From a8ea72166e75c0a5cd52febf8887dc2ad93aae6c Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Wed, 13 Nov 2024 17:13:08 +0800 Subject: [PATCH 1/4] initial commit --- .../logsfilter/DesensitizedConverter.java | 50 +++++++++++++++++++ .../core/net/service/relay/RelayService.java | 7 +++ framework/src/main/resources/logback.xml | 2 + .../logsfilter/DesensitizedConverterTest.java | 22 ++++++++ 4 files changed, 81 insertions(+) create mode 100644 framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java create mode 100644 framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java diff --git a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java new file mode 100644 index 00000000000..073495d1015 --- /dev/null +++ b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java @@ -0,0 +1,50 @@ +package org.tron.common.logsfilter; + +import ch.qos.logback.classic.pattern.ClassicConverter; +import ch.qos.logback.classic.spi.ILoggingEvent; +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import lombok.extern.slf4j.Slf4j; +import org.tron.core.config.args.Args; + +@Slf4j(topic = "Parser") +public class DesensitizedConverter extends ClassicConverter { + + private static final int SENSITIVE_WORD_SIZE = 1_000; + + private static final Pattern pattern = Pattern.compile( + "/(((25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d)))\\.){3}(25[0-5]|2[0-4]\\d|((1\\d{2})|" + + "([1-9]?\\d))))"); + + private static final Cache sensitiveCache = CacheBuilder.newBuilder() + .maximumSize(SENSITIVE_WORD_SIZE) + .recordStats().build(); + + public static void addSensitive(String key, String value) { + sensitiveCache.put(key, value); + } + + public String desensitization(String content) { + if (sensitiveCache.size() > 0) { + Matcher matcher = pattern.matcher(content); + while (matcher.find()) { + String key = matcher.group(); + String value = sensitiveCache.getIfPresent(key); + if (value != null) { + content = content.replaceAll(key, value); + } else { + content = content.replaceAll(key, "unknown"); + } + } + } + return content; + } + + @Override + public String convert(ILoggingEvent iLoggingEvent) { + String source = iLoggingEvent.getFormattedMessage(); + return Args.getInstance().isFastForward() ? desensitization(source) : source; + } +} diff --git a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java index dfc5f2e89da..388080a1039 100644 --- a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java +++ b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java @@ -18,8 +18,11 @@ import org.tron.common.crypto.SignInterface; import org.tron.common.crypto.SignUtils; import org.tron.common.es.ExecutorServiceManager; +import org.tron.common.logsfilter.DesensitizedConverter; import org.tron.common.parameter.CommonParameter; import org.tron.common.utils.ByteArray; +import org.tron.common.utils.ByteUtil; +import org.tron.common.utils.DecodeUtil; import org.tron.common.utils.Sha256Hash; import org.tron.core.ChainBaseManager; import org.tron.core.capsule.TransactionCapsule; @@ -156,6 +159,10 @@ public boolean checkHelloMessage(HelloMessage message, Channel channel) { } if (flag) { TronNetService.getP2pConfig().getTrustNodes().add(channel.getInetAddress()); + byte[] addressByte = ByteUtil.merge(new byte[] {DecodeUtil.addressPreFixByte}, + msg.getAddress().toByteArray()); + DesensitizedConverter.addSensitive(channel.getInetAddress().toString(), + ByteArray.toHexString(addressByte)); } return flag; } catch (Exception e) { diff --git a/framework/src/main/resources/logback.xml b/framework/src/main/resources/logback.xml index 39c7f463172..7d761bda931 100644 --- a/framework/src/main/resources/logback.xml +++ b/framework/src/main/resources/logback.xml @@ -4,6 +4,8 @@ + diff --git a/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java b/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java new file mode 100644 index 00000000000..03ba6276e55 --- /dev/null +++ b/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java @@ -0,0 +1,22 @@ +package org.tron.common.logsfilter; + +import org.junit.Assert; +import org.junit.Test; + +public class DesensitizedConverterTest { + + @Test + public void testReplace() { + DesensitizedConverter converter = new DesensitizedConverter(); + DesensitizedConverter.addSensitive("/192.168.1.10", "address1"); + DesensitizedConverter.addSensitive("/197.168.1.10", "address2"); + + String logStr1 = "This is test log /192.168.1.10:100, /197.168.1.10:200, /197.168.1.10:100"; + Assert.assertEquals("This is test log address1:100, address2:200, address2:100", + converter.desensitization(logStr1)); + + String logStr2 = "This is test log /192.168.1.100:100, /197.168.1.10:200, /197.168.1.10:100"; + Assert.assertEquals("This is test log unknown:100, address2:200, address2:100", + converter.desensitization(logStr2)); + } +} From a31763e43a0965c17c9fa1c9eea788e99a8dce6f Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Wed, 13 Nov 2024 17:24:24 +0800 Subject: [PATCH 2/4] revise if sensitiveCache is empty --- .../logsfilter/DesensitizedConverter.java | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java index 073495d1015..a618d1243de 100644 --- a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java +++ b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java @@ -27,18 +27,17 @@ public static void addSensitive(String key, String value) { } public String desensitization(String content) { - if (sensitiveCache.size() > 0) { - Matcher matcher = pattern.matcher(content); - while (matcher.find()) { - String key = matcher.group(); - String value = sensitiveCache.getIfPresent(key); - if (value != null) { - content = content.replaceAll(key, value); - } else { - content = content.replaceAll(key, "unknown"); - } + Matcher matcher = pattern.matcher(content); + while (matcher.find()) { + String key = matcher.group(); + String value = sensitiveCache.getIfPresent(key); + if (value != null) { + content = content.replaceAll(key, value); + } else { + content = content.replaceAll(key, "unknown"); } } + return content; } From a154dcbe5f48a74972ea11ec831458ee81b34956 Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Wed, 13 Nov 2024 17:51:41 +0800 Subject: [PATCH 3/4] ignore / of address --- .../java/org/tron/common/logsfilter/DesensitizedConverter.java | 2 +- .../main/java/org/tron/core/net/service/relay/RelayService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java index a618d1243de..84a681fe379 100644 --- a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java +++ b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java @@ -15,7 +15,7 @@ public class DesensitizedConverter extends ClassicConverter { private static final int SENSITIVE_WORD_SIZE = 1_000; private static final Pattern pattern = Pattern.compile( - "/(((25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d)))\\.){3}(25[0-5]|2[0-4]\\d|((1\\d{2})|" + "(((25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d)))\\.){3}(25[0-5]|2[0-4]\\d|((1\\d{2})|" + "([1-9]?\\d))))"); private static final Cache sensitiveCache = CacheBuilder.newBuilder() diff --git a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java index 388080a1039..90463f8ab46 100644 --- a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java +++ b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java @@ -161,7 +161,7 @@ public boolean checkHelloMessage(HelloMessage message, Channel channel) { TronNetService.getP2pConfig().getTrustNodes().add(channel.getInetAddress()); byte[] addressByte = ByteUtil.merge(new byte[] {DecodeUtil.addressPreFixByte}, msg.getAddress().toByteArray()); - DesensitizedConverter.addSensitive(channel.getInetAddress().toString(), + DesensitizedConverter.addSensitive(channel.getInetAddress().toString().substring(1), ByteArray.toHexString(addressByte)); } return flag; From 7bd057d4356380bfc26e90e655a7aa6ba6887340 Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Thu, 14 Nov 2024 10:35:22 +0800 Subject: [PATCH 4/4] replace unknown ip with string IP --- .../logsfilter/DesensitizedConverter.java | 4 ++-- .../logsfilter/DesensitizedConverterTest.java | 23 +++++++++++++------ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java index 84a681fe379..1cbe5101f40 100644 --- a/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java +++ b/framework/src/main/java/org/tron/common/logsfilter/DesensitizedConverter.java @@ -26,7 +26,7 @@ public static void addSensitive(String key, String value) { sensitiveCache.put(key, value); } - public String desensitization(String content) { + private String desensitization(String content) { Matcher matcher = pattern.matcher(content); while (matcher.find()) { String key = matcher.group(); @@ -34,7 +34,7 @@ public String desensitization(String content) { if (value != null) { content = content.replaceAll(key, value); } else { - content = content.replaceAll(key, "unknown"); + content = content.replaceAll(key, "IP"); } } diff --git a/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java b/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java index 03ba6276e55..c584d5adf06 100644 --- a/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java +++ b/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java @@ -1,22 +1,31 @@ package org.tron.common.logsfilter; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import org.junit.Assert; import org.junit.Test; public class DesensitizedConverterTest { @Test - public void testReplace() { + public void testReplace() + throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { DesensitizedConverter converter = new DesensitizedConverter(); - DesensitizedConverter.addSensitive("/192.168.1.10", "address1"); - DesensitizedConverter.addSensitive("/197.168.1.10", "address2"); + DesensitizedConverter.addSensitive("192.168.1.10", "address1"); + DesensitizedConverter.addSensitive("197.168.1.10", "address2"); + + Method method = converter.getClass().getDeclaredMethod( + "desensitization", String.class); + method.setAccessible(true); String logStr1 = "This is test log /192.168.1.10:100, /197.168.1.10:200, /197.168.1.10:100"; - Assert.assertEquals("This is test log address1:100, address2:200, address2:100", - converter.desensitization(logStr1)); + String result1 = (String) method.invoke(converter, logStr1); + Assert.assertEquals("This is test log /address1:100, /address2:200, /address2:100", + result1); String logStr2 = "This is test log /192.168.1.100:100, /197.168.1.10:200, /197.168.1.10:100"; - Assert.assertEquals("This is test log unknown:100, address2:200, address2:100", - converter.desensitization(logStr2)); + String result2 = (String) method.invoke(converter, logStr2); + Assert.assertEquals("This is test log /IP:100, /address2:200, /address2:100", + result2); } }