-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathobfuscation.go
114 lines (103 loc) · 2.59 KB
/
obfuscation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package dsunit
import (
"bytes"
"context"
"encoding/base64"
"fmt"
"github.com/viant/afs"
"github.com/viant/scy/kms"
"math/rand"
"strings"
"time"
)
type ObfuscationMethod string
const (
ObfuscationMethodReplace = "replace"
ObfuscationMethodShuffle = "shuffle"
ObfuscationMethodDictionary = "dictionary"
ObfuscationMethodCipher = "cipher"
)
type Obfuscation struct {
Columns []string
Method ObfuscationMethod
DictionaryURL string
Dictionary []string
Key *kms.Key
IDKey string
Template string
}
func (o *Obfuscation) Init(ctx context.Context) {
if o.Method == ObfuscationMethodCipher {
if o.Key == nil {
if o.Key == nil {
o.Key = &kms.Key{}
}
}
if o.Key.Scheme == "" {
o.Key.Scheme = "blowfish"
}
if o.Key.Auth == "" {
o.Key.Auth = "default"
}
}
if o.IDKey == "" {
o.IDKey = "ID"
}
if o.DictionaryURL == "" || len(o.Dictionary) > 0 {
return
}
fs := afs.New()
data, _ := fs.DownloadWithURL(ctx, o.DictionaryURL)
lines := bytes.Split(data, []byte("\n"))
for _, line := range lines {
o.Columns = append(o.Columns, strings.TrimSpace(string(line)))
}
if o.Template == "" {
o.Template = "%s_%v"
}
}
var rnd = rand.New(rand.NewSource(time.Now().UnixNano()))
func (o *Obfuscation) Obfuscate(ctx context.Context, value string, record map[string]interface{}, column string) (string, error) {
switch o.Method {
case "", ObfuscationMethodReplace:
id, ok := record[o.IDKey]
if !ok {
id = int(rnd.Int31())
}
switch strings.Count(o.Template, "%") {
case 1:
return fmt.Sprintf(o.Template, id), nil
}
return fmt.Sprintf(o.Template, column, id), nil
case ObfuscationMethodShuffle:
return o.shuffle(value), nil
case ObfuscationMethodDictionary:
if len(o.Dictionary) == 0 {
return value, fmt.Errorf("dictionary was empty: %v", o.DictionaryURL)
}
return o.randDictionaryValue(), nil
case ObfuscationMethodCipher:
cipher, err := kms.Lookup(o.Key.Scheme)
if err != nil {
return "", err
}
enc, err := cipher.Encrypt(ctx, o.Key, []byte(value))
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(enc), nil
default:
return "", fmt.Errorf("unsupported obfuscation method:%v", o.Method)
}
}
func (o *Obfuscation) randDictionaryValue() string {
rand.Seed(time.Now().UnixNano())
index := int(rand.Int31()) % len(o.Dictionary)
return o.Dictionary[index]
}
func (o *Obfuscation) shuffle(value string) string {
rand.Seed(time.Now().UnixNano())
data := []byte(value)
rand.Shuffle(len(data), func(i, j int) { data[i], data[j] = data[j], data[i] })
return string(data)
}