fix(data-security): create sensitive columns with case insensitive sa…

…me column and table names (#175) * fix: create duplicated sensitive columns * fix: import sort * fix: scan duplicated sensitive columns * add: unit test
oceanbase · Sep 6, 2023 · e7bccaf · e7bccaf
1 parent f6f3524
commit e7bccaf
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 6 deletions.
diff --git a/...integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml b/...integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml
@@ -69,6 +69,16 @@ oracle:
     "SALARY" INT DEFAULT NULL
     );
     COMMENT ON COLUMN "{3}"."DATABASE_2_TABLE_SALARY"."SALARY" IS ''RECORD SALARY OF EMPLOYEES'';
+    CREATE TABLE "{3}"."table_user"(
+    "ID" INT NOT NULL,
+    "NAME" VARCHAR(16) DEFAULT NULL,
+    "BIRTHDAY" VARCHAR(16) DEFAULT NULL,
+    "ADDRESS" VARCHAR(16) DEFAULT NULL,
+    "EMAIL" VARCHAR(16) DEFAULT NULL,
+    "PHONE_NUMBER" VARCHAR(16) DEFAULT NULL,
+    "COLUMN_1" VARCHAR(16) DEFAULT NULL
+    );
+    COMMENT ON COLUMN "{3}"."table_user"."COLUMN_1" IS ''RECORD SENSITIVE DATA'';
   drop: |-
     DROP USER {2} CASCADE;
     DROP USER {3} CASCADE;
diff --git a/...ice/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java b/...ice/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java
@@ -20,6 +20,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.Callable;
 import java.util.stream.Collectors;
@@ -35,7 +36,6 @@
 import com.oceanbase.tools.dbbrowser.model.DBTableColumn;
 
 import lombok.AllArgsConstructor;
-import lombok.EqualsAndHashCode;
 
 /**
  * @author gaoda.xy
@@ -74,8 +74,9 @@ public Void call() throws Exception {
             for (String tableName : tables) {
                 List<SensitiveColumn> sensitiveColumns = new ArrayList<>();
                 for (DBTableColumn dbTableColumn : table2Columns.get(tableName)) {
-                    if (recognizer.recognize(dbTableColumn) && !existsSensitiveColumns.contains(
-                            new SimplifySensitiveColumn(database.getId(), tableName, dbTableColumn.getName()))) {
+                    SimplifySensitiveColumn currentColumn =
+                            new SimplifySensitiveColumn(database.getId(), tableName, dbTableColumn.getName());
+                    if (recognizer.recognize(dbTableColumn) && !existsSensitiveColumns.contains(currentColumn)) {
                         SensitiveColumn column = new SensitiveColumn();
                         column.setDatabase(database);
                         column.setTableName(tableName);
@@ -84,6 +85,7 @@ public Void call() throws Exception {
                         column.setSensitiveRuleId(recognizer.sensitiveRuleId());
                         column.setLevel(recognizer.sensitiveLevel());
                         sensitiveColumns.add(column);
+                        existsSensitiveColumns.add(currentColumn);
                     }
                 }
                 taskInfo.addSensitiveColumns(sensitiveColumns);
@@ -100,11 +102,26 @@ public Void call() throws Exception {
     }
 
     @AllArgsConstructor
-    @EqualsAndHashCode
     private static class SimplifySensitiveColumn {
         private Long databaseId;
         private String tableName;
         private String columnName;
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(databaseId, tableName.toLowerCase(), columnName.toLowerCase());
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj instanceof SimplifySensitiveColumn) {
+                SimplifySensitiveColumn other = (SimplifySensitiveColumn) obj;
+                return Objects.equals(databaseId, other.databaseId)
+                        && Objects.equals(tableName.toLowerCase(), other.tableName.toLowerCase())
+                        && Objects.equals(columnName.toLowerCase(), other.columnName.toLowerCase());
+            }
+            return false;
+        }
     }
 
 }
diff --git a/...-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java b/...-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java
@@ -70,7 +70,6 @@
 import com.oceanbase.odc.service.iam.auth.AuthenticationFacade;
 
 import lombok.Data;
-import lombok.EqualsAndHashCode;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -430,7 +429,6 @@ private void checkoutSensitiveRules(@NotNull Long projectId, @NotEmpty Collectio
     }
 
     @Data
-    @EqualsAndHashCode
     private static class SensitiveColumnMeta {
         private Long databaseId;
         private String tableName;
@@ -441,6 +439,23 @@ public SensitiveColumnMeta(SensitiveColumnEntity entity) {
             this.tableName = entity.getTableName();
             this.columnName = entity.getColumnName();
         }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(databaseId, tableName.toLowerCase(), columnName.toLowerCase());
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj instanceof SensitiveColumnMeta) {
+                SensitiveColumnMeta other = (SensitiveColumnMeta) obj;
+                return Objects.equals(databaseId, other.databaseId)
+                        && Objects.equals(tableName.toLowerCase(), other.tableName.toLowerCase())
+                        && Objects.equals(columnName.toLowerCase(), other.columnName.toLowerCase());
+            }
+            return false;
+        }
+
     }
 
 }