隐藏敏感数据

使用调试程序可能会暴露应用中的敏感数据,如电子邮件地址和帐号等。调试程序代理可以使用简单的配置文件屏蔽这些敏感数据。

示例

以下示例配置向调试程序隐藏一个类中的数据:

blacklist:
- "com.sales.Ticket"

也可以通过指定软件包名称来隐藏软件包:

blacklist:
- "com.sales"

在某些情况下,为 blacklist 规则创建例外会很有用。您可以使用 blacklist_exception 完成此操作:

blacklist:
- "com.sales"
blacklist_exception:
- "com.sales.testing"

最后,可以指定反向模式,其中与模式不匹配的类被列入黑名单。

blacklist:
- "!com.sales"

Debugger 将隐藏数据报告为“被管理员阻止”,如以下屏幕截图所示:

调试程序将隐藏文本报告为“被管理员阻止”

配置文件

以下配置可用作起点并提供内联文档:

# Cloud Debugger Blacklist Configuration File
#
# == Format ==
#
#   This configuration file accepts the following keywords:
#
#    - blacklist
#    - blacklist_exception
#
#   The debugger uses the following rules to determine if a variable's data
#   should be hidden, using the variable's type as the match criteria.
#
#   | Matches `blacklist` | Matches `blacklist_exception` | Data is |
#   |---------------------|-------------------------------|---------|
#   | no                  | no                            | shown   |
#   | no                  | yes                           | shown   |
#   | yes                 | no                            | hidden  |
#   | yes                 | yes                           | shown   |
#
#   Patterns listed under "blacklist" and "blacklist_exception" have the
#   following format:
#
#   [!]<type>
#
#   - `type` is a type prefix (such as a class or package name). Any
#      nested types will also match the pattern. For example, if you
#      specify a package name, the package and all of it's subtypes will
#      match. Note that glob patterns such as `*` can be used anywhere in
#      the type name.
#   -  By prefixing a pattern with an exclamation point, `!`, the pattern
#      is considered an "inverse match" which evaluates to true for any
#      type that does not match the provided pattern.
#   -  The debugger makes no attempt to verify that specified patterns
#      will actually match anything. If you have a misspelling in your
#      pattern, then there will be no reported errors but the pattern will
#      not work as intended.
#
# == Verification ==
#
#   A verification tool is available and can be downloaded with the
#   following command:
#
#   wget https://storage.googleapis.com/cloud-debugger/compute-java/debian-wheezy/debugger_blacklist_checker.py
#
#   This tool can be used to check the configuration file for syntax errors.
#   It can also be used to experiment with configuration files locally
#   without having to deploy a real application.
#
#   A basic usage example:
#
#       debugger_blacklist_checker.py debugger-blacklist.yaml
#
#   You can also use the tool to check if symbols will be blacklisted
#
#     echo com.java.Integer | \
#       debugger_blacklist_checker.py debugger-blacklist.yaml --check

# Uncomment The line below to add blacklists
#blacklist:
#  - "java.security"  # Example package

# Uncomment The line below to add blacklist exceptions
#blacklist_exception:
#  - "java.security.Timestamp"  # Example class

放置配置文件的位置

配置文件必须命名为 debugger-blacklist.yaml 并且可以放在类路径中的任意位置。一个合理的位置是 .jar 文件的根目录。以下部分讨论如何完成此任务。

使用 jar 命令

要在 .jar 文件中插入或更新配置文件,您可以使用 jar 命令。要将配置文件 debugger-blacklist.yaml 添加到归档 TicketTracker.jar,请使用以下命令:

jar uvf TicketTracker.jar debugger-blacklist.yaml

使用 Ant

要使用 Ant 构建系统将配置文件插入 JAR,请使用 Ant 的内置 jar 任务。例如,以下 distribute 目标使用 jar 任务将配置文件 debugger-blacklist.yaml 添加到归档 TicketTracker.jar 中。

<target name="distribute" depends="compile">
  <jar destfile="${distributionDir}/TicketTracker.jar" >
    <fileset dir="${outputDir}"/>
    <fileset dir="${sourceDir}"/>
    <fileset file="debugger-blacklist.yaml" />
  </jar>
</target>

使用 Maven

要将配置文件插入由 Maven 构建系统管理的软件包中,请将 debugger-blacklist.yaml 文件放在 src/main/resources 目录中,您可能需要创建该目录。构建项目并确认 debugger-blacklist.yaml 已复制到 target/classes