From c3f1142ed5d14e493fc4793566fec52d4b848533 Mon Sep 17 00:00:00 2001 From: fsun1 Date: Wed, 6 Nov 2024 09:37:02 -0800 Subject: [PATCH] enable Non String values in JsonFieldPatternBuilder --- .../com/ebay/ejmask/api/IPatternBuilder.java | 11 ++ .../com/ebay/ejmask/api/PatternEntity.java | 38 +++++ .../ebay/ejmask/core/EJMaskInitializer.java | 14 +- .../builder/json/JsonFieldPatternBuilder.java | 77 ++++++++-- .../json/JsonFieldPatternBuilderTest.java | 144 +++++++++++++++++- 5 files changed, 268 insertions(+), 16 deletions(-) create mode 100644 ejmask-api/src/main/java/com/ebay/ejmask/api/PatternEntity.java diff --git a/ejmask-api/src/main/java/com/ebay/ejmask/api/IPatternBuilder.java b/ejmask-api/src/main/java/com/ebay/ejmask/api/IPatternBuilder.java index 2f7897d..d73b6da 100644 --- a/ejmask-api/src/main/java/com/ebay/ejmask/api/IPatternBuilder.java +++ b/ejmask-api/src/main/java/com/ebay/ejmask/api/IPatternBuilder.java @@ -1,5 +1,9 @@ package com.ebay.ejmask.api; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + /** * Copyright (c) 2023 eBay Inc. *

@@ -20,22 +24,29 @@ public interface IPatternBuilder { /** * Build pattern to match + * @deprecated use {@link #buildPatternEntities(int, String...)} instead * * @param visibleCharacters as no of characters to be visible. * @param fieldNames as list of field names * @return match pattern */ + @Deprecated String buildPattern(int visibleCharacters, String... fieldNames); /** * Build pattern to replace. + * @deprecated use {@link #buildPatternEntities(int, String...)} instead * * @param visibleCharacters as no of characters to be visible. * @param fieldNames as list of field names * @return match pattern */ + @Deprecated String buildReplacement(int visibleCharacters, String... fieldNames); + default List buildPatternEntities(int visibleCharacters, String... fieldNames) { + return Arrays.asList(new PatternEntity(buildPattern(visibleCharacters, fieldNames), buildReplacement(visibleCharacters, fieldNames))); + } /** * Set true if the build can be groupable. * diff --git a/ejmask-api/src/main/java/com/ebay/ejmask/api/PatternEntity.java b/ejmask-api/src/main/java/com/ebay/ejmask/api/PatternEntity.java new file mode 100644 index 0000000..08aad01 --- /dev/null +++ b/ejmask-api/src/main/java/com/ebay/ejmask/api/PatternEntity.java @@ -0,0 +1,38 @@ +package com.ebay.ejmask.api; + +import javax.annotation.Nonnull; + +/** + * Copyright (c) 2023 eBay Inc. + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *

+ * https://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +public class PatternEntity { + + private String patternTemplate; + + private String replacementTemplate; + + public PatternEntity(@Nonnull String patternTemplate, @Nonnull String replacementTemplate) { + this.patternTemplate = patternTemplate; + this.replacementTemplate = replacementTemplate; + } + + public String getPatternTemplate() { + return patternTemplate; + } + + public String getReplacementTemplate() { + return replacementTemplate; + } +} diff --git a/ejmask-core/src/main/java/com/ebay/ejmask/core/EJMaskInitializer.java b/ejmask-core/src/main/java/com/ebay/ejmask/core/EJMaskInitializer.java index 1be875c..50de4f3 100644 --- a/ejmask-core/src/main/java/com/ebay/ejmask/core/EJMaskInitializer.java +++ b/ejmask-core/src/main/java/com/ebay/ejmask/core/EJMaskInitializer.java @@ -20,6 +20,7 @@ import com.ebay.ejmask.api.IFilter; import com.ebay.ejmask.api.IPatternBuilder; import com.ebay.ejmask.api.MaskingPattern; +import com.ebay.ejmask.api.PatternEntity; import com.ebay.ejmask.core.util.CommonUtils; import com.ebay.ejmask.core.util.LoggerUtil; @@ -33,6 +34,8 @@ import java.util.List; import java.util.Map; +import static com.ebay.ejmask.core.util.CommonUtils.emptyIfNull; + /** * The objective of this class it to wrap all complications in adding and * maintaining masking fields inside this class and keep the recurring jobs @@ -104,7 +107,7 @@ public static void addContentProcessor(IContentProcessor... contentProcessors) { * @param contentProcessors new value of contentProcessors */ public static synchronized void addContentProcessors(Collection contentProcessors) { - for (IContentProcessor contentPreProcessor : CommonUtils.emptyIfNull(contentProcessors)) { + for (IContentProcessor contentPreProcessor : emptyIfNull(contentProcessors)) { EJMask.register(contentPreProcessor); LoggerUtil.info("data-filter-initializer", "processors", "adding " + contentPreProcessor.getName()); } @@ -137,10 +140,11 @@ public static synchronized void addFilters(Collection filters) { //avoid empty due to duplicate if (CommonUtils.isNotEmpty(filter.getFieldNames())) { final String[] fieldNames = toArray(filter.getFieldNames()); - final String pattern = filter.getBuilder().buildPattern(filter.getVisibleCharacters(), fieldNames); - final String replacement = filter.getBuilder().buildReplacement(filter.getVisibleCharacters(), fieldNames); - //add masking pattern to data masking utility - addMaskingPattern(filter.getOrder(), pattern, replacement); + List patternEntityList = filter.getBuilder().buildPatternEntities(filter.getVisibleCharacters(), fieldNames); + emptyIfNull(patternEntityList).forEach(patternEntity -> { + //add masking pattern to data masking utility + addMaskingPattern(filter.getOrder(), patternEntity.getPatternTemplate(), patternEntity.getReplacementTemplate()); + }); } } addNonGroupedFilters(filters); diff --git a/ejmask-extensions/src/main/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilder.java b/ejmask-extensions/src/main/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilder.java index 894bc17..dd7f4dc 100644 --- a/ejmask-extensions/src/main/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilder.java +++ b/ejmask-extensions/src/main/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilder.java @@ -15,8 +15,15 @@ * limitations under the License. */ +import com.ebay.ejmask.api.PatternEntity; import com.ebay.ejmask.extenstion.builder.AbstractRegexPatternBuilder; +import java.util.Arrays; +import java.util.LinkedList; +import java.util.List; + +import static com.ebay.ejmask.core.util.CommonUtils.emptyIfNull; + /** * An implementation of IPatternBuilder to support sensitive JSON field, whose value need to be partially masked. * @@ -24,13 +31,25 @@ */ public class JsonFieldPatternBuilder extends AbstractRegexPatternBuilder { - //https://regex101.com/r/ZDQWod/5 - //unescaped string --------------------------> \"(%s)(\\*\"\s*:\s*\\*\")([^\"]{1,%d})[^\"]*(\\?\"|) - private static final String PATTERN_TEMPLATE = "\\\"(%s)(\\\\*\\\"\\s*:\\s*\\\\*\\\")([^\\\"]{1,%d})[^\\\"]*(\\\\?\\\"|)"; - //group $1 = field name - //group $2 = ":" (with json serialization support) - //group $3 = masked sting - private static final String REPLACEMENT_TEMPLATE = "\"$1$2$3-xxxx$4"; + private static final List PATTERN_ENTITY_LIST = Arrays.asList( + /** + * String field with value to be masked + * @link https://regex101.com/r/ZDQWod/5 + */ + new PatternEntity("\\\"(%s)(\\\\*\\\"\\s*:\\s*\\\\*\\\")([^\\\"]{1,%d})[^\\\"]*(\\\\?\\\"|)", "\"$1$2$3-xxxx$4"), + + /** + * Numeric field with value to be masked + * @link https://regex101.com/r/rOeErB/1 + */ + new PatternEntity("\\\"(%s)(\\\\*\\\"\\s*:\\s*\\\\*)(-?\\b\\d+(\\.\\d+)?(e-?\\d+)?\\b)([^\\\"]{1,2})", "\"$1$2\"xxxx\"$6"), + /** + * Boolean field with value to be masked + * @link https://regex101.com/r/AEwc99/1 + */ + new PatternEntity("\\\"(%s)(\\\\*\\\"\\s*:\\s*\\\\*)(\\b(true|TRUE|True|false|FALSE|False)\\b)([^\\\"]{1,3})[^\\\"]*(\\\\?\\\"|)", "\"$1$2\"xxxx\"$5$6") + + ); /** * Build pattern to match @@ -41,12 +60,27 @@ public class JsonFieldPatternBuilder extends AbstractRegexPatternBuilder { */ @Override public String buildPattern(int visibleCharacters, String... fieldNames) { + return this.buildPattern(null, visibleCharacters, fieldNames); + } + + /** + * Build pattern to match + * @param patternEntity as instance of PatternEntity + * @param visibleCharacters as no of characters to be visible. + * @param fieldNames as list of field names + * @return + */ + private String buildPattern(PatternEntity patternEntity, int visibleCharacters, String... fieldNames) { if (visibleCharacters < 1) { throw new IllegalArgumentException("visibleCharacters must be a possessive value instead of " + visibleCharacters); } - return String.format(PATTERN_TEMPLATE, super.buildFieldNamesForRegexOr(fieldNames), visibleCharacters); + if(patternEntity == null) { + patternEntity = PATTERN_ENTITY_LIST.get(0); + } + return String.format(patternEntity.getPatternTemplate(), super.buildFieldNamesForRegexOr(fieldNames), visibleCharacters); } + /** * Build pattern to replace. * @@ -56,6 +90,31 @@ public String buildPattern(int visibleCharacters, String... fieldNames) { */ @Override public String buildReplacement(int visibleCharacters, String... fieldNames) { - return REPLACEMENT_TEMPLATE; + return this.buildReplacement(null, visibleCharacters, fieldNames); + } + + /** + * Build pattern to replace. + * + * @param patternEntity as instance of PatternEntity + * @param visibleCharacters as no of characters to be visible. + * @param fieldNames as list of field names + * @return match pattern + */ + private String buildReplacement(PatternEntity patternEntity, int visibleCharacters, String... fieldNames) { + if(patternEntity == null) { + patternEntity = PATTERN_ENTITY_LIST.get(0); + } + return patternEntity.getReplacementTemplate(); + } + + @Override + public List buildPatternEntities(int visibleCharacters, String... fieldNames) { + List result = new LinkedList<>(); + emptyIfNull(PATTERN_ENTITY_LIST).forEach(patternEntity -> { + result.add(new PatternEntity(this.buildPattern(patternEntity, visibleCharacters, fieldNames), this.buildReplacement(patternEntity, visibleCharacters, fieldNames))); + }); + return result; } + } diff --git a/ejmask-extensions/src/test/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilderTest.java b/ejmask-extensions/src/test/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilderTest.java index 6d7bf8c..ca1103d 100644 --- a/ejmask-extensions/src/test/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilderTest.java +++ b/ejmask-extensions/src/test/java/com/ebay/ejmask/extenstion/builder/json/JsonFieldPatternBuilderTest.java @@ -1,11 +1,13 @@ package com.ebay.ejmask.extenstion.builder.json; +import com.ebay.ejmask.api.PatternEntity; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; +import java.util.List; import java.util.regex.Pattern; import java.util.stream.Stream; @@ -15,7 +17,7 @@ public class JsonFieldPatternBuilderTest { public static final JsonFieldPatternBuilder instance = new JsonFieldPatternBuilder(); - public static final String[] fieldNames = new String[]{"firstName", "lastName"}; + public static final String[] fieldNames = new String[]{"firstName", "lastName", "number", "boolValue"}; /** @@ -25,7 +27,7 @@ public class JsonFieldPatternBuilderTest { public void testBuildPattern() { int visibleCharacters = 12; String result = instance.buildPattern(visibleCharacters, fieldNames); - Assertions.assertEquals("\\\"(firstName|lastName)(\\\\*\\\"\\s*:\\s*\\\\*\\\")([^\\\"]{1,12})[^\\\"]*(\\\\?\\\"|)", result); + Assertions.assertEquals("\\\"(firstName|lastName|number|boolValue)(\\\\*\\\"\\s*:\\s*\\\\*\\\")([^\\\"]{1,12})[^\\\"]*(\\\\?\\\"|)", result); } /** @@ -58,6 +60,18 @@ public void testMatch(String name, String data, String expected) { Assertions.assertEquals(expected, result); } + @ParameterizedTest + @MethodSource("dataForFullTestMatch") + public void testMatchForPatternList(String name, String data, String expected) { + List patternEntityList = instance.buildPatternEntities(2, fieldNames); + String result = data; + for (PatternEntity patternEntity : patternEntityList) { + Pattern pattern = Pattern.compile(patternEntity.getPatternTemplate()); + result = pattern.matcher(result).replaceAll(patternEntity.getReplacementTemplate()); + } + Assertions.assertEquals(expected, result); + } + static Stream dataForTestMatch() { return Stream.of( Arguments.arguments( @@ -138,4 +152,130 @@ static Stream dataForTestMatch() { )); } + static Stream dataForFullTestMatch() { + return Stream.of( + Arguments.arguments( + "test with normal json", + "{\"firstName\":\"sensitive data\",\"lastName\":\"sensitive data\",\"nonSensitiveData\":\"firstName\"}", + "{\"firstName\":\"se-xxxx\",\"lastName\":\"se-xxxx\",\"nonSensitiveData\":\"firstName\"}" + + ), + Arguments.arguments( + "test with empty values", + "{\"firstName\":\"\",\"lastName\":null,\"nonSensitiveData\":\"firstName\"}", + "{\"firstName\":\"\",\"lastName\":null,\"nonSensitiveData\":\"firstName\"}" + + ), + Arguments.arguments( + "test with space", + "{\"firstName\" : \"sensitive data\", \"lastName\" :\"sensitive data\",\"nonSensitiveData\":\"firstName\"}", + "{\"firstName\" : \"se-xxxx\", \"lastName\" :\"se-xxxx\",\"nonSensitiveData\":\"firstName\"}" + + ), + Arguments.arguments( + "test with line break", + "{\n" + + " \"firstName\": \"sensitive data\",\n" + + " \"lastName\": \"sensitive data\",\n" + + " \"nonSensitiveData\": \"firstName\"\n" + + "}", + "{\n" + + " \"firstName\": \"se-xxxx\",\n" + + " \"lastName\": \"se-xxxx\",\n" + + " \"nonSensitiveData\": \"firstName\"\n" + + "}" + + ), + Arguments.arguments( + "test with broken json", + "{\"firstName\":\"sensitive data\",\"lastName\":\"sensitive data", + "{\"firstName\":\"se-xxxx\",\"lastName\":\"se-xxxx" + + ), + Arguments.arguments( + "test with normal json", + "{\"firstName\":\"sensitive data\",\"lastName\":\"sensitive data\",\"nonSensitiveData\":\"firstName\"}", + "{\"firstName\":\"se-xxxx\",\"lastName\":\"se-xxxx\",\"nonSensitiveData\":\"firstName\"}" + + ), + + /* + * TODO: json formatting is little messed up due to limitation + * of regex. commented the expected. + */ + Arguments.arguments( + "test with json encoded json", + "{\\\"firstName\\\":\\\"sensitive data\\\",\\\"lastName\\\":\\\"sensitive data\\\",\\\"nonSensitiveData\\\":\\\"firstName\\\"}", + //"{\\\"firstName\\\":\\\"se-xxxx\\\",\\\"lastName\\\":\\\"se-xxxx\\\",\\\"nonSensitiveData\\\":\\\"firstName\\\"}" + "{\\\"firstName\\\":\\\"se-xxxx\",\\\"lastName\\\":\\\"se-xxxx\",\\\"nonSensitiveData\\\":\\\"firstName\\\"}" + + ), + Arguments.arguments( + "test with double json encoded json", + "{\\\\\\\"firstName\\\\\\\":\\\\\\\"sensitive data\\\\\\\",\\\\\\\"lastName\\\\\\\":\\\\\\\"sensitive data\\\\\\\",\\\\\\\"nonSensitiveData\\\\\\\":\\\\\\\"firstName\\\\\\\"}", + //"{\\\\\\\"firstName\\\\\\\":\\\\\\\"se-xxxx\\\\\\\",\\\\\\\"lastName\\\\\\\":\\\\\\\"se-xxxx\\\\\\\",\\\\\\\"nonSensitiveData\\\\\\\":\\\\\\\"firstName\\\\\\\"}" + "{\\\\\\\"firstName\\\\\\\":\\\\\\\"se-xxxx\",\\\\\\\"lastName\\\\\\\":\\\\\\\"se-xxxx\",\\\\\\\"nonSensitiveData\\\\\\\":\\\\\\\"firstName\\\\\\\"}" + + ), + Arguments.arguments( + "test with encoded broken json", + "{\\\"firstName\\\":\\\"sensitive data\\\",\\\"lastName\\\":\\\"sensitive data", + //"{\\\"firstName\\\":\\\"se-xxxx\\\",\\\"lastName\\\":\\\"se-xxxx" + "{\\\"firstName\\\":\\\"se-xxxx\",\\\"lastName\\\":\\\"se-xxxx" + + ), + Arguments.arguments( + "test with encoded broken json 2", + "{\\\"firstName\\\":\\\"sensitive data\\\",\\\"lastName\\\":\\\"sensitive data\\", + //"{\\\"firstName\\\":\\\"se-xxxx\\\",\\\"lastName\\\":\\\"se-xxxx\\", + "{\\\"firstName\\\":\\\"se-xxxx\",\\\"lastName\\\":\\\"se-xxxx" + ), + Arguments.arguments( + "test with normal json for integer", + "{\"serializedStr\":\"dink\",\"number\":123975,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":123975 }\"}", + "{\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with broken json for integer", + "{\"serializedStr\":\"dink\",\"number\":123975,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":123975 }\"", + "{\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"" + ), + Arguments.arguments( + "test with normal json for flot", + "{\"serializedStr\":\"dink\",\"number\":123.975,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":-123.975 }\"}", + "{\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with broken json for flot", + "\"serializedStr\":\"dink\",\"number\":123.975,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":-123.975 }\"}", + "\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with normal json for scientific notation", + "{\"serializedStr\":\"dink\",\"number\":0.123e10,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":-0.123e10 }\"}", + "{\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with broken json for scientific notation", + "{\"serializedStr\":\"dink\",\"number\":0.123e10,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":-0.123e10 }\"", + "{\"serializedStr\":\"dink\",\"number\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"number\\\\\\\":\"xxxx\" }\"" + ), + Arguments.arguments( + "test with normal json for boolean in all lower case", + "{\"serializedStr\":\"dink\",\"boolValue\":true,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":false }\"}", + "{\"serializedStr\":\"dink\",\"boolValue\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with normal json for boolean in all capital case", + "{\"serializedStr\":\"dink\",\"boolValue\":TRUE,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":FALSE }\"}", + "{\"serializedStr\":\"dink\",\"boolValue\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":\"xxxx\" }\"}" + ), + Arguments.arguments( + "test with normal json for boolean in first capital case", + "{\"serializedStr\":\"dink\",\"boolValue\":True,\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":False }\"}", + "{\"serializedStr\":\"dink\",\"boolValue\":\"xxxx\",\"serializedStringNumber\":\"{\\\\\\\"serializedStr\\\\\\\":\\\\\\\"dink\\\\\\\", \\\\\\\"boolValue\\\\\\\":\"xxxx\" }\"}" + ) + ); + } + }