payu / fluent-plugin-masking Goto Github PK

View Code? Open in Web Editor NEW

9.0 7.0 1.0 107 KB

Fluentd filter plugin to mask sensitive or privacy records in event messages

Home Page: https://rubygems.org/gems/fluent-plugin-masking

Ruby 100.00%

fluentd-filter-plugin masking gdpr fluentd fluentd-plugin

fluent-plugin-masking's Introduction

fluent-plugin-masking

Overview

Fluentd filter plugin to mask sensitive or privacy records with ******* in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask.

Requirements

fluent-plugin-masking	fluentd	ruby
1.2.x	>= v0.14.0	>= 2.5

Installation

Install with gem:

fluent-gem install fluent-plugin-masking

Setup

In order to setup this plugin, the parameter fieldsToMaskFilePath needs to be a valid path to a file containing a list of all the fields to mask. The file should have a unique field on each line. These fields are case-sensitive (Name != name). in case you need one (or more) of the fields to be case insensitive, use the /i suffix in your field name. see example below.

Optional configuration

fieldsToExcludeJSONPaths - this field receives as input a comma separated string of JSON fields that should be excluded in the masking procedure. Nested JSON fields are supported by dot notation (i.e: path.to.excluded.field.in.record.nestedExcludedField) The JSON fields that are excluded are comma separated.
This can be used for logs of registration services or audit log entries which do not need to be masked.
handleSpecialEscapedJsonCases - a boolean value that try to fix special escaped json cases. this feature is currently on alpha stage (default: false). for more details about thoose special cases see Special Json Cases

An example with optional configuration parameters:

<filter "**">
  @type masking
  fieldsToMaskFilePath "/path/to/fields-to-mask-file"
  fieldsToExcludeJSONPaths "excludedField,exclude.path.nestedExcludedField"
  handleSpecialEscapedJsonCases true
</filter>

Example fields-to-mask-file:

name
email
phone/i # the '/i' suffix will make sure phone field will be case insensitive

Quick Guide

Configuration:

# fluent.conf
----------------------------------
<source>
  @type tail
  path /tmp/test.log
  pos_file /tmp/test.log.pos
  tag maskme
  format none
</source>

<filter "**">
  @type masking
  fieldsToMaskFilePath "/path/to/fields-to-mask-file"
  fieldsToExcludeJSONPaths "excludedField,exclude.path.nestedExcludedField"
</filter>

<match "**">
  @type stdout
</match>



# /path/to/fields-to-mask-file
----------------------------------
first_name
last_name
address
phone
password
email

Result

To run the above configuration, run the following commands:

fluentd -c fluent.conf
echo '{ :body => "{\"first_name\":\"mickey\", \"type\":\"puggle\", \"last_name\":\"the-dog\", \"password\":\"d0g43u39\"}"}' > /tmp/test.log

This sample result is created from the above configuration file fluent.conf. As expected, the following fields configured to be masked are masked with ******* in the output.

2019-09-15 16:12:50.359191000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"*******\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"*******\\\", \\\"password\\\":\\\"*******\\\"}\"}"}

A sample with exclude in use:

fluentd -c fluent.conf
echo '{ :body => "{\"first_name\":\"mickey\", \"type\":\"puggle\", \"last_name\":\"the-dog\", \"password\":\"d0g43u39\"}", "excludeMaskFields"=>"first_name,last_name"}' > /tmp/test.log

2019-12-01 14:25:53.385681000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"mickey\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"the-dog\\\", \\\"password\\\":\\\"*******\\\"}\"}"}

Run Unit Tests

gem install bundler
bundle install
ruby -r ./test/*.rb

Special escaped json cases handling

fluent-plugin-masking's People

Contributors

Stargazers

Watchers

Forkers

laurivers

fluent-plugin-masking's Issues

case insensitive support

we should support case insensitive configuration fields using the '/i' annotation

Fields not getting masked

Hi,

I am trying to test this plugin on Windows 10 using td-agent v4, but defined fields are not getting masked. I ran td-agent in debug mode as well, but no there is message on what is going wrong. During td-agent startup, plugin does get loaded and fields to be masked are also read properly.

As you can see from attached files, I am trying to mask the key "ProviderName" and "Computer". This is the output (with dummy value for "Computer" tag), as you can see both keys are not getting masked:

--- sample log entries ---
2022-01-06 12:37:55.877141700 +0530 winevt.raw: {"ProviderName":"Nexthink Collector","ProviderGUID":"","EventID":"3221225728","Level":"2","Task":"1","Opcode":"0","Keywords":"0x80000000000000","TimeCreated":"2022/01/06 07:07:55.85937600","EventRecordID":"198171","ActivityID":"","RelatedActivityID":"","ProcessID":"0","ThreadID":"0","Channel":"Application","Computer":"N-LAPTOPID.domain.net","UserID":"","Version":"0","Description":"Connection to Nexthink Appliance cannot be established: Websocket error: Host not found: [Host not found] [appliance host: engine9.domain.net:8443]","EventData":["Connection to Nexthink Appliance cannot be established: Websocket error: Host not found: [Host not found] [appliance host: engine9.domain.net:8443]"]}

2022-01-06 12:34:13.877078900 +0530 winevt.raw: {"ProviderName":"ESENT","ProviderGUID":"","EventID":"102","Level":"4","Task":"1","Opcode":"0","Keywords":"0x80000000000000","TimeCreated":"2022/01/06 07:04:12.183182000","EventRecordID":"198155","ActivityID":"","RelatedActivityID":"","ProcessID":"0","ThreadID":"0","Channel":"Application","Computer":"N-LAPTOPID.domain.net","UserID":"","Version":"0","Description":"Video.UI (18280,P,98) {F28496CB-2EF7-4366-B722-51C0D5BFB252}: The database engine (10.00.18363.0000) is starting a new instance (0).","EventData":["Video.UI","18280,P,98","{F28496CB-2EF7-4366-B722-51C0D5BFB252}: ","0","10","00","18363","0000"]}
--- sample log entries ---

--- startup log ---
2022-01-06 12:27:03 +0530 [info]: adding match pattern="winevt.raw" type="stdout"
2022-01-06 12:27:05 +0530 [info]: adding filter pattern="**" type="masking"
black list fields:
ProviderName
Computer
--- startup log ---

Any ideas on what could be going wrong here? Thanks in advance.

test-files.zip

tests: Add code coverage

add unit test code coverage + badge in README

feat: Allow specific logs to skip the masking

Add ability to exclude logs from being masked by some parameter (service-name, etc)

Masking Password

is it possible to mask if the password is being printed like this.
2020-06-12 12:18:17.433000000 +0530 MyService: {"traceId":"a065669a08ce23d3","spanId":"a065669a08ce23d3","spanExportable":"true","X-Span-Export":"true","level":"INFO","X-B3-SpanId":"a065669a08ce23d3","logger":"com.sreyas.Controller","X-B3-TraceId":"a065669a08ce23d3","thread":"http-nio-8094-exec-6","message":"XXXXXXXX received... check..data [host=localhost, port=999, uuid=uuid, password:admin@123, time=2020-06-04 16:20:40.246, licId=licid]","Source":"MyService","TAG":"MyService"}

I have specified password in the file but it is not getting masked..

Any thoughts.?

chore: Add CI/CD pipeline

Add CI/CD pipeline for testing and releases