dlp

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 25, 2019 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Action_ActionType_name = map[int32]string{
	0: "CUSTOM",
	1: "SSN",
	2: "MASTERCARD",
	3: "VISA",
	4: "AMEX",
	5: "DISCOVER",
	6: "JCB",
	7: "DINERS_CLUB",
	8: "CREDIT_CARD_TRACKERS",
	9: "ALL_CREDIT_CARDS",
}
View Source 
var Action_ActionType_value = map[string]int32{
	"CUSTOM":               0,
	"SSN":                  1,
	"MASTERCARD":           2,
	"VISA":                 3,
	"AMEX":                 4,
	"DISCOVER":             5,
	"JCB":                  6,
	"DINERS_CLUB":          7,
	"CREDIT_CARD_TRACKERS": 8,
	"ALL_CREDIT_CARDS":     9,
}

Functions

This section is empty.

Types

type Action 

type Action struct {
	// The action type to implement.
	ActionType Action_ActionType `` /* 140-byte string literal not displayed */
	// The custom user action to be applied.
	// This field will only be used if the custom action type is specified above.
	CustomAction *CustomAction `protobuf:"bytes,2,opt,name=custom_action,json=customAction,proto3" json:"custom_action,omitempty"`
	// Shadow represents whether the action should be taken, or just recorded.
	Shadow               bool     `protobuf:"varint,3,opt,name=shadow,proto3" json:"shadow,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than `CUSTOM`

``` yaml actionType: VISA ```

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

func (*Action) Descriptor 

func (*Action) Descriptor() ([]byte, []int)

func (*Action) Equal 

func (this *Action) Equal(that interface{}) bool

func (*Action) GetActionType 

func (m *Action) GetActionType() Action_ActionType

func (*Action) GetCustomAction 

func (m *Action) GetCustomAction() *CustomAction

func (*Action) GetShadow 

func (m *Action) GetShadow() bool

func (*Action) ProtoMessage 

func (*Action) ProtoMessage()

func (*Action) Reset 

func (m *Action) Reset()

func (*Action) String 

func (m *Action) String() string

func (*Action) XXX_DiscardUnknown 

func (m *Action) XXX_DiscardUnknown()

func (*Action) XXX_Marshal 

func (m *Action) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Action) XXX_Merge 

func (m *Action) XXX_Merge(src proto.Message)

func (*Action) XXX_Size 

func (m *Action) XXX_Size() int

func (*Action) XXX_Unmarshal 

func (m *Action) XXX_Unmarshal(b []byte) error

type Action_ActionType 

type Action_ActionType int32

The following pre-made action types map to the following regex matchers:

SSN: - '(?!\D)[0-9]{9}(?=\D|$)' - '(?!\D)[0-9]{3}\-[0-9]{2}\-[0-9]{4}(?=\D|$)' - '(?!\D)[0-9]{3}\ [0-9]{2}\ [0-9]{4}(?=\D|$)'

MASTERCARD: - '(?!\D)5[1-5][0-9]{2}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

VISA: - '(?!\D)4[0-9]{3}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

AMEX: - '(?!\D)(34|37)[0-9]{2}(\ |\-|)[0-9]{6}(\ |\-|)[0-9]{5}(?=\D|$)'

DISCOVER: - '(?!\D)6011(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

JCB: - '(?!\D)3[0-9]{3}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)' - '(?!\D)(2131|1800)[0-9]{11}(?=\D|$)'

DINERS_CLUB: - '(?!\D)30[0-5][0-9](\ |\-|)[0-9]{6}(\ |\-|)[0-9]{4}(?=\D|$)' - '(?!\D)(36|38)[0-9]{2}(\ |\-|)[0-9]{6}(\ |\-|)[0-9]{4}(?=\D|$)'

CREDIT_CARD_TRACKERS: - '[1-9][0-9]{2}\-[0-9]{2}\-[0-9]{4}\^\d' - '(?!\D)\%?[Bb]\d{13,19}\^[\-\/\.\w\s]{2,26}\^[0-9][0-9][01][0-9][0-9]{3}' - '(?!\D)\;\d{13,19}\=(\d{3}|)(\d{4}|\=)'

ALL_CREDIT_CARDS: - (All credit card related regexes from above) 

const (
	Action_CUSTOM               Action_ActionType = 0
	Action_SSN                  Action_ActionType = 1
	Action_MASTERCARD           Action_ActionType = 2
	Action_VISA                 Action_ActionType = 3
	Action_AMEX                 Action_ActionType = 4
	Action_DISCOVER             Action_ActionType = 5
	Action_JCB                  Action_ActionType = 6
	Action_DINERS_CLUB          Action_ActionType = 7
	Action_CREDIT_CARD_TRACKERS Action_ActionType = 8
	Action_ALL_CREDIT_CARDS     Action_ActionType = 9
)

func (Action_ActionType) EnumDescriptor 

func (Action_ActionType) EnumDescriptor() ([]byte, []int)

func (Action_ActionType) String 

func (x Action_ActionType) String() string

type Config 

type Config struct {
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions              []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

func (*Config) Descriptor 

func (*Config) Descriptor() ([]byte, []int)

func (*Config) Equal 

func (this *Config) Equal(that interface{}) bool

func (*Config) GetActions 

func (m *Config) GetActions() []*Action

func (*Config) ProtoMessage 

func (*Config) ProtoMessage()

func (*Config) Reset 

func (m *Config) Reset()

func (*Config) String 

func (m *Config) String() string

func (*Config) XXX_DiscardUnknown 

func (m *Config) XXX_DiscardUnknown()

func (*Config) XXX_Marshal 

func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Config) XXX_Merge 

func (m *Config) XXX_Merge(src proto.Message)

func (*Config) XXX_Size 

func (m *Config) XXX_Size() int

func (*Config) XXX_Unmarshal 

func (m *Config) XXX_Unmarshal(b []byte) error

type CustomAction 

type CustomAction struct {
	// The name of the custom action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The list of regex strings which will be applied in order.
	Regex []string `protobuf:"bytes,2,rep,name=regex,proto3" json:"regex,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,3,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent              *_type.Percent `protobuf:"bytes,4,opt,name=percent,proto3" json:"percent,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: `hello world`

And there is a custom action ``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

the result would be: `YYYlo YYYld`

If the mask_char, and percent were left to default, the result would be: `XXXXo XXXXd`

func (*CustomAction) Descriptor 

func (*CustomAction) Descriptor() ([]byte, []int)

func (*CustomAction) Equal 

func (this *CustomAction) Equal(that interface{}) bool

func (*CustomAction) GetMaskChar 

func (m *CustomAction) GetMaskChar() string

func (*CustomAction) GetName 

func (m *CustomAction) GetName() string

func (*CustomAction) GetPercent 

func (m *CustomAction) GetPercent() *_type.Percent

func (*CustomAction) GetRegex 

func (m *CustomAction) GetRegex() []string

func (*CustomAction) ProtoMessage 

func (*CustomAction) ProtoMessage()

func (*CustomAction) Reset 

func (m *CustomAction) Reset()

func (*CustomAction) String 

func (m *CustomAction) String() string

func (*CustomAction) XXX_DiscardUnknown 

func (m *CustomAction) XXX_DiscardUnknown()

func (*CustomAction) XXX_Marshal 

func (m *CustomAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CustomAction) XXX_Merge 

func (m *CustomAction) XXX_Merge(src proto.Message)

func (*CustomAction) XXX_Size 

func (m *CustomAction) XXX_Size() int

func (*CustomAction) XXX_Unmarshal 

func (m *CustomAction) XXX_Unmarshal(b []byte) error

type DlpRule 

type DlpRule struct {
	// Matcher by which to determine if the given transformation should be applied
	// if omitted, will it match all (i.e., default to / prefix matcher)
	Matcher *matchers.Matcher `protobuf:"bytes,1,opt,name=matcher,proto3" json:"matcher,omitempty"`
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions              []*Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

func (*DlpRule) Descriptor 

func (*DlpRule) Descriptor() ([]byte, []int)

func (*DlpRule) Equal 

func (this *DlpRule) Equal(that interface{}) bool

func (*DlpRule) GetActions 

func (m *DlpRule) GetActions() []*Action

func (*DlpRule) GetMatcher 

func (m *DlpRule) GetMatcher() *matchers.Matcher

func (*DlpRule) ProtoMessage 

func (*DlpRule) ProtoMessage()

func (*DlpRule) Reset 

func (m *DlpRule) Reset()

func (*DlpRule) String 

func (m *DlpRule) String() string

func (*DlpRule) XXX_DiscardUnknown 

func (m *DlpRule) XXX_DiscardUnknown()

func (*DlpRule) XXX_Marshal 

func (m *DlpRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DlpRule) XXX_Merge 

func (m *DlpRule) XXX_Merge(src proto.Message)

func (*DlpRule) XXX_Size 

func (m *DlpRule) XXX_Size() int

func (*DlpRule) XXX_Unmarshal 

func (m *DlpRule) XXX_Unmarshal(b []byte) error

type FilterConfig 

type FilterConfig struct {
	// The list of transformation, matcher pairs.
	// The first rule which matches will be applied.
	DlpRules             []*DlpRule `protobuf:"bytes,1,rep,name=dlp_rules,json=dlpRules,proto3" json:"dlp_rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

Listener level config for dlp filter

func (*FilterConfig) Descriptor 

func (*FilterConfig) Descriptor() ([]byte, []int)

func (*FilterConfig) Equal 

func (this *FilterConfig) Equal(that interface{}) bool

func (*FilterConfig) GetDlpRules 

func (m *FilterConfig) GetDlpRules() []*DlpRule

func (*FilterConfig) ProtoMessage 

func (*FilterConfig) ProtoMessage()

func (*FilterConfig) Reset 

func (m *FilterConfig) Reset()

func (*FilterConfig) String 

func (m *FilterConfig) String() string

func (*FilterConfig) XXX_DiscardUnknown 

func (m *FilterConfig) XXX_DiscardUnknown()

func (*FilterConfig) XXX_Marshal 

func (m *FilterConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FilterConfig) XXX_Merge 

func (m *FilterConfig) XXX_Merge(src proto.Message)

func (*FilterConfig) XXX_Size 

func (m *FilterConfig) XXX_Size() int

func (*FilterConfig) XXX_Unmarshal 

func (m *FilterConfig) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.