tuansandman / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Mask Found Data #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
A co-worker pointed me to this project and I am very interested in it.
However when looking over the sample screen-shots it looks like any found
data is reported in full.  
This now creates an additional location where this information is stored.
Is there any chance that if data is found matching one of the expressions
that you are searching for the data can be masked and just given as a
partial display/report of what was found? 
i.e.
Mastercard | xxxxxxxxxxxx5594
Social_Security_Number_dashes | xxx-xx-4321

Original issue reported on code.google.com by tom...@gmail.com on 3 May 2010 at 3:51

GoogleCodeExporter commented 9 years ago
Edit viewresults.html
after line 443: add this:

                        $pattern =~ s/^(.){4}/xxx/g; #wlb

so it will look like this:

                        my $type = $$results[0];
                        my $pattern = $$results[1];
                        $pattern =~ s/^(.){4}/xxx/g; #wlb
                        my $file = $$results[2];
                        my $offset = $$results[3];
                        my $md5 = $$results[4];
                        my $number = $$results[5];

that masks the first 4 digits with three X's...
alter to taste.

Original comment by atarib...@gmail.com on 3 May 2010 at 6:02

GoogleCodeExporter commented 9 years ago
OK Excellent thanks for the quick reply - 
When I get it fired-up I'll give that adjustment a try.

Thanks again.

Original comment by tom...@gmail.com on 3 May 2010 at 7:35

GoogleCodeExporter commented 9 years ago
I plan to fix this in version 0.2 by only showing the first four and last six 
numbers
of any potential credit cards.  I could also do this for SSNs.

Perhaps a better, long-term solution would be to have an option to mask the 
first 75%
of all found patterns, regardless of what kind of pattern it finds.

Original comment by andrew.O...@gmail.com on 3 May 2010 at 10:52

GoogleCodeExporter commented 9 years ago
First off found this via the slashdot article.... Would it be a better way to 
limit
who role wise could see the whole SSN or CCN?

Example:  level 1 tech would only see there was X number of violations and would
escalate the incident to a higher level person who could see all of the 
violations?

Original comment by jje...@gmail.com on 4 May 2010 at 2:07

GoogleCodeExporter commented 9 years ago
found this off of darknet reading.
issue: is it necessary to copy the found data and stream it out, there by 
creating 
another instance of it to maintain?
suggestion: would it be enough to flag and count the pattern matches along with 
a 
pointer to trace back to source?

Original comment by dkrish...@gmail.com on 4 May 2010 at 4:53

GoogleCodeExporter commented 9 years ago
I will mask found data in version 0.2, which should be out within two weeks (I 
am
making other enhancements and fixing bugs, too).

Tracing to the source is a good idea, I could implement that in version 0.3.

Original comment by andrew.O...@gmail.com on 4 May 2010 at 5:00

GoogleCodeExporter commented 9 years ago

Original comment by andrew.O...@gmail.com on 4 May 2010 at 5:05

GoogleCodeExporter commented 9 years ago
Fixed in release 0.2.

Original comment by andrew.O...@gmail.com on 12 May 2010 at 11:14