fluent-plugin-masking 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/README.md +83 -1
- data/fluent-plugin-masking.gemspec +4 -4
- data/lib/fluent/plugin/filter_masking.rb +12 -5
- data/lib/fluent/plugin/version.rb +1 -1
- metadata +7 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3829c2b34592e0818d551864f92a43d914285b899f517a36918b4f4ccd06efcc
|
4
|
+
data.tar.gz: 9a10456cdd7baef47fcad37a322fc497b5f7261612592822ee710887979da3dc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9df328614e49ab9190ba647c28956c19d184471b6cfb332a8d9a5a279dd0f035e75ff17a71e7c51faf8c6d1f8aa2b6500755986c41f262569f05d68fbafc8352
|
7
|
+
data.tar.gz: '09ac4052c21d64b735ffc9b44aada2ecaf2cff678a3ca45de4eb1280940456c0c0cc493a3702b0c27d358bb07a045aad72e30f00f98070993eccb09da21efed6'
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1 +1,83 @@
|
|
1
|
-
fluent-plugin-masking
|
1
|
+
# fluent-plugin-masking
|
2
|
+
|
3
|
+
## Overview
|
4
|
+
Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask.
|
5
|
+
|
6
|
+
## Requirements
|
7
|
+
| fluent-plugin-masking | fluentd | ruby |
|
8
|
+
| --------------------- | ---------- | ------ |
|
9
|
+
| 1.0.x | >= v0.14.0 | >= 2.1 |
|
10
|
+
|
11
|
+
|
12
|
+
## Installation
|
13
|
+
Install with gem:
|
14
|
+
|
15
|
+
`gem install fluent-plugin-masking`
|
16
|
+
|
17
|
+
## Setup
|
18
|
+
In order to setup this plugin, the parameter `fieldsToMaskFilePath` needs to be a valid path to a file containing a list of all the fields to mask. The file should have a unique field on each line. These fields **are** case-sensitive (`Name` != `name`).
|
19
|
+
|
20
|
+
This is configured as shown below:
|
21
|
+
```
|
22
|
+
<filter "**">
|
23
|
+
@type masking
|
24
|
+
fieldsToMaskFilePath "/path/to/fields-to-mask-file"
|
25
|
+
</filter>
|
26
|
+
```
|
27
|
+
|
28
|
+
Example fields-to-mask-file:
|
29
|
+
```
|
30
|
+
name
|
31
|
+
email
|
32
|
+
phone
|
33
|
+
```
|
34
|
+
|
35
|
+
|
36
|
+
## Quick Guide
|
37
|
+
|
38
|
+
### Configuration:
|
39
|
+
```
|
40
|
+
# fluent.conf
|
41
|
+
----------------------------------
|
42
|
+
<source>
|
43
|
+
@type tail
|
44
|
+
path /tmp/test.log
|
45
|
+
pos_file /tmp/test.log.pos
|
46
|
+
tag maskme
|
47
|
+
format none
|
48
|
+
</source>
|
49
|
+
|
50
|
+
<filter "**">
|
51
|
+
@type masking
|
52
|
+
fieldsToMaskFilePath "/path/to/fields-to-mask-file"
|
53
|
+
</filter>
|
54
|
+
|
55
|
+
<match "**">
|
56
|
+
@type stdout
|
57
|
+
</match>
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
# /path/to/fields-to-mask-file
|
62
|
+
----------------------------------
|
63
|
+
first_name
|
64
|
+
last_name
|
65
|
+
address
|
66
|
+
phone
|
67
|
+
password
|
68
|
+
email
|
69
|
+
```
|
70
|
+
|
71
|
+
### Result
|
72
|
+
|
73
|
+
To run the above configuration, run the following commands:
|
74
|
+
```
|
75
|
+
fluentd -c fluent.conf
|
76
|
+
echo '{ :body => "{\"first_name\":\"mickey\", \"type\":\"puggle\", \"last_name\":\"the-dog\", \"password\":\"d0g43u39\"}"}' > /tmp/test.log
|
77
|
+
```
|
78
|
+
|
79
|
+
This sample result is created from the above configuration file `fluent.conf`. As expected, the following fields configured to be masked are masked with `*******` in the output.
|
80
|
+
|
81
|
+
```
|
82
|
+
2019-09-15 16:12:50.359191000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"*******\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"*******\\\", \\\"password\\\":\\\"*******\\\"}\"}"}
|
83
|
+
```
|
@@ -9,9 +9,9 @@ Gem::Specification.new do |spec|
|
|
9
9
|
|
10
10
|
spec.authors = ["Shai Moria", "Niv Lipetz"]
|
11
11
|
spec.email = ["shai.moria@zooz.com", "niv.lipetz@zooz.com"]
|
12
|
-
spec.description = "Fluentd
|
13
|
-
spec.summary = "Fluentd
|
14
|
-
spec.homepage = "https://github.com/zooz"
|
12
|
+
spec.description = "Fluentd filter plugin to mask sensitive or privacy records in event messages"
|
13
|
+
spec.summary = "Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask."
|
14
|
+
spec.homepage = "https://github.com/zooz/fluent-plugin-masking"
|
15
15
|
|
16
16
|
spec.files = `git ls-files`.split($\)
|
17
17
|
spec.require_paths = ["lib"]
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
|
20
20
|
spec.required_ruby_version = '>= 2.1'
|
21
21
|
|
22
|
-
spec.add_runtime_dependency "fluentd", ">= 0.14.0"
|
22
|
+
spec.add_runtime_dependency "fluentd", ">= 0.14.0"
|
23
23
|
spec.add_development_dependency "bundler"
|
24
24
|
spec.add_development_dependency "rake", "~> 12.0"
|
25
25
|
spec.add_development_dependency "test-unit", ">= 3.1.0"
|
@@ -12,16 +12,14 @@ module Fluent
|
|
12
12
|
end
|
13
13
|
|
14
14
|
# returns the masked record
|
15
|
-
# error safe method - if any error occurs
|
16
|
-
# the original record is return
|
15
|
+
# error safe method - if any error occurs the original record is returned
|
17
16
|
def maskRecord(record)
|
18
17
|
maskedRecord = record
|
19
18
|
|
20
19
|
begin
|
21
20
|
recordStr = record.to_s
|
22
|
-
@
|
23
|
-
recordStr = recordStr.gsub(
|
24
|
-
recordStr = recordStr.gsub(/(\\+)"#{fieldToMask}\\+":\\+.+?((?=(})|,( *|)(\s|\\+)\")|(?=}"$))/m, "\\1\"#{fieldToMask}\\1\":\\1\"#{MASK_STRING}\\1\"") # mask element in json string
|
21
|
+
@fields_to_mask_regex.each do | fieldToMaskRegex, fieldToMaskRegexStringReplacement |
|
22
|
+
recordStr = recordStr.gsub(fieldToMaskRegex, fieldToMaskRegexStringReplacement)
|
25
23
|
end
|
26
24
|
|
27
25
|
maskedRecord = strToHash(recordStr)
|
@@ -36,6 +34,7 @@ module Fluent
|
|
36
34
|
def initialize
|
37
35
|
super
|
38
36
|
@fields_to_mask = []
|
37
|
+
@fields_to_mask_regex = {}
|
39
38
|
end
|
40
39
|
|
41
40
|
# this method only called ones (on startup time)
|
@@ -51,6 +50,14 @@ module Fluent
|
|
51
50
|
value = value.gsub('\n', '') # remove line breakers
|
52
51
|
|
53
52
|
@fields_to_mask.push(value)
|
53
|
+
|
54
|
+
hashObjectRegex = Regexp.new(/(?::#{value}=>")(.*?)(?:")/m) # mask element in hash object
|
55
|
+
hashObjectRegexStringReplacement = ":#{value}=>\"#{MASK_STRING}\""
|
56
|
+
@fields_to_mask_regex[hashObjectRegex] = hashObjectRegexStringReplacement
|
57
|
+
|
58
|
+
innerJSONStringRegex = Regexp.new(/(\\+)"#{value}\\+":\\+.+?((?=(})|,( *|)(\s|\\+)\")|(?=}"$))/m) # mask element in json string using capture groups that count the level of escaping inside the json string
|
59
|
+
innerJSONStringRegexStringReplacement = "\\1\"#{value}\\1\":\\1\"#{MASK_STRING}\\1\""
|
60
|
+
@fields_to_mask_regex[innerJSONStringRegex] = innerJSONStringRegexStringReplacement
|
54
61
|
end
|
55
62
|
end
|
56
63
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-masking
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shai Moria
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-
|
12
|
+
date: 2019-09-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fluentd
|
@@ -18,9 +18,6 @@ dependencies:
|
|
18
18
|
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: 0.14.0
|
21
|
-
- - "<"
|
22
|
-
- !ruby/object:Gem::Version
|
23
|
-
version: '2'
|
24
21
|
type: :runtime
|
25
22
|
prerelease: false
|
26
23
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -28,9 +25,6 @@ dependencies:
|
|
28
25
|
- - ">="
|
29
26
|
- !ruby/object:Gem::Version
|
30
27
|
version: 0.14.0
|
31
|
-
- - "<"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '2'
|
34
28
|
- !ruby/object:Gem::Dependency
|
35
29
|
name: bundler
|
36
30
|
requirement: !ruby/object:Gem::Requirement
|
@@ -87,7 +81,7 @@ dependencies:
|
|
87
81
|
- - ">="
|
88
82
|
- !ruby/object:Gem::Version
|
89
83
|
version: '0'
|
90
|
-
description: Fluentd
|
84
|
+
description: Fluentd filter plugin to mask sensitive or privacy records in event messages
|
91
85
|
email:
|
92
86
|
- shai.moria@zooz.com
|
93
87
|
- niv.lipetz@zooz.com
|
@@ -106,7 +100,7 @@ files:
|
|
106
100
|
- lib/fluent/plugin/version.rb
|
107
101
|
- test/fields-to-mask
|
108
102
|
- test/test_filter_masking.rb
|
109
|
-
homepage: https://github.com/zooz
|
103
|
+
homepage: https://github.com/zooz/fluent-plugin-masking
|
110
104
|
licenses:
|
111
105
|
- Apache-2.0
|
112
106
|
metadata: {}
|
@@ -128,5 +122,7 @@ requirements: []
|
|
128
122
|
rubygems_version: 3.0.3
|
129
123
|
signing_key:
|
130
124
|
specification_version: 4
|
131
|
-
summary: Fluentd
|
125
|
+
summary: Fluentd filter plugin to mask sensitive or privacy records with `*******`
|
126
|
+
in place of the original value. This data masking plugin protects data such as name,
|
127
|
+
email, phonenumber, address, and any other field you would like to mask.
|
132
128
|
test_files: []
|