Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Add "marker" mode for log densensitation #9136

Merged
merged 13 commits into from
Jun 18, 2024
Merged

security: Add "marker" mode for log densensitation #9136

merged 13 commits into from
Jun 18, 2024

Conversation

JaySon-Huang
Copy link
Contributor

@JaySon-Huang JaySon-Huang commented Jun 9, 2024
edited
Loading

What problem does this PR solve?

Issue Number: close #8977

Problem Summary:

In the previous PR, #1277, tiflash support setting security.redact_info_log to be set as "true" / "false".
If the configuration item is set to true, all user data in the log is replaced by ?.

What is changed and how it works?

Support setting config "security.redact_info_log=marker" for log densensitation

Mark sensitive data with ‹..›. when security.redact_info_log=marker. Note that is not "less" < but U+2039. If the raw data contains , will be escaped to ‹‹, similar to .

Introduce Redact::toMarkerString to handle marking sensitive data with ‹..› and escaping.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Support "marker" for log densensitation

@ti-chi-bot ti-chi-bot bot added release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jun 9, 2024
@ti-chi-bot ti-chi-bot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jun 11, 2024
@JaySon-Huang JaySon-Huang mentioned this pull request Jun 11, 2024
Closed
Lloyd-Pottiger
Lloyd-Pottiger reviewed Jun 18, 2024
View reviewed changes
dbms/src/Common/FieldVisitors.cpp
@@ -221,57 +221,121 @@ String FieldVisitorToString::operator()(const Tuple & x_def) const

String FieldVisitorToDebugString::operator()(const Null &) const
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use template to reduce similar code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The UInt64/Int64/DecimalField<...> share the similar code, but other types are not.
We can try to eliminate it using std::enable_if, but it is not related to this PR change, maybe we can do it in another PR.

@ti-chi-bot ti-chi-bot bot added needs-1-more-lgtm Indicates a PR needs 1 more LGTM. approved labels Jun 18, 2024
@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jun 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JinheLin, Lloyd-Pottiger

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JinheLin,Lloyd-Pottiger]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Jun 18, 2024
@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jun 18, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-06-18 03:40:00.189331854 +0000 UTC m=+86126.674820681: ☑️ agreed by JinheLin.
  • 2024-06-18 03:47:05.417885443 +0000 UTC m=+86551.903374275: ☑️ agreed by Lloyd-Pottiger.

@ti-chi-bot ti-chi-bot bot merged commit 649cd26 into pingcap:master Jun 18, 2024
4 of 5 checks passed
@JaySon-Huang JaySon-Huang deleted the log_densensitation branch June 18, 2024 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lloyd-Pottiger Lloyd-Pottiger Lloyd-Pottiger approved these changes

@JinheLin JinheLin JinheLin approved these changes

@CalvinNeo CalvinNeo Awaiting requested review from CalvinNeo

Assignees
No one assigned
Labels
approved lgtm release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

log densensitation in tiflash
3 participants
@JaySon-Huang @JinheLin @Lloyd-Pottiger