PakhomovAlexander commented on code in PR #1848: URL: https://github.com/apache/ignite-3/pull/1848#discussion_r1151639641
########## modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/JsonMasker.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.rest.configuration; + +import static java.util.Collections.emptySet; + +import com.fasterxml.jackson.core.JsonFactory; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import com.fasterxml.jackson.databind.node.TextNode; +import java.io.IOException; +import java.util.Locale; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * JSON masker. + */ +public class JsonMasker { + + private static final String MASKING_DIGIT = "*"; Review Comment: ```suggestion private static final String MASKING_SYMBOL = "*"; ``` ########## modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/JsonMaskerTest.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.rest.configuration; + +import static java.util.Collections.emptySet; +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.util.Set; +import org.junit.jupiter.api.Test; + +class JsonMaskerTest { + + private final Set<String> keysToMask = Set.of("credentials"); + private final JsonMasker jsonMasker = new JsonMasker(); Review Comment: Why JsonMasker can't set `keysToMask` in constructor? Seems like it is a part of object configuration and can be put to the constructor instead of propagating it in the method signature. ########## modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/JsonMasker.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.rest.configuration; + +import static java.util.Collections.emptySet; + +import com.fasterxml.jackson.core.JsonFactory; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import com.fasterxml.jackson.databind.node.TextNode; +import java.io.IOException; +import java.util.Locale; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * JSON masker. + */ +public class JsonMasker { + + private static final String MASKING_DIGIT = "*"; + + private final ObjectMapper mapper = new ObjectMapper(); + + /** + * Masks the given JSON string. + * + * @param json JSON string. + * @param keysToMask Set of keys to mask. If empty, all keys will be masked. + * @return Masked {@link JsonNode}. + */ + public JsonNode mask(String json, Set<String> keysToMask) { + Set<String> keysToMaskInLowerCase = keysToMask.stream() + .map(it -> it.toLowerCase(Locale.ROOT)) + .collect(Collectors.toSet()); + return traverseAndMask(stringToJsonNode(json).deepCopy(), keysToMaskInLowerCase); + } + + private JsonNode traverseAndMask(JsonNode target, Set<String> keysToMask) { + if (target.isTextual() && keysToMask.isEmpty()) { + return new TextNode(maskString(target.textValue())); + } + + if (target.isArray()) { + for (int i = 0; i < target.size(); i++) { + ((ArrayNode) target).set(i, traverseAndMask(target.get(i), keysToMask)); + } + } + + if (target.isObject()) { + ObjectNode targetObjectNode = (ObjectNode) target; + target.fields().forEachRemaining(field -> { + if (keysToMask.isEmpty()) { + targetObjectNode.replace(field.getKey(), traverseAndMask(field.getValue(), emptySet())); + } else if (keysToMask.contains(field.getKey().toLowerCase(Locale.ROOT))) { + targetObjectNode.replace(field.getKey(), traverseAndMask(field.getValue(), emptySet())); + } else { + traverseAndMask(field.getValue(), keysToMask); + } + } + ); + } + + return target; + } + + private String maskString(String str) { + return MASKING_DIGIT.repeat(str.length()); Review Comment: No, we cannot use the password value as a reference for the length. We expose the password length here. Let's use some fixed number like 6. ########## modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/AbstractConfigurationController.java: ########## @@ -17,15 +17,24 @@ package org.apache.ignite.internal.rest.configuration; +import java.util.Collections; +import java.util.Set; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionException; +import java.util.regex.Pattern; +import java.util.stream.Collectors; import org.apache.ignite.configuration.validation.ConfigurationValidationException; import org.apache.ignite.lang.IgniteException; /** * Base configuration controller. */ public abstract class AbstractConfigurationController { + + private final Set<String> keysToMask = Set.of("password"); + private final Pattern sensitiveInfoprmationPattern = sensitiveInfoprmationPattern(); Review Comment: ```suggestion private final Pattern sensitiveInformationPattern = sensitiveInformationPattern(); ``` ########## modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/AbstractConfigurationController.java: ########## @@ -39,7 +48,7 @@ public AbstractConfigurationController(ConfigurationPresentation<String> cfgPres * @return the presentation of configuration. */ public String getConfiguration() { - return cfgPresentation.represent(); + return maskSensitiveInformation("", cfgPresentation.represent()); Review Comment: Could you override the method in a way it would take only one argument `String configuration` and call `maskSensitiveInformation("", configuration)` inside? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
