Skip to content

bingoohuang/logmask

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

logmask

Build Status Quality Gate Coverage Status Maven Central License: MIT

mask sensitive in the log

usage

Config

logmask.xml配置文件

注:请放置于classpath,对应于maven工程结构的src/main/resources文件夹内

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<config>
    <mask>
        <!-- pattern 定义匹配的正则表达式 -->
        <pattern><![CDATA[\b\d{12}\d{3,5}[xX]?\b]]></pattern>

        <!-- 指定json格式, key=value key:value形式的key,多个以空白分割 -->
        <keys>creditCard id name</keys>

        <!-- 脱敏后的数据保留, 默认无保留. eg. -->
        <!-- 3: 首尾各保留3位原字符,例如 abcdefg -> abc***efg -->
        <!-- 0.3: 尾部留3位原字符,例如 abcdefg -> ***efg -->
        <!-- 3.0: 首部留3位原字符,例如 abcdefg -> abc*** -->
        <keep>3</keep>

        <!-- mask定义脱敏后用于替换的掩码字符串,默认为___ -->
        <mask>***</mask>
    </mask>
    <mask>
        <pattern><![CDATA[\b\d{5}\b]]></pattern>
    </mask>

    <mask>
      <!-- rule表示JSON序列化与toString序列化JavaBean时,可以被引用的规则名称 -->
      <rule>NAME</rule> <!-- 姓名-->
      <pattern><![CDATA[([\u4E00-\u9FA5]{1})[\u4E00-\u9FA5]{1,}]]></pattern>
      <replace>$1**</replace>
    </mask>
    <mask>
      <rule>MOBILE</rule> <!-- 手机号-->
      <pattern><![CDATA[(\d{3})\d{4}(\d{4})]]></pattern>
    </mask>
    <mask>
      <rule>EMAIL</rule> <!-- 邮箱-->
      <pattern><![CDATA[(\w+)(@\w+)]]></pattern>
      <replace>******$2</replace>
    </mask>
</config>

对应的JavaBean定义样例:

@Mask
public class Req {
  @Mask private String receiveCardNo;

  @Mask(rule = "MOBILE")
  private String mobNo;

  @Mask(rule = "EMAIL")
  private String email;

  @Mask(empty = true)
  private String payPasswd;

  private String address;
}

Direct API usage

directly use LogMask.mask(r) to generate masked string.

@Slf4j
public class ToStringTest {
  @Test
  public void testToString() {
    Req r =
      new Req("1111222233334444", "18611112222", "bingoo.huang@gmail.com", "12345678", "beijing");
    log.info("request: {}", LogMask.mask(r));
  }
}

输出:

2020-05-09 16:34:28.743 INFO  [main] cn.footstone.logmask.json.ToStringTest : request params: cn.bjca.footstone.logmask.json.Req(receiveCardNo=___, mobNo=186****2222, email=bingoo.******@gmail.com, address=beijing)

design

日志行范围 脱敏范围 配置示例 日志示例 API支持 实现状态
日志行整行 正则匹配 形式1:
正则表达式		 1期实现
日志行整行 KEY锚定 形式2:
keys=id creditCard address		 key=value
key='value'
key="value"
key=[value]
key=(value)
key={value}

key:value
key:'value'
key:"value"
key:[value]
key:(value)
key:{value}		 log4j/logback 自定义Layout 1期实现
日志行整行 序号锚定 形式2:
keys=#1 #3 separator=[]		 [value1][value2][value3]
(value1)(value2)(value3)
{value1}{value3}{value2}		 TODO
日志行整行 JSON KEY锚定 形式2:
keys=id creditCard address		 {"key":"value"} 1期实现
日志行整行 XML TAG锚定 形式2:
keys=id creditCard address		 <key>value</key> 1期实现
日志行中的信息块 对象序列化toString/JSON/XML @LogMask(maskChars = "0")
private String creditCard;		 TODO
信息块中的子项 直接API脱敏指定数据 LogMask.mask(creditCard);
LogMask.mask(creditCard, MaskOption.maskChars("0"))
LogMask.maskBankCardNo(creditCard)
LogMask.maskMobileNumber(mobile)
LogMask.maskEmail(email)		 1期实现

resources

  1. Logback日志信息脱敏
  2. MyBatis Type Handlers for Encrypt
  3. java 日志脱敏框架 sensitive,优雅的打印脱敏日志, github houbb/sensitive
  4. google logback 日志脱敏
  5. 基于java反射,在运行时动态擦除对象中的敏感信息
  6. 日志脱敏 DestinyAries / log-tool
  7. github log desensitization search
  8. 专治各种数据脱敏-Jackson-fastjson-logback
  9. Log4j2实现日志脱敏

logback PatternLayout

online

Format modifier Left justify Minimum width Maximum width Comment
%20logger false 20 none Left pad with spaces if the logger name is less than 20 characters long.
%-20logger true 20 none Right pad with spaces if the logger name is less than 20 characters long.
%.30logger NA none 30 Truncate from the beginning if the logger name is longer than 30 characters.
%20.30logger false 20 30 Left pad with spaces if the logger name is shorter than 20 characters. However, if logger name is longer than 30 characters, then truncate from the beginning.
%-20.30logger true 20 30 Right pad with spaces if the logger name is shorter than 20 characters. However, if logger name is longer than 30 characters, then truncate from the beginning.
%.-30logger NA none 30 Truncate from the end if the logger name is longer than 30 characters.
Format modifier Logger name Result
[%20.20logger] main.Name [ main.Name]
[%-20.20logger] main.Name [main.Name ]
[%10.10logger] main.foo.foo.bar.Name [o.bar.Name]
[%10.-10logger] main.foo.foo.bar.Name [main.foo.f]

google-java-format code formatter

https://github.com/Cosium/git-code-format-maven-plugin

mvn git-code-format:format-code -Dgcf.globPattern="**/*"

About

mask sensitive in the log

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages