dlp

package
v0.11.2-merged-prereqs Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2024 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	FilterConfig_EnableFor_name = map[int32]string{
		0: "RESPONSE_BODY",
		1: "ACCESS_LOGS",
		2: "ALL",
	}
	FilterConfig_EnableFor_value = map[string]int32{
		"RESPONSE_BODY": 0,
		"ACCESS_LOGS":   1,
		"ALL":           2,
	}
)

Enum value maps for FilterConfig_EnableFor.

View Source
var (
	Config_EnableFor_name = map[int32]string{
		0: "RESPONSE_BODY",
		1: "ACCESS_LOGS",
		2: "ALL",
	}
	Config_EnableFor_value = map[string]int32{
		"RESPONSE_BODY": 0,
		"ACCESS_LOGS":   1,
		"ALL":           2,
	}
)

Enum value maps for Config_EnableFor.

View Source
var (
	Action_ActionType_name = map[int32]string{
		0:  "CUSTOM",
		1:  "SSN",
		2:  "MASTERCARD",
		3:  "VISA",
		4:  "AMEX",
		5:  "DISCOVER",
		6:  "JCB",
		7:  "DINERS_CLUB",
		8:  "CREDIT_CARD_TRACKERS",
		9:  "ALL_CREDIT_CARDS",
		10: "KEYVALUE",
		11: "ALL_CREDIT_CARDS_COMBINED",
	}
	Action_ActionType_value = map[string]int32{
		"CUSTOM":                    0,
		"SSN":                       1,
		"MASTERCARD":                2,
		"VISA":                      3,
		"AMEX":                      4,
		"DISCOVER":                  5,
		"JCB":                       6,
		"DINERS_CLUB":               7,
		"CREDIT_CARD_TRACKERS":      8,
		"ALL_CREDIT_CARDS":          9,
		"KEYVALUE":                  10,
		"ALL_CREDIT_CARDS_COMBINED": 11,
	}
)

Enum value maps for Action_ActionType.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_dlp_dlp_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Action

type Action struct {

	// The action type to implement.
	ActionType Action_ActionType `` /* 140-byte string literal not displayed */
	// The custom user action to be applied.
	// This field will only be used if the custom action type is specified above.
	CustomAction *CustomAction `protobuf:"bytes,2,opt,name=custom_action,json=customAction,proto3" json:"custom_action,omitempty"`
	// The key/value action to be applied.
	// This field will only be used if the KEYVALUE action type is specified above
	// will only affect access logs and response headers, not response bodies
	KeyValueAction *KeyValueAction `protobuf:"bytes,4,opt,name=key_value_action,json=keyValueAction,proto3" json:"key_value_action,omitempty"`
	// Shadow represents whether the action should be taken, or just recorded.
	Shadow bool `protobuf:"varint,3,opt,name=shadow,proto3" json:"shadow,omitempty"`
	// contains filtered or unexported fields
}

A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than `CUSTOM`

``` yaml actionType: VISA ```

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

func (*Action) Clone added in v1.8.24

func (m *Action) Clone() proto.Message

Clone function

func (*Action) Descriptor deprecated

func (*Action) Descriptor() ([]byte, []int)

Deprecated: Use Action.ProtoReflect.Descriptor instead.

func (*Action) Equal

func (m *Action) Equal(that interface{}) bool

Equal function

func (*Action) GetActionType

func (x *Action) GetActionType() Action_ActionType

func (*Action) GetCustomAction

func (x *Action) GetCustomAction() *CustomAction

func (*Action) GetKeyValueAction added in v1.9.25

func (x *Action) GetKeyValueAction() *KeyValueAction

func (*Action) GetShadow

func (x *Action) GetShadow() bool

func (*Action) Hash added in v1.2.13

func (m *Action) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Action) ProtoMessage

func (*Action) ProtoMessage()

func (*Action) ProtoReflect added in v1.6.0

func (x *Action) ProtoReflect() protoreflect.Message

func (*Action) Reset

func (x *Action) Reset()

func (*Action) String

func (x *Action) String() string

type Action_ActionType

type Action_ActionType int32

The following pre-made action types map to subgroup 1 of the listed regex patterns:

SSN: - '(?:^|\D)([0-9]{9})(?:\D|$)' - '(?:^|\D)([0-9]{3}\-[0-9]{2}\-[0-9]{4})(?:\D|$)' - '(?:^|\D)([0-9]{3}\ [0-9]{2}\ [0-9]{4})(?:\D|$)'

MASTERCARD: - '(?:^|\D)(5[1-5][0-9]{2}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

VISA: - '(?:^|\D)(4[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

AMEX: - '(?:^|\D)((?:34|37)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{5})(?:\D|$)'

DISCOVER: - '(?:^|\D)(6011(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

JCB: - '(?:^|\D)(3[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:2131|1800)[0-9]{11})(?:\D|$)'

DINERS_CLUB: - '(?:^|\D)(30[0-5][0-9](?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:36|38)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)'

CREDIT_CARD_TRACKERS: - '([1-9][0-9]{2}\-[0-9]{2}\-[0-9]{4}\^\d)' - '(?:^|\D)(\%?[Bb]\d{13,19}\^[\-\/\.\w\s]{2,26}\^[0-9][0-9][01][0-9][0-9]{3})' - '(?:^|\D)(\;\d{13,19}\=(?:\d{3}|)(?:\d{4}|\=))'

ALL_CREDIT_CARDS: - (All credit card related regexes from above)

ALL_CREDIT_CARDS_COMBINED: - Same as ALL_CREDIT_CARDS but using a single action instead of multiple which should be marginally faster

const (
	Action_CUSTOM                    Action_ActionType = 0
	Action_SSN                       Action_ActionType = 1
	Action_MASTERCARD                Action_ActionType = 2
	Action_VISA                      Action_ActionType = 3
	Action_AMEX                      Action_ActionType = 4
	Action_DISCOVER                  Action_ActionType = 5
	Action_JCB                       Action_ActionType = 6
	Action_DINERS_CLUB               Action_ActionType = 7
	Action_CREDIT_CARD_TRACKERS      Action_ActionType = 8
	Action_ALL_CREDIT_CARDS          Action_ActionType = 9
	Action_KEYVALUE                  Action_ActionType = 10
	Action_ALL_CREDIT_CARDS_COMBINED Action_ActionType = 11
)

func (Action_ActionType) Descriptor added in v1.6.0

func (Action_ActionType) Enum added in v1.6.0

func (Action_ActionType) EnumDescriptor deprecated

func (Action_ActionType) EnumDescriptor() ([]byte, []int)

Deprecated: Use Action_ActionType.Descriptor instead.

func (Action_ActionType) Number added in v1.6.0

func (Action_ActionType) String

func (x Action_ActionType) String() string

func (Action_ActionType) Type added in v1.6.0

type Config

type Config struct {

	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// Whether responses, access logs, or both should be masked by the applied actions.
	// If not defined, masking will only be enabled for responses bodies.
	EnabledFor Config_EnableFor `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

func (*Config) Clone added in v1.8.24

func (m *Config) Clone() proto.Message

Clone function

func (*Config) Descriptor deprecated

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) Equal

func (m *Config) Equal(that interface{}) bool

Equal function

func (*Config) GetActions

func (x *Config) GetActions() []*Action

func (*Config) GetEnabledFor added in v1.7.7

func (x *Config) GetEnabledFor() Config_EnableFor

func (*Config) Hash added in v1.2.13

func (m *Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Config) ProtoMessage

func (*Config) ProtoMessage()

func (*Config) ProtoReflect added in v1.6.0

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset

func (x *Config) Reset()

func (*Config) String

func (x *Config) String() string

type Config_EnableFor added in v1.7.7

type Config_EnableFor int32
const (
	// Only enable DLP masking of response bodies. Defaults to this value.
	Config_RESPONSE_BODY Config_EnableFor = 0
	// Only enable DLP masking of access logs.
	Config_ACCESS_LOGS Config_EnableFor = 1
	// Enable DLP masking for both responses and access logs.
	Config_ALL Config_EnableFor = 2
)

func (Config_EnableFor) Descriptor added in v1.7.7

func (Config_EnableFor) Enum added in v1.7.7

func (Config_EnableFor) EnumDescriptor deprecated added in v1.7.7

func (Config_EnableFor) EnumDescriptor() ([]byte, []int)

Deprecated: Use Config_EnableFor.Descriptor instead.

func (Config_EnableFor) Number added in v1.7.7

func (Config_EnableFor) String added in v1.7.7

func (x Config_EnableFor) String() string

func (Config_EnableFor) Type added in v1.7.7

type CustomAction

type CustomAction struct {

	// The name of the custom action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The list of regex strings which will be applied in order.
	//
	// Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto.
	Regex []string `protobuf:"bytes,2,rep,name=regex,proto3" json:"regex,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,3,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent *_type.Percent `protobuf:"bytes,4,opt,name=percent,proto3" json:"percent,omitempty"`
	// List of regexes to apply to the response body to match data which should be
	// masked. They will be applied iteratively in the order which they are
	// specified. If this field and `regex` are both provided, all the regexes will
	// be applied iteratively in the order provided, starting with the ones from `regex`
	RegexActions []*transformation_ee.RegexAction `protobuf:"bytes,5,rep,name=regex_actions,json=regexActions,proto3" json:"regex_actions,omitempty"`
	// contains filtered or unexported fields
}

A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: `hello world`

And there is a custom action ``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

the result would be: `YYYlo YYYld`

If the mask_char, and percent were left to default, the result would be: `XXXXo XXXXd`

func (*CustomAction) Clone added in v1.8.24

func (m *CustomAction) Clone() proto.Message

Clone function

func (*CustomAction) Descriptor deprecated

func (*CustomAction) Descriptor() ([]byte, []int)

Deprecated: Use CustomAction.ProtoReflect.Descriptor instead.

func (*CustomAction) Equal

func (m *CustomAction) Equal(that interface{}) bool

Equal function

func (*CustomAction) GetMaskChar

func (x *CustomAction) GetMaskChar() string

func (*CustomAction) GetName

func (x *CustomAction) GetName() string

func (*CustomAction) GetPercent

func (x *CustomAction) GetPercent() *_type.Percent

func (*CustomAction) GetRegex deprecated

func (x *CustomAction) GetRegex() []string

Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto.

func (*CustomAction) GetRegexActions added in v1.8.14

func (x *CustomAction) GetRegexActions() []*transformation_ee.RegexAction

func (*CustomAction) Hash added in v1.2.13

func (m *CustomAction) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*CustomAction) ProtoMessage

func (*CustomAction) ProtoMessage()

func (*CustomAction) ProtoReflect added in v1.6.0

func (x *CustomAction) ProtoReflect() protoreflect.Message

func (*CustomAction) Reset

func (x *CustomAction) Reset()

func (*CustomAction) String

func (x *CustomAction) String() string

type DlpRule

type DlpRule struct {

	// Matcher by which to determine if the given transformation should be applied
	// if omitted, will it match all (i.e., default to / prefix matcher)
	Matcher *matchers.Matcher `protobuf:"bytes,1,opt,name=matcher,proto3" json:"matcher,omitempty"`
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions []*Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
	// contains filtered or unexported fields
}

Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

func (*DlpRule) Clone added in v1.8.24

func (m *DlpRule) Clone() proto.Message

Clone function

func (*DlpRule) Descriptor deprecated

func (*DlpRule) Descriptor() ([]byte, []int)

Deprecated: Use DlpRule.ProtoReflect.Descriptor instead.

func (*DlpRule) Equal

func (m *DlpRule) Equal(that interface{}) bool

Equal function

func (*DlpRule) GetActions

func (x *DlpRule) GetActions() []*Action

func (*DlpRule) GetMatcher

func (x *DlpRule) GetMatcher() *matchers.Matcher

func (*DlpRule) Hash added in v1.2.13

func (m *DlpRule) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*DlpRule) ProtoMessage

func (*DlpRule) ProtoMessage()

func (*DlpRule) ProtoReflect added in v1.6.0

func (x *DlpRule) ProtoReflect() protoreflect.Message

func (*DlpRule) Reset

func (x *DlpRule) Reset()

func (*DlpRule) String

func (x *DlpRule) String() string

type FilterConfig

type FilterConfig struct {

	// The list of transformation, matcher pairs.
	// The first rule which matches will be applied.
	DlpRules []*DlpRule `protobuf:"bytes,1,rep,name=dlp_rules,json=dlpRules,proto3" json:"dlp_rules,omitempty"`
	// Whether responses, access logs, or both should be masked by the applied actions.
	// If not defined, masking will only be enabled for responses bodies.
	EnabledFor FilterConfig_EnableFor `` /* 145-byte string literal not displayed */
	// contains filtered or unexported fields
}

Listener level config for dlp filter

func (*FilterConfig) Clone added in v1.8.24

func (m *FilterConfig) Clone() proto.Message

Clone function

func (*FilterConfig) Descriptor deprecated

func (*FilterConfig) Descriptor() ([]byte, []int)

Deprecated: Use FilterConfig.ProtoReflect.Descriptor instead.

func (*FilterConfig) Equal

func (m *FilterConfig) Equal(that interface{}) bool

Equal function

func (*FilterConfig) GetDlpRules

func (x *FilterConfig) GetDlpRules() []*DlpRule

func (*FilterConfig) GetEnabledFor added in v1.7.7

func (x *FilterConfig) GetEnabledFor() FilterConfig_EnableFor

func (*FilterConfig) Hash added in v1.2.13

func (m *FilterConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*FilterConfig) ProtoMessage

func (*FilterConfig) ProtoMessage()

func (*FilterConfig) ProtoReflect added in v1.6.0

func (x *FilterConfig) ProtoReflect() protoreflect.Message

func (*FilterConfig) Reset

func (x *FilterConfig) Reset()

func (*FilterConfig) String

func (x *FilterConfig) String() string

type FilterConfig_EnableFor added in v1.7.7

type FilterConfig_EnableFor int32
const (
	// Only enable DLP masking of response bodies. Defaults to this value.
	FilterConfig_RESPONSE_BODY FilterConfig_EnableFor = 0
	// Only enable DLP masking of access logs.
	FilterConfig_ACCESS_LOGS FilterConfig_EnableFor = 1
	// Enable DLP masking for both responses and access logs.
	FilterConfig_ALL FilterConfig_EnableFor = 2
)

func (FilterConfig_EnableFor) Descriptor added in v1.7.7

func (FilterConfig_EnableFor) Enum added in v1.7.7

func (FilterConfig_EnableFor) EnumDescriptor deprecated added in v1.7.7

func (FilterConfig_EnableFor) EnumDescriptor() ([]byte, []int)

Deprecated: Use FilterConfig_EnableFor.Descriptor instead.

func (FilterConfig_EnableFor) Number added in v1.7.7

func (FilterConfig_EnableFor) String added in v1.7.7

func (x FilterConfig_EnableFor) String() string

func (FilterConfig_EnableFor) Type added in v1.7.7

type KeyValueAction added in v1.9.25

type KeyValueAction struct {

	// The name of the key/value action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,2,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent *_type.Percent `protobuf:"bytes,3,opt,name=percent,proto3" json:"percent,omitempty"`
	// The key for which corresponding header names/dynamic metadata values should be censored
	// Must be specified
	KeyToMask string `protobuf:"bytes,4,opt,name=key_to_mask,json=keyToMask,proto3" json:"key_to_mask,omitempty"`
	// contains filtered or unexported fields
}

func (*KeyValueAction) Clone added in v1.9.25

func (m *KeyValueAction) Clone() proto.Message

Clone function

func (*KeyValueAction) Descriptor deprecated added in v1.9.25

func (*KeyValueAction) Descriptor() ([]byte, []int)

Deprecated: Use KeyValueAction.ProtoReflect.Descriptor instead.

func (*KeyValueAction) Equal added in v1.9.25

func (m *KeyValueAction) Equal(that interface{}) bool

Equal function

func (*KeyValueAction) GetKeyToMask added in v1.9.25

func (x *KeyValueAction) GetKeyToMask() string

func (*KeyValueAction) GetMaskChar added in v1.9.25

func (x *KeyValueAction) GetMaskChar() string

func (*KeyValueAction) GetName added in v1.9.25

func (x *KeyValueAction) GetName() string

func (*KeyValueAction) GetPercent added in v1.9.25

func (x *KeyValueAction) GetPercent() *_type.Percent

func (*KeyValueAction) Hash added in v1.9.25

func (m *KeyValueAction) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*KeyValueAction) ProtoMessage added in v1.9.25

func (*KeyValueAction) ProtoMessage()

func (*KeyValueAction) ProtoReflect added in v1.9.25

func (x *KeyValueAction) ProtoReflect() protoreflect.Message

func (*KeyValueAction) Reset added in v1.9.25

func (x *KeyValueAction) Reset()

func (*KeyValueAction) String added in v1.9.25

func (x *KeyValueAction) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL