使用调试程序可能会暴露应用中的敏感数据,如电子邮件地址和帐号等。您可以配置屏蔽名单和屏蔽名单例外,以阻止调试程序代理访问这些敏感数据。
调试程序将隐藏数据报告为“被管理员阻止”,如以下屏幕截图所示:
推荐
配置或更新屏蔽名单文件时,请注意以下建议:
使用 Java 代理 2.27 版或更高版本。如需了解安装信息,请参阅设置 Java 版 Cloud Debugger。
请注意,配置文件命名和关键字已更新为
blocklist。请相应地更新您的文件。
配置文件
以下配置可用作起点并提供内联文档:
# Cloud Debugger Blocklist Configuration File
#
# == Format ==
#
# This configuration file accepts the following keywords:
#
# - blocklist
# - blocklist_exception
#
# The debugger uses the following rules to determine if a variable's data
# should be hidden, using the variable's type as the match criteria.
#
# | Matches `blocklist` | Matches `blocklist_exception` | Data is |
# |---------------------|-------------------------------|---------|
# | no | no | shown |
# | no | yes | shown |
# | yes | no | hidden |
# | yes | yes | shown |
#
# Patterns listed under "blocklist" and "blocklist_exception" have the
# following format:
#
# [!]<type>
#
# - `type` is a type prefix (such as a class or package name). Any
# nested types will also match the pattern. For example, if you
# specify a package name, the package and all of it's subtypes will
# match. Note that glob patterns such as `*` can be used anywhere in
# the type name.
# - By prefixing a pattern with an exclamation point, `!`, the pattern
# is considered an "inverse match" which evaluates to true for any
# type that does not match the provided pattern.
# - The debugger makes no attempt to verify that specified patterns
# will actually match anything. If you have a misspelling in your
# pattern, then there will be no reported errors but the pattern will
# not work as intended.
#
# == Verification ==
#
# A verification tool is available and can be downloaded with the
# following command:
#
# wget https://storage.googleapis.com/cloud-debugger/compute-java/debian-wheezy/debugger_blocklist_checker.py
#
# This tool can be used to check the configuration file for syntax errors.
# It can also be used to experiment with configuration files locally
# without having to deploy a real application.
#
# A basic usage example:
#
# debugger_blocklist_checker.py debugger-blocklist.yaml
#
# You can also use the tool to check if symbols will be blocklisted
#
# echo com.java.Integer | \
# debugger_blocklist_checker.py debugger-blocklist.yaml --check
# Uncomment The line below to add blocklists
#blocklist:
# - "java.security" # Example package
# Uncomment The line below to add blocklist exceptions
#blocklist_exception:
# - "java.security.Timestamp" # Example class
示例
以下示例配置向调试程序隐藏一个类中的数据:
blocklist:
- "com.sales.Ticket"
也可以通过指定软件包名称来隐藏软件包:
blocklist:
- "com.sales"
在某些情况下,为 blocklist 规则创建例外会很有用。您可以使用 blocklist_exception 完成此操作:
blocklist:
- "com.sales"
blocklist_exception:
- "com.sales.testing"
最后,可以指定反向模式,与模式不匹配的类会被列入屏蔽名单。
blocklist:
- "!com.sales"
配置文件位置
配置文件必须命名为 debugger-blocklist.yaml 并且可以放在类路径中的任意位置。一个合理的位置是 .jar 文件的根目录。以下部分讨论如何完成此任务。
使用 jar 命令
要在 .jar 文件中插入或更新配置文件,您可以使用 jar 命令。要将配置文件 debugger-blocklist.yaml 添加到归档 TicketTracker.jar,请使用以下命令:
jar uvf TicketTracker.jar debugger-blocklist.yaml
使用 Ant
要使用 Ant 构建系统将配置文件插入 JAR,请使用 Ant 的内置 jar 任务。例如,以下 distribute 目标使用 jar 任务将配置文件 debugger-blocklist.yaml 添加到归档 TicketTracker.jar 中。
<target name="distribute" depends="compile">
<jar destfile="${distributionDir}/TicketTracker.jar" >
<fileset dir="${outputDir}"/>
<fileset dir="${sourceDir}"/>
<fileset file="debugger-blocklist.yaml" />
</jar>
</target>
使用 Maven
要将配置文件插入由 Maven 构建系统管理的软件包中,请将 debugger-blocklist.yaml 文件放在 src/main/resources 目录中,您可能需要创建该目录。构建项目并确认 debugger-blocklist.yaml 已复制到 target/classes。