在调试 AgentMetricExporter 发送到 Azure 的指标时,我注意到导出器在 URL 中传输敏感数据。有没有办法屏蔽这些数据?
例如:
2024-05-22 13:24:58.300+02:00 DEBUG c.m.a.a.i.e.AgentMetricExporter - exporting metric: ImmutableMetricData{resource=Resource{schemaUrl=null, attributes={service.name="service", telemetry.sdk.language="java", telemetry.sdk.name="opentelemetry", telemetry.sdk.version="1.35.0"}},
instrumentationScopeInfo=InstrumentationScopeInfo{name=io.opentelemetry.reactor-netty-1.0, version=2.1.0-alpha, schemaUrl=null, attributes={}},
name=http.client.request.duration, description=Duration of HTTP client requests., unit=s, type=HISTOGRAM, data=ImmutableHistogramData{aggregationTemporality=DELTA,
points=[ImmutableHistogramPointData{getStartEpochNanos=1716377068294723190, getEpochNanos=1716377098295144750, getAttributes={http.response.status_code=200, server.address="instance.blob.core.windows.net"},
getSum=0.116184521, getCount=1, hasMin=true, getMin=0.116184521, hasMax=true, getMax=0.116184521, getBoundaries=[0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1.0, 2.5, 5.0, 7.5, 10.0], getCounts=[0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0],
getExemplars=[ImmutableDoubleExemplarData{filteredAttributes={http.request.method="GET", network.peer.address="20.38.118.132", network.peer.port=443, network.protocol.version="1.1",
url.full="https://instance.blob.core.windows.net/$web?restype=container&comp=list&prefix=done.txt&sv=2022-11-02&ss=bfqt&srt=sco&sp=**SensitiveData**&se=2026-04-29T19:15:56Z&st=2024-04-29T11:15:56Z&spr=https&sig=**SensitiveData**"},
epochNanos=1716377096208012594, spanContext=ImmutableSpanContext{traceId=ac10c70992cc162cf3256eeb680b59b3, spanId=f15cff0924af7f7b, traceFlags=01, traceState=ArrayBasedTraceState{entries=[]}, remote=false, valid=true}, value=0.116184521}]}]}}
有关于如何处理这个问题的指导吗?
谢谢!
我注意到导出器在 URL 中传输敏感数据。有没有办法屏蔽这些数据?
代码:
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class SensitiveDataMaskingProcessor {
private static final String MASKED_URL = "[MASKED_URL]";
// Regular expression pattern to match sensitive URLs
private static final Pattern URL_PATTERN = Pattern.compile("https://instance\\.blob\\.core\\.windows\\.net/.*");
public String maskSensitiveData(String logMessage) {
// Find and replace sensitive URLs with placeholders
Matcher matcher = URL_PATTERN.matcher(logMessage);
StringBuffer maskedLog = new StringBuffer();
while (matcher.find()) {
matcher.appendReplacement(maskedLog, MASKED_URL);
}
matcher.appendTail(maskedLog);
return maskedLog.toString();
}
public static void main(String[] args) {
// Example usage
String logMessage = "2024-05-22 13:24:58.300+02:00 DEBUG c.m.a.a.i.e.AgentMetricExporter - exporting metric: ImmutableMetricData{resource=Resource{schemaUrl=null, attributes={service.name=\"service\", telemetry.sdk.language=\"java\", telemetry.sdk.name=\"opentelemetry\", telemetry.sdk.version=\"1.35.0\"}}, ...}";
SensitiveDataMaskingProcessor processor = new SensitiveDataMaskingProcessor();
String maskedLog = processor.maskSensitiveData(logMessage);
System.out.println("Original log:");
System.out.println(logMessage);
System.out.println("\nMasked log:");
System.out.println(maskedLog);
}
}
maskSensitiveData
方法使用正则表达式模式扫描日志消息中的敏感 URL。[MASKED_URL]
占位符。结果: