github/k8sgpt
1
0
Fork 0
mirror of https://github.com/k8sgpt-ai/k8sgpt.git synced 2025-08-01 23:49:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: improve security of the MaskString function

Browse Source 
Signed-off-by: Matthis Holleville <matthish29@gmail.com>
This commit is contained in:
Matthis Holleville 2023-04-11 17:05:30 +02:00
parent 6f0865413f
commit 08f2a89e54
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -237,7 +237,7 @@ k8sgpt analyze --explain --filter=Service --output=json --anonymize
With this option, the data is anonymized before being sent to the AI Backend. During the analysis execution, `k8sgpt` retrieves sensitive data (Kubernetes object names, labels, etc.). This data is masked when sent to the AI backend and replaced by a key that can be used to de-anonymize the data when the solution is returned to the user. With this option, the data is anonymized before being sent to the AI Backend. During the analysis execution, `k8sgpt` retrieves sensitive data (Kubernetes object names, labels, etc.). This data is masked when sent to the AI backend and replaced by a key that can be used to de-anonymize the data when the solution is returned to the user.
For example: <details>
1. Error reported during analysis: 1. Error reported during analysis:
```bash ```bash

10
pkg/util/util.go
View File

@ -2,6 +2,7 @@ package util
import ( import (
"context" "context"
"encoding/base64"
"fmt" "fmt"
"math/rand" "math/rand"
"regexp" "regexp"
@ -10,6 +11,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
var anonymizePattern = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+[]{}|;':\",./<>?")
func GetParent(client *kubernetes.Client, meta metav1.ObjectMeta) (string, bool) { func GetParent(client *kubernetes.Client, meta metav1.ObjectMeta) (string, bool) {
if meta.OwnerReferences != nil { if meta.OwnerReferences != nil {
for _, owner := range meta.OwnerReferences { for _, owner := range meta.OwnerReferences {
@ -101,12 +104,13 @@ func SliceDiff(source, dest []string) []string {
} }
func MaskString(input string) string { func MaskString(input string) string {
letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") key := make([]byte, len(input))
result := make([]rune, len(input)) result := make([]rune, len(input))
rand.Read(key)
for i := range result { for i := range result {
result[i] = letters[rand.Intn(len(letters))] result[i] = anonymizePattern[int(key[i])%len(anonymizePattern)]
} }
return string(result) return base64.StdEncoding.EncodeToString([]byte(string(result)))
} }
func ReplaceIfMatch(text string, pattern string, replacement string) string { func ReplaceIfMatch(text string, pattern string, replacement string) string {