||
|
||||
/** |
||||
* password pattern |
||||
*/ |
||||
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX); |
||||
|
||||
|
||||
@Override |
||||
public String convert(ILoggingEvent event) { |
||||
|
||||
// get original log
|
||||
String requestLogMsg = event.getFormattedMessage(); |
||||
|
||||
// desensitization log
|
||||
return convertMsg(requestLogMsg); |
||||
} |
||||
|
||||
/** |
||||
* deal with sensitive log |
||||
* |
||||
* @param oriLogMsg original log |
||||
*/ |
||||
private String convertMsg(final String oriLogMsg) { |
||||
|
||||
String tempLogMsg = oriLogMsg; |
||||
|
||||
if (StringUtils.isNotEmpty(tempLogMsg)) { |
||||
tempLogMsg = passwordHandler(pwdPattern, tempLogMsg); |
||||
} |
||||
return tempLogMsg; |
||||
} |
||||
|
||||
/** |
||||
* password regex |
||||
* |
||||
* @param logMsg original log |
||||
*/ |
||||
private String passwordHandler(Pattern pwdPattern, String logMsg) { |
||||
|
||||
Matcher matcher = pwdPattern.matcher(logMsg); |
||||
|
||||
StringBuffer sb = new StringBuffer(logMsg.length()); |
||||
|
||||
while (matcher.find()) { |
||||
|
||||
String password = matcher.group(); |
||||
|
||||
String maskPassword = SensitiveLogUtil.maskDataSourcePwd(password); |
||||
|
||||
matcher.appendReplacement(sb, maskPassword); |
||||
} |
||||
matcher.appendTail(sb); |
||||
|
||||
return sb.toString(); |
||||
} |
||||
|
||||
|
||||
} |
@ -0,0 +1,37 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.apache.dolphinscheduler.server.utils; |
||||
|
||||
|
||||
import org.apache.dolphinscheduler.common.Constants; |
||||
import org.junit.Assert; |
||||
import org.junit.Test; |
||||
|
||||
|
||||
public class SensitiveLogUtilTest { |
||||
|
||||
@Test |
||||
public void testMaskDataSourcePwd() { |
||||
|
||||
String password = "123456"; |
||||
String emptyPassword = ""; |
||||
|
||||
Assert.assertEquals(Constants.PASSWORD_DEFAULT, SensitiveLogUtil.maskDataSourcePwd(password)); |
||||
Assert.assertEquals("", SensitiveLogUtil.maskDataSourcePwd(emptyPassword)); |
||||
|
||||
} |
||||
} |
@ -0,0 +1,92 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.apache.dolphinscheduler.server.worker.log; |
||||
|
||||
|
||||
import org.apache.dolphinscheduler.common.Constants; |
||||
import org.apache.dolphinscheduler.server.utils.SensitiveLogUtil; |
||||
import org.junit.Assert; |
||||
import org.junit.Test; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
import java.util.regex.Matcher; |
||||
import java.util.regex.Pattern; |
||||
|
||||
public class SensitiveDataConverterTest { |
||||
|
||||
private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class); |
||||
|
||||
/** |
||||
* password pattern |
||||
*/ |
||||
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX); |
||||
|
||||
|
||||
/** |
||||
* mask sensitive logMsg - sql task datasource password |
||||
*/ |
||||
@Test |
||||
public void testPwdLogMsgConverter() { |
||||
|
||||
String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + |
||||
"\"database\":\"carbond\"," + |
||||
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + |
||||
"\"user\":\"view\"," + |
||||
"\"password\":\"view1\"}"; |
||||
|
||||
String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + |
||||
"\"database\":\"carbond\"," + |
||||
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + |
||||
"\"user\":\"view\"," + |
||||
"\"password\":\"******\"}"; |
||||
|
||||
|
||||
logger.info("parameter : {}", logMsg); |
||||
logger.info("parameter : {}", passwordHandler(pwdPattern, logMsg)); |
||||
|
||||
Assert.assertNotEquals(logMsg, passwordHandler(pwdPattern, logMsg)); |
||||
Assert.assertEquals(maskLogMsg, passwordHandler(pwdPattern, logMsg)); |
||||
|
||||
} |
||||
|
||||
/** |
||||
* password regex test |
||||
* |
||||
* @param logMsg original log |
||||
*/ |
||||
private static String passwordHandler(Pattern pattern, String logMsg) { |
||||
|
||||
Matcher matcher = pattern.matcher(logMsg); |
||||
|
||||
StringBuffer sb = new StringBuffer(logMsg.length()); |
||||
|
||||
while (matcher.find()) { |
||||
|
||||
String password = matcher.group(); |
||||
|
||||
String maskPassword = SensitiveLogUtil.maskDataSourcePwd(password); |
||||
|
||||
matcher.appendReplacement(sb, maskPassword); |
||||
} |
||||
matcher.appendTail(sb); |
||||
|
||||
return sb.toString(); |
||||
} |
||||
|
||||
|
||||
} |
Loading…
Reference in new issue