Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ScrubContainer ¶
func ScrubContainer(c *v1.Container, scrubber *DataScrubber)
ScrubContainer scrubs sensitive information in the command line & env vars
Types ¶
type DataScrubber ¶
type DataScrubber struct { Enabled bool // RegexSensitivePatterns are custom regex patterns which are currently not exposed externally RegexSensitivePatterns []*regexp.Regexp // LiteralSensitivePatterns are custom words which use to match against LiteralSensitivePatterns []string // contains filtered or unexported fields }
DataScrubber allows the agent to block cmdline arguments that match a list of predefined and custom words
func NewDefaultDataScrubber ¶
func NewDefaultDataScrubber() *DataScrubber
NewDefaultDataScrubber creates a DataScrubber with the default behavior: enabled and matching the default sensitive words
func (*DataScrubber) AddCustomSensitiveRegex ¶
func (ds *DataScrubber) AddCustomSensitiveRegex(words []string)
AddCustomSensitiveRegex adds custom sensitive regex on the DataScrubber object
func (*DataScrubber) AddCustomSensitiveWords ¶
func (ds *DataScrubber) AddCustomSensitiveWords(words []string)
AddCustomSensitiveWords adds custom sensitive words on the DataScrubber object
func (*DataScrubber) ContainsSensitiveWord ¶
func (ds *DataScrubber) ContainsSensitiveWord(word string) bool
ContainsSensitiveWord returns true if the given string contains a sensitive word
func (*DataScrubber) ScrubSimpleCommand ¶
func (ds *DataScrubber) ScrubSimpleCommand(cmdline []string) ([]string, bool)
ScrubSimpleCommand hides the argument value for any key which matches a "sensitive word" pattern. It returns the updated cmdline, as well as a boolean representing whether it was scrubbed.