JarCastinglogmask
mask sensitive in the log
usage
Config
logmask.xml配置文件
注:请放置于
classpath,对应于maven工程结构的src/main/resources文件夹内
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<config>
<mask>
<!-- pattern 定义匹配的正则表达式 -->
<pattern><![CDATA[\b\d{12}\d{3,5}[xX]?\b]]></pattern>
<!-- 指定json格式, key=value key:value形式的key,多个以空白分割 -->
<keys>creditCard id name</keys>
<!-- 脱敏后的数据保留, 默认无保留. eg. -->
<!-- 3: 首尾各保留3位原字符,例如 abcdefg -> abc***efg -->
<!-- 0.3: 尾部留3位原字符,例如 abcdefg -> ***efg -->
<!-- 3.0: 首部留3位原字符,例如 abcdefg -> abc*** -->
<keep>3</keep>
<!-- mask定义脱敏后用于替换的掩码字符串,默认为___ -->
<mask>***</mask>
</mask>
<mask>
<pattern><![CDATA[\b\d{5}\b]]></pattern>
</mask>
<mask>
<!-- rule表示JSON序列化与toString序列化JavaBean时,可以被引用的规则名称 -->
<rule>NAME</rule> <!-- 姓名-->
<pattern><![CDATA[([\u4E00-\u9FA5]{1})[\u4E00-\u9FA5]{1,}]]></pattern>
<replace>$1**</replace>
</mask>
<mask>
<rule>MOBILE</rule> <!-- 手机号-->
<pattern><![CDATA[(\d{3})\d{4}(\d{4})]]></pattern>
</mask>
<mask>
<rule>EMAIL</rule> <!-- 邮箱-->
<pattern><![CDATA[(\w+)(@\w+)]]></pattern>
<replace>******$2</replace>
</mask>
</config>
对应的JavaBean定义样例:
@Mask
public class Req {
@Mask private String receiveCardNo;
@Mask(rule = "MOBILE")
private String mobNo;
@Mask(rule = "EMAIL")
private String email;
@Mask(empty = true)
private String payPasswd;
private String address;
}
Direct API usage
directly use LogMask.mask(r) to generate masked string.
@Slf4j
public class ToStringTest {
@Test
public void testToString() {
Req r =
new Req("1111222233334444", "18611112222", "[email protected]", "12345678", "beijing");
log.info("request: {}", LogMask.mask(r));
}
}
输出:
2020-05-09 16:34:28.743 INFO [main] cn.footstone.logmask.json.ToStringTest : request params: cn.bjca.footstone.logmask.json.Req(receiveCardNo=___, mobNo=186****2222, email=bingoo.******@gmail.com, address=beijing)
design
| 日志行范围 | 脱敏范围 | 配置示例 | 日志示例 | API支持 | 实现状态 |
|---|---|---|---|---|---|
| 日志行整行 | 正则匹配 | 形式1: 正则表达式 |
1期实现 | ||
| 日志行整行 | KEY锚定 | 形式2: keys=id creditCard address |
key=valuekey='value'key="value"key=[value]key=(value)key={value}key:valuekey:'value'key:"value"key:[value]key:(value)key:{value} |
log4j/logback 自定义Layout | 1期实现 |
| 日志行整行 | 序号锚定 | 形式2: keys=#1 #3 separator=[] |
[value1][value2][value3](value1)(value2)(value3){value1}{value3}{value2} |
TODO | |
| 日志行整行 | JSON KEY锚定 | 形式2: keys=id creditCard address |
{"key":"value"} |
1期实现 | |
| 日志行整行 | XML TAG锚定 | 形式2: keys=id creditCard address |
<key>value</key> |
1期实现 | |
| 日志行中的信息块 | 对象序列化toString/JSON/XML | @LogMask(maskChars = "0")private String creditCard; |
TODO | ||
| 信息块中的子项 | 直接API脱敏指定数据 | LogMask.mask(creditCard);LogMask.mask(creditCard, MaskOption.maskChars("0"))LogMask.maskBankCardNo(creditCard)LogMask.maskMobileNumber(mobile)LogMask.maskEmail(email) |
1期实现 |
resources
- Logback日志信息脱敏
- MyBatis Type Handlers for Encrypt
- java 日志脱敏框架 sensitive,优雅的打印脱敏日志, github houbb/sensitive
- google logback 日志脱敏
- 基于java反射,在运行时动态擦除对象中的敏感信息
- 日志脱敏 DestinyAries / log-tool
- github log desensitization search
- 专治各种数据脱敏-Jackson-fastjson-logback
- Log4j2实现日志脱敏
logback PatternLayout
| Format modifier | Left justify | Minimum width | Maximum width | Comment |
|---|---|---|---|---|
| %20logger | false | 20 | none | Left pad with spaces if the logger name is less than 20 characters long. |
| %-20logger | true | 20 | none | Right pad with spaces if the logger name is less than 20 characters long. |
| %.30logger | NA | none | 30 | Truncate from the beginning if the logger name is longer than 30 characters. |
| %20.30logger | false | 20 | 30 | Left pad with spaces if the logger name is shorter than 20 characters. However, if logger name is longer than 30 characters, then truncate from the beginning. |
| %-20.30logger | true | 20 | 30 | Right pad with spaces if the logger name is shorter than 20 characters. However, if logger name is longer than 30 characters, then truncate from the beginning. |
| %.-30logger | NA | none | 30 | Truncate from the end if the logger name is longer than 30 characters. |
| Format modifier | Logger name | Result |
|---|---|---|
| [%20.20logger] | main.Name | [ main.Name] |
| [%-20.20logger] | main.Name | [main.Name ] |
| [%10.10logger] | main.foo.foo.bar.Name | [o.bar.Name] |
| [%10.-10logger] | main.foo.foo.bar.Name | [main.foo.f] |
google-java-format code formatter
https://github.com/Cosium/git-code-format-maven-plugin
mvn git-code-format:format-code -Dgcf.globPattern="**/*"