From d0cee75dbcdaa6e5093907b52928acea257aff73 Mon Sep 17 00:00:00 2001 From: "gaoda.xy" Date: Wed, 6 Sep 2023 13:52:00 +0800 Subject: [PATCH 1/4] fix: create duplicated sensitive columns --- .../SensitiveColumnScanningTask.java | 18 +++++++++++++++++- .../datasecurity/SensitiveColumnService.java | 18 +++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java index b02a7ed7aa..df42717445 100644 --- a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java +++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java @@ -20,6 +20,7 @@ import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.concurrent.Callable; import java.util.stream.Collectors; @@ -100,11 +101,26 @@ public Void call() throws Exception { } @AllArgsConstructor - @EqualsAndHashCode private static class SimplifySensitiveColumn { private Long databaseId; private String tableName; private String columnName; + + @Override + public int hashCode() { + return Objects.hash(databaseId, tableName.toLowerCase(), columnName.toLowerCase()); + } + + @Override + public boolean equals(Object obj) { + if (obj instanceof SimplifySensitiveColumn) { + SimplifySensitiveColumn other = (SimplifySensitiveColumn) obj; + return Objects.equals(databaseId, other.databaseId) + && Objects.equals(tableName.toLowerCase(), other.tableName.toLowerCase()) + && Objects.equals(columnName.toLowerCase(), other.columnName.toLowerCase()); + } + return false; + } } } diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java index 56f888a1d0..3b02ac6759 100644 --- a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java +++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java @@ -430,7 +430,6 @@ private void checkoutSensitiveRules(@NotNull Long projectId, @NotEmpty Collectio } @Data - @EqualsAndHashCode private static class SensitiveColumnMeta { private Long databaseId; private String tableName; @@ -441,6 +440,23 @@ public SensitiveColumnMeta(SensitiveColumnEntity entity) { this.tableName = entity.getTableName(); this.columnName = entity.getColumnName(); } + + @Override + public int hashCode() { + return Objects.hash(databaseId, tableName.toLowerCase(), columnName.toLowerCase()); + } + + @Override + public boolean equals(Object obj) { + if (obj instanceof SensitiveColumnMeta) { + SensitiveColumnMeta other = (SensitiveColumnMeta) obj; + return Objects.equals(databaseId, other.databaseId) + && Objects.equals(tableName.toLowerCase(), other.tableName.toLowerCase()) + && Objects.equals(columnName.toLowerCase(), other.columnName.toLowerCase()); + } + return false; + } + } } From cb750a5e804d9b59458693705b868c01d1c726e0 Mon Sep 17 00:00:00 2001 From: "gaoda.xy" Date: Wed, 6 Sep 2023 14:08:58 +0800 Subject: [PATCH 2/4] fix: import sort --- .../odc/service/datasecurity/SensitiveColumnScanningTask.java | 1 - .../odc/service/datasecurity/SensitiveColumnService.java | 1 - 2 files changed, 2 deletions(-) diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java index df42717445..52389a5b15 100644 --- a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java +++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java @@ -36,7 +36,6 @@ import com.oceanbase.tools.dbbrowser.model.DBTableColumn; import lombok.AllArgsConstructor; -import lombok.EqualsAndHashCode; /** * @author gaoda.xy diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java index 3b02ac6759..aba8e22081 100644 --- a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java +++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnService.java @@ -70,7 +70,6 @@ import com.oceanbase.odc.service.iam.auth.AuthenticationFacade; import lombok.Data; -import lombok.EqualsAndHashCode; import lombok.extern.slf4j.Slf4j; /** From 79dc35a6565fb2f8c6542f3fcf8d44d77e1b5f55 Mon Sep 17 00:00:00 2001 From: "gaoda.xy" Date: Wed, 6 Sep 2023 14:21:07 +0800 Subject: [PATCH 3/4] fix: scan duplicated sensitive columns --- .../service/datasecurity/SensitiveColumnScanningTask.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java index 52389a5b15..213ead248c 100644 --- a/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java +++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/datasecurity/SensitiveColumnScanningTask.java @@ -74,8 +74,9 @@ public Void call() throws Exception { for (String tableName : tables) { List sensitiveColumns = new ArrayList<>(); for (DBTableColumn dbTableColumn : table2Columns.get(tableName)) { - if (recognizer.recognize(dbTableColumn) && !existsSensitiveColumns.contains( - new SimplifySensitiveColumn(database.getId(), tableName, dbTableColumn.getName()))) { + SimplifySensitiveColumn currentColumn = + new SimplifySensitiveColumn(database.getId(), tableName, dbTableColumn.getName()); + if (recognizer.recognize(dbTableColumn) && !existsSensitiveColumns.contains(currentColumn)) { SensitiveColumn column = new SensitiveColumn(); column.setDatabase(database); column.setTableName(tableName); @@ -84,6 +85,7 @@ public Void call() throws Exception { column.setSensitiveRuleId(recognizer.sensitiveRuleId()); column.setLevel(recognizer.sensitiveLevel()); sensitiveColumns.add(column); + existsSensitiveColumns.add(currentColumn); } } taskInfo.addSensitiveColumns(sensitiveColumns); From 9a03e0698d49098d63422f971872af9990e3a4da Mon Sep 17 00:00:00 2001 From: "gaoda.xy" Date: Wed, 6 Sep 2023 19:18:57 +0800 Subject: [PATCH 4/4] add: unit test --- .../test_scanning_sensitive_columns_ddl.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/server/integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml b/server/integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml index 4cd4e7ca27..4dae9ba4ca 100644 --- a/server/integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml +++ b/server/integration-test/src/test/resources/datasecurity/test_scanning_sensitive_columns_ddl.yaml @@ -69,6 +69,16 @@ oracle: "SALARY" INT DEFAULT NULL ); COMMENT ON COLUMN "{3}"."DATABASE_2_TABLE_SALARY"."SALARY" IS ''RECORD SALARY OF EMPLOYEES''; + CREATE TABLE "{3}"."table_user"( + "ID" INT NOT NULL, + "NAME" VARCHAR(16) DEFAULT NULL, + "BIRTHDAY" VARCHAR(16) DEFAULT NULL, + "ADDRESS" VARCHAR(16) DEFAULT NULL, + "EMAIL" VARCHAR(16) DEFAULT NULL, + "PHONE_NUMBER" VARCHAR(16) DEFAULT NULL, + "COLUMN_1" VARCHAR(16) DEFAULT NULL + ); + COMMENT ON COLUMN "{3}"."table_user"."COLUMN_1" IS ''RECORD SENSITIVE DATA''; drop: |- DROP USER {2} CASCADE; DROP USER {3} CASCADE;