Image inspection and redaction

Cloud Data Loss Prevention (DLP) can inspect for and redact sensitive content that exists within images. Images must first be encoded in base64 and an image type must be specified. Inspection and redaction are two distinct actions:

  • Inspection: Cloud DLP inspects the submitted base64-encoded image for the specified intoTypes. It returns the detected InfoTypes, along with one or more set of pixel coordinates and dimensions. Each set of pixel coordinate values and dimension values indicate the upper-left corner and the dimensions of bounding boxes, respectively. Within each bounding box, sensitive data was found.
  • Redaction: Cloud DLP inspects the submitted base64-encoded image for the specified infoTypes. It returns a new base64-encoded image is returned in the same image format as the original image. Cloud DLP redacts—or masks with opaque boxes—any sensitive data findings. You can configure the color of these boxes in the request.

Inspection example

Take the following image as an example input:

Example of image input with sensitive data to be
redacted

Submitting this image to Cloud DLP's content.inspect method and instructing it to search for a US_SOCIAL_SECURITY_NUMBER infoType would produce JSON output like the following:

{
 "result": {
  "findings": [
   {
    "infoType": {
     "name": "US_SOCIAL_SECURITY_NUMBER"
    },
    "likelihood": "LIKELY",
    "location": {
     "imageBoxes": [
      {
       "top": 61,
       "left": 7,
       "width": 25,
       "height": 18
      },
      {
       "top": 61,
       "left": 33,
       "width": 5,
       "height": 18
      },
      {
       "top": 61,
       "left": 38,
       "width": 17,
       "height": 19
      },
      {
       "top": 62,
       "left": 56,
       "width": 5,
       "height": 18
      },
      {
       "top": 62,
       "left": 61,
       "width": 35,
       "height": 18
      }
     ]
    },
    "createTime": "2018-03-15T22:23:56.824Z"
   }
  ]
 }
}

This JSON response tells us that:

  • A Social Security number was found.
  • The likelihood that the finding is indeed a Social Security number is LIKELY.
  • The sensitive content is located within the bounding boxes defined within "imageBoxes".
  • The inspection was run at the time given within "createTime".

Redaction example

Submitting the same image to the Cloud DLP API's image.redact method and instructing it to redact content it determines to correspond to a US_SOCIAL_SECURITY_NUMBER infoType would produce JSON output like the following (the base64-encoded image has been truncated for space):

{
 "redactedImage": "/9j/4AAQSkZJRgABAgAAAQABAAD/4QCYRXhpZgAATU0AKgA..."
}

Using a base64 decoder, we can see that the returned "redactedImage" value looks like the following:

Example of image input with sensitive data redacted

Resources

To learn more about image inspection and redaction inCloud DLP, see the following how-to topics:

For API documentation, see:

หน้านี้มีประโยชน์ไหม โปรดแสดงความคิดเห็น