-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MySQL数据脱敏inception改为goinception #1307
Conversation
嘶,有点问题, select a.* from t1 a 没有脱敏效果 |
Codecov Report
@@ Coverage Diff @@
## master #1307 +/- ##
==========================================
- Coverage 78.00% 75.72% -2.29%
==========================================
Files 79 80 +1
Lines 12236 12465 +229
==========================================
- Hits 9545 9439 -106
- Misses 2691 3026 +335
Continue to review full report at Codecov.
|
@hhyo 哈喽,帮忙看看呗,我再最新的values.yaml和docker-compose.yml中声明了使用最新的goInception版本,但是测试时,仍然使用旧的版本,是我哪里没有写对么? |
* oracle脱敏更换函数 * ci测试Oracle语法问题 * 删除了注释备份 * 修改了测试sql
脱敏的测试都是使用的mock,并非是真实获取inception信息,只需要修改case里面的mock数据格式即可 |
…inception-goInception
…e/Archery into masking-inception-goInception
看ci还有一个错误 |
好像这样可以了? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
如果确认可以完全替代inception,建议直接剔除inception相关的所有代码
我们不考虑做个兼容版么?是不是有同学还喜欢用inception啊。 |
没必要了,目前的版本inception只用来做语句解析,已经不支持审核执行,脱敏如果可以替代,就没有保留的必要 |
这个里面失效的场景可以都验证下 |
我 try try |
改了一版,将引用inception都改为引用goinception |
# 解析查询语句,禁用部分Inception无法解析关键词 | ||
p = sqlparse.parse(sql)[0] | ||
for token in p.tokens: | ||
if token.ttype is Keyword and token.value.upper() in ['UNION', 'UNION ALL']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
可以测试下是否已经支持这种无法的解析
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个['UNION', 'UNION ALL'] goinception在v1.2.4-73 版本后[https://github.com/hanchuanchuan/goInception/issues/351]已经支持了,返回的是一个重复的list,archery需要增加一个去重函数,我稍后更新一下。
table_ref.append({'schema': list_i['schema'], 'table': list_i['table']}) | ||
|
||
# 获取全部激活的脱敏字段信息,减少循环查询,提升效率 | ||
masking_columns = DataMaskingColumns.objects.filter(active=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
以前不了解,实际上懒加载这块不会真正查询,不过脱敏效率好像还行
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个地方我也没搞懂,不过,好像没啥问题。
已合并,docker镜像push后演示地址会自动更新,辛苦做一些测试验证,同时相关的文档也可以进行一些调整和补充,感谢~ |
好的,我look look |
|
测试发现两个问题,覆盖场景比Inception的少,需要解决一下
上述例子都可以在演示环境进行测试 |
#Inception转为goInception,将archery中数据脱敏的IP和端口指向goInception的
#不修改整体逻辑,主要修改由goInception返回的结果中关键字,比如db修改为schema
#后续再优化逻辑,似乎并没有命中*判断