dd_sds

package module
v0.0.0-...-574657c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2025 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MatchActionNone          = MatchActionType("None")
	MatchActionRedact        = MatchActionType("Redact")
	MatchActionHash          = MatchActionType("Hash")
	MatchActionPartialRedact = MatchActionType("PartialRedact")

	ReplacementTypeNone         = ReplacementType("none")
	ReplacementTypePlaceholder  = ReplacementType("placeholder")
	ReplacementTypeHash         = ReplacementType("hash")
	ReplacementTypePartialStart = ReplacementType("partial_beginning")
	ReplacementTypePartialEnd   = ReplacementType("partial_end")
)
View Source 
const (
	LuhnChecksum      = SecondaryValidator("LuhnChecksum")
	ChineseIdChecksum = SecondaryValidator("ChineseIdChecksum")
)
View Source 
const (
	FirstCharacters = PartialRedactionDirection("FirstCharacters")
	LastCharacters  = PartialRedactionDirection("LastCharacters")
)
View Source 
const (
	// The ordering here is important, values further down the list have a higher priority when merging.
	MatchStatusNotChecked   = MatchStatus("NotChecked")
	MatchStatusNotAvailable = MatchStatus("NotAvailable")
	MatchStatusInvalid      = MatchStatus("Invalid")
	MatchStatusError        = MatchStatus("Error")
	MatchStatusValid        = MatchStatus("Valid")
)

Variables

View Source 
var (
	ErrUnknown            error = fmt.Errorf("unknown error")
	ErrInvalidRegex       error = fmt.Errorf("invalid regex")
	ErrInvalidKeywords    error = fmt.Errorf("invalid keywords")
	ErrInvalidMatchAction error = fmt.Errorf("invalid match action")
)

Functions

func ValidateRegex 

func ValidateRegex(regex string) (bool, error)

Types

type Duration 

type Duration struct {
	Seconds uint64 `json:"secs"`
	Nanos   uint64 `json:"nanos"`
}

type ExtraConfig 

type ExtraConfig struct {
	ProximityKeywords       *ProximityKeywordsConfig
	SecondaryValidator      SecondaryValidator
	ThirdPartyActiveChecker ThirdPartyActiveChecker
}

ExtraConfig is used to provide more configuration while creating the rules.

type MatchAction 

type MatchAction struct {
	Type MatchActionType
	// used when Type == MatchActionRedact, empty otherwise
	RedactionValue string
	// used when Type == MatchActionPartialRedact, empty otherwise
	CharacterCount uint32
	// used when Type == MatchActionPartialRedact, empty otherwise
	Direction PartialRedactionDirection
}

MatchAction is used to configure the rules.

func (MatchAction) MarshalJSON 

func (m MatchAction) MarshalJSON() ([]byte, error)

MarshalJSON marshals the MatchAction in a format understood by the serde rust JSON library.

type MatchActionType 

type MatchActionType string

type MatchStatus 

type MatchStatus string

type PartialRedactionDirection 

type PartialRedactionDirection string

type ProximityKeywordsConfig 

type ProximityKeywordsConfig struct {
	LookAheadCharacterCount uint32   `json:"look_ahead_character_count"`
	IncludedKeywords        []string `json:"included_keywords"`
	ExcludedKeywords        []string `json:"excluded_keywords"`
}

ProximityKeywordsConfig represents the proximity keyword matching for the core library.

func CreateProximityKeywordsConfig 

func CreateProximityKeywordsConfig(lookAheadCharaceterCount uint32, includedKeywords []string, excludedKeywords []string) *ProximityKeywordsConfig

CreateProximityKeywordsConfig creates a ProximityKeywordsConfig.

type RegexRuleConfig 

type RegexRuleConfig struct {
	Id                      string                   `json:"id"`
	Pattern                 string                   `json:"pattern"`
	MatchAction             MatchAction              `json:"match_action"`
	ProximityKeywords       *ProximityKeywordsConfig `json:"proximity_keywords,omitempty"`
	SecondaryValidator      SecondaryValidator       `json:"validator,omitempty"`
	ThirdPartyActiveChecker ThirdPartyActiveChecker  `json:"third_party_active_checker,omitempty"`
}

func NewHashRule 

func NewHashRule(id string, pattern string, extraConfig ExtraConfig) RegexRuleConfig

NewHashRule returns a matching rule redacting with hashes.

func NewMatchingRule 

func NewMatchingRule(id string, pattern string, extraConfig ExtraConfig) RegexRuleConfig

NewMatchingRule returns a matching rule with no match _action_.

func NewPartialRedactRule 

func NewPartialRedactRule(id string, pattern string, characterCount uint32, direction PartialRedactionDirection, extraConfig ExtraConfig) RegexRuleConfig

NewPartialRedactRule returns a matching rule partially redacting matches.

func NewRedactingRule 

func NewRedactingRule(id string, pattern string, redactionValue string, extraConfig ExtraConfig) RegexRuleConfig

NewRedactingRule returns a matching rule redacting events.

func (RegexRuleConfig) CreateRule 

func (c RegexRuleConfig) CreateRule() (*Rule, error)

type ReplacementType 

type ReplacementType string

type Rule 

type Rule struct {
	// contains filtered or unexported fields
}

func CreateRuleFromRawPtr 

func CreateRuleFromRawPtr(ptr int64) Rule

func (Rule) Delete 

func (r Rule) Delete()

Delete deletes the native resources associated with this Rule. It is safe to delete it while it is still being used by a scanner.

type RuleConfig 

type RuleConfig interface {
	CreateRule() (*Rule, error)
}

type RuleList 

type RuleList struct {
	// contains filtered or unexported fields
}

func CreateRuleList 

func CreateRuleList() RuleList

func (RuleList) AppendRule 

func (l RuleList) AppendRule(r *Rule)

func (RuleList) Delete 

func (r RuleList) Delete()

Delete deletes the native resources associated with this RuleList. It is safe to delete it while it is still being used by a scanner.

type RuleMatch 

type RuleMatch struct {
	RuleIdx           uint32
	Path              string
	ReplacementType   ReplacementType
	StartIndex        uint32
	EndIndexExclusive uint32
	ShiftOffset       int32
	MatchStatus       MatchStatus
}

RuleMatch stores the matches reported by the core library.

type ScanResult 

type ScanResult struct {
	// String Event contains the event after the scan.
	// In case of map input it contains the mutated string. (The input event is mutated in place)
	// If `Mutated` is true:
	//   * it contains the processed event after redaction.
	// If `Mutated` is false:
	//   * it contains the original event, unchanged.
	Event []byte
	// Mutated indicates if the processed event has been
	// mutated or not (e.g. redacted).
	Mutated bool
	// Matches contains all rule matches if any.
	Matches []RuleMatch
}

ScanResult contains a Scan result.

type Scanner 

type Scanner struct {
	// Id of this scanner generated by the SDS library when the scanner is created.
	Id int64
	// They are stored on creation for read-only usage.
	RuleConfigs []RuleConfig
}

Scanner wraps an SDS scanner. See `CreateScanner` to create one providing SDS rules. See `Scan`, `ScanEventsList` or a `ScanEventsMap` for usage.

func CreateScanner 

func CreateScanner(ruleConfigs []RuleConfig) (*Scanner, error)

CreateScanner creates a scanner in the underlying SDS shared library. The library only returns an ID to then address what scanner to use on Scan calls. This ID is stored in the Scanner Go object for convenience. See `Scan` to process events. The rules used to create the Scanner are stored as a read-only information in the returned Scanner.

func (*Scanner) Delete 

func (s *Scanner) Delete()

Delete deletes the instance of the current Scanner. The current Scanner should not be reused.

func (*Scanner) Scan 

func (s *Scanner) Scan(event []byte) (ScanResult, error)

Scan sends the string event to the SDS shared library for processing. withValidateMatching defaults to false.

func (*Scanner) ScanEventsMap 

func (s *Scanner) ScanEventsMap(event map[string]interface{}) (ScanResult, error)

ScanEventsMap sends a map event to the SDS shared library for processing. In case of mutation, event is updated in place. The returned ScanResult contains the mutated string in the Event attribute (not the event) withValidateMatching defaults to false.

func (*Scanner) ScanEventsMapWithValidation 

func (s *Scanner) ScanEventsMapWithValidation(event map[string]interface{}, withValidateMatching bool) (ScanResult, error)

ScanEventsMapWithValidation sends a map event to the SDS shared library for processing with explicit control over match validation. In case of mutation, event is updated in place. The returned ScanResult contains the mutated string in the Event attribute (not the event)

func (*Scanner) ScanWithValidation 

func (s *Scanner) ScanWithValidation(event []byte, withValidateMatching bool) (ScanResult, error)

ScanWithValidation sends the string event to the SDS shared library for processing with explicit control over match validation.

type SecondaryValidator 

type SecondaryValidator string

func (SecondaryValidator) MarshalJSON 

func (s SecondaryValidator) MarshalJSON() ([]byte, error)

MarshalJSON marshales the SecondaryValidator.

type StatusCodeRange 

type StatusCodeRange struct {
	Start int `json:"start"`
	End   int `json:"end"`
}

type ThirdPartyActiveChecker 

type ThirdPartyActiveChecker struct {
	Type   string                        `json:"type"`
	Config ThirdPartyActiveCheckerConfig `json:"config"`
}

ThirdPartyActiveChecker is used to validate if a given match is still active or not. It applies well to tokens that have an expiration date for instance.

func (ThirdPartyActiveChecker) MarshalJSON 

func (t ThirdPartyActiveChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements custom JSON marshaling to handle empty validation types

type ThirdPartyActiveCheckerConfig 

type ThirdPartyActiveCheckerConfig struct {
	*ThirdPartyActiveCheckerConfigAws
	*ThirdPartyActiveCheckerConfigHttp
}

type ThirdPartyActiveCheckerConfigAws 

type ThirdPartyActiveCheckerConfigAws struct {
	Kind           string   `json:"kind"`
	AwsStsEndpoint string   `json:"aws_sts_endpoint"`
	Timeout        Duration `json:"timeout"`
}

type ThirdPartyActiveCheckerConfigHttp 

type ThirdPartyActiveCheckerConfigHttp struct {
	Endpoint               string            `json:"endpoint"`
	Hosts                  []string          `json:"hosts,omitempty"`
	Method                 string            `json:"http_method"`
	RequestHeader          map[string]string `json:"request_headers"`
	ValidHttpStatusCodes   []StatusCodeRange `json:"valid_http_status_code"`
	InvalidHttpStatusCodes []StatusCodeRange `json:"invalid_http_status_code"`
	Timeout                int               `json:"timeout_seconds"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.