dlp

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2020 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Action_ActionType_name = map[int32]string{
	0: "CUSTOM",
	1: "SSN",
	2: "MASTERCARD",
	3: "VISA",
	4: "AMEX",
	5: "DISCOVER",
	6: "JCB",
	7: "DINERS_CLUB",
	8: "CREDIT_CARD_TRACKERS",
	9: "ALL_CREDIT_CARDS",
}
View Source
var Action_ActionType_value = map[string]int32{
	"CUSTOM":               0,
	"SSN":                  1,
	"MASTERCARD":           2,
	"VISA":                 3,
	"AMEX":                 4,
	"DISCOVER":             5,
	"JCB":                  6,
	"DINERS_CLUB":          7,
	"CREDIT_CARD_TRACKERS": 8,
	"ALL_CREDIT_CARDS":     9,
}

Functions

This section is empty.

Types

type Action

type Action struct {
	// The action type to implement.
	ActionType Action_ActionType `` /* 140-byte string literal not displayed */
	// The custom user action to be applied.
	// This field will only be used if the custom action type is specified above.
	CustomAction *CustomAction `protobuf:"bytes,2,opt,name=custom_action,json=customAction,proto3" json:"custom_action,omitempty"`
	// Shadow represents whether the action should be taken, or just recorded.
	Shadow               bool     `protobuf:"varint,3,opt,name=shadow,proto3" json:"shadow,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than `CUSTOM`

``` yaml actionType: VISA ```

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

func (*Action) Descriptor

func (*Action) Descriptor() ([]byte, []int)

func (*Action) Equal

func (this *Action) Equal(that interface{}) bool

func (*Action) GetActionType

func (m *Action) GetActionType() Action_ActionType

func (*Action) GetCustomAction

func (m *Action) GetCustomAction() *CustomAction

func (*Action) GetShadow

func (m *Action) GetShadow() bool

func (*Action) Hash added in v1.2.13

func (m *Action) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Action) ProtoMessage

func (*Action) ProtoMessage()

func (*Action) Reset

func (m *Action) Reset()

func (*Action) String

func (m *Action) String() string

func (*Action) XXX_DiscardUnknown

func (m *Action) XXX_DiscardUnknown()

func (*Action) XXX_Marshal

func (m *Action) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Action) XXX_Merge

func (m *Action) XXX_Merge(src proto.Message)

func (*Action) XXX_Size

func (m *Action) XXX_Size() int

func (*Action) XXX_Unmarshal

func (m *Action) XXX_Unmarshal(b []byte) error

type Action_ActionType

type Action_ActionType int32

The following pre-made action types map to the following regex matchers:

SSN: - '(?!\D)[0-9]{9}(?=\D|$)' - '(?!\D)[0-9]{3}\-[0-9]{2}\-[0-9]{4}(?=\D|$)' - '(?!\D)[0-9]{3}\ [0-9]{2}\ [0-9]{4}(?=\D|$)'

MASTERCARD: - '(?!\D)5[1-5][0-9]{2}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

VISA: - '(?!\D)4[0-9]{3}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

AMEX: - '(?!\D)(34|37)[0-9]{2}(\ |\-|)[0-9]{6}(\ |\-|)[0-9]{5}(?=\D|$)'

DISCOVER: - '(?!\D)6011(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)'

JCB: - '(?!\D)3[0-9]{3}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(\ |\-|)[0-9]{4}(?=\D|$)' - '(?!\D)(2131|1800)[0-9]{11}(?=\D|$)'

DINERS_CLUB: - '(?!\D)30[0-5][0-9](\ |\-|)[0-9]{6}(\ |\-|)[0-9]{4}(?=\D|$)' - '(?!\D)(36|38)[0-9]{2}(\ |\-|)[0-9]{6}(\ |\-|)[0-9]{4}(?=\D|$)'

CREDIT_CARD_TRACKERS: - '[1-9][0-9]{2}\-[0-9]{2}\-[0-9]{4}\^\d' - '(?!\D)\%?[Bb]\d{13,19}\^[\-\/\.\w\s]{2,26}\^[0-9][0-9][01][0-9][0-9]{3}' - '(?!\D)\;\d{13,19}\=(\d{3}|)(\d{4}|\=)'

ALL_CREDIT_CARDS: - (All credit card related regexes from above)

const (
	Action_CUSTOM               Action_ActionType = 0
	Action_SSN                  Action_ActionType = 1
	Action_MASTERCARD           Action_ActionType = 2
	Action_VISA                 Action_ActionType = 3
	Action_AMEX                 Action_ActionType = 4
	Action_DISCOVER             Action_ActionType = 5
	Action_JCB                  Action_ActionType = 6
	Action_DINERS_CLUB          Action_ActionType = 7
	Action_CREDIT_CARD_TRACKERS Action_ActionType = 8
	Action_ALL_CREDIT_CARDS     Action_ActionType = 9
)

func (Action_ActionType) EnumDescriptor

func (Action_ActionType) EnumDescriptor() ([]byte, []int)

func (Action_ActionType) String

func (x Action_ActionType) String() string

type Config

type Config struct {
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions              []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

func (*Config) Descriptor

func (*Config) Descriptor() ([]byte, []int)

func (*Config) Equal

func (this *Config) Equal(that interface{}) bool

func (*Config) GetActions

func (m *Config) GetActions() []*Action

func (*Config) Hash added in v1.2.13

func (m *Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Config) ProtoMessage

func (*Config) ProtoMessage()

func (*Config) Reset

func (m *Config) Reset()

func (*Config) String

func (m *Config) String() string

func (*Config) XXX_DiscardUnknown

func (m *Config) XXX_DiscardUnknown()

func (*Config) XXX_Marshal

func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Config) XXX_Merge

func (m *Config) XXX_Merge(src proto.Message)

func (*Config) XXX_Size

func (m *Config) XXX_Size() int

func (*Config) XXX_Unmarshal

func (m *Config) XXX_Unmarshal(b []byte) error

type CustomAction

type CustomAction struct {
	// The name of the custom action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The list of regex strings which will be applied in order.
	Regex []string `protobuf:"bytes,2,rep,name=regex,proto3" json:"regex,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,3,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent              *_type.Percent `protobuf:"bytes,4,opt,name=percent,proto3" json:"percent,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: `hello world`

And there is a custom action ``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

the result would be: `YYYlo YYYld`

If the mask_char, and percent were left to default, the result would be: `XXXXo XXXXd`

func (*CustomAction) Descriptor

func (*CustomAction) Descriptor() ([]byte, []int)

func (*CustomAction) Equal

func (this *CustomAction) Equal(that interface{}) bool

func (*CustomAction) GetMaskChar

func (m *CustomAction) GetMaskChar() string

func (*CustomAction) GetName

func (m *CustomAction) GetName() string

func (*CustomAction) GetPercent

func (m *CustomAction) GetPercent() *_type.Percent

func (*CustomAction) GetRegex

func (m *CustomAction) GetRegex() []string

func (*CustomAction) Hash added in v1.2.13

func (m *CustomAction) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*CustomAction) ProtoMessage

func (*CustomAction) ProtoMessage()

func (*CustomAction) Reset

func (m *CustomAction) Reset()

func (*CustomAction) String

func (m *CustomAction) String() string

func (*CustomAction) XXX_DiscardUnknown

func (m *CustomAction) XXX_DiscardUnknown()

func (*CustomAction) XXX_Marshal

func (m *CustomAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CustomAction) XXX_Merge

func (m *CustomAction) XXX_Merge(src proto.Message)

func (*CustomAction) XXX_Size

func (m *CustomAction) XXX_Size() int

func (*CustomAction) XXX_Unmarshal

func (m *CustomAction) XXX_Unmarshal(b []byte) error

type DlpRule

type DlpRule struct {
	// Matcher by which to determine if the given transformation should be applied
	// if omitted, will it match all (i.e., default to / prefix matcher)
	Matcher *matchers.Matcher `protobuf:"bytes,1,opt,name=matcher,proto3" json:"matcher,omitempty"`
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions              []*Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

func (*DlpRule) Descriptor

func (*DlpRule) Descriptor() ([]byte, []int)

func (*DlpRule) Equal

func (this *DlpRule) Equal(that interface{}) bool

func (*DlpRule) GetActions

func (m *DlpRule) GetActions() []*Action

func (*DlpRule) GetMatcher

func (m *DlpRule) GetMatcher() *matchers.Matcher

func (*DlpRule) Hash added in v1.2.13

func (m *DlpRule) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*DlpRule) ProtoMessage

func (*DlpRule) ProtoMessage()

func (*DlpRule) Reset

func (m *DlpRule) Reset()

func (*DlpRule) String

func (m *DlpRule) String() string

func (*DlpRule) XXX_DiscardUnknown

func (m *DlpRule) XXX_DiscardUnknown()

func (*DlpRule) XXX_Marshal

func (m *DlpRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DlpRule) XXX_Merge

func (m *DlpRule) XXX_Merge(src proto.Message)

func (*DlpRule) XXX_Size

func (m *DlpRule) XXX_Size() int

func (*DlpRule) XXX_Unmarshal

func (m *DlpRule) XXX_Unmarshal(b []byte) error

type FilterConfig

type FilterConfig struct {
	// The list of transformation, matcher pairs.
	// The first rule which matches will be applied.
	DlpRules             []*DlpRule `protobuf:"bytes,1,rep,name=dlp_rules,json=dlpRules,proto3" json:"dlp_rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

Listener level config for dlp filter

func (*FilterConfig) Descriptor

func (*FilterConfig) Descriptor() ([]byte, []int)

func (*FilterConfig) Equal

func (this *FilterConfig) Equal(that interface{}) bool

func (*FilterConfig) GetDlpRules

func (m *FilterConfig) GetDlpRules() []*DlpRule

func (*FilterConfig) Hash added in v1.2.13

func (m *FilterConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*FilterConfig) ProtoMessage

func (*FilterConfig) ProtoMessage()

func (*FilterConfig) Reset

func (m *FilterConfig) Reset()

func (*FilterConfig) String

func (m *FilterConfig) String() string

func (*FilterConfig) XXX_DiscardUnknown

func (m *FilterConfig) XXX_DiscardUnknown()

func (*FilterConfig) XXX_Marshal

func (m *FilterConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FilterConfig) XXX_Merge

func (m *FilterConfig) XXX_Merge(src proto.Message)

func (*FilterConfig) XXX_Size

func (m *FilterConfig) XXX_Size() int

func (*FilterConfig) XXX_Unmarshal

func (m *FilterConfig) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL