search

pingcap / tiflash

The analytical engine for TiDB and TiDB Cloud. Try free: https://tidbcloud.com/free-trial
https://docs.pingcap.com/tidb/stable/tiflash-overview
Apache License 2.0
943 stars 410 forks source link

security: Add "marker" mode for log densensitation #9136

Closed JaySon-Huang closed 3 months ago

JaySon-Huang commented 3 months ago

What problem does this PR solve?

Issue Number: close https://github.com/pingcap/tiflash/issues/8977

Problem Summary:

In the previous PR, https://github.com/pingcap/tiflash/issues/1277, tiflash support setting security.redact_info_log to be set as "true" / "false". If the configuration item is set to true, all user data in the log is replaced by ?.

What is changed and how it works?

Support setting config "security.redact_info_log=marker" for log densensitation

Mark sensitive data with ‹..›. when security.redact_info_log=marker. Note that is not "less" < but U+2039. If the raw data contains , will be escaped to ‹‹, similar to .

Introduce Redact::toMarkerString to handle marking sensitive data with ‹..› and escaping.

Check List

Tests

Side effects

Documentation

Release note

Support "marker" for log densensitation
ti-chi-bot[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JinheLin, Lloyd-Pottiger

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/pingcap/tiflash/blob/master/OWNERS)~~ [JinheLin,Lloyd-Pottiger] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
ti-chi-bot[bot] commented 3 months ago

[LGTM Timeline notifier]

Timeline: