敏感数据保护的内置 infoType 检测器可有效查找常见类型的敏感数据。借助自定义 infoType 检测器,您可以全面定制自己的敏感数据检测器。检查规则通过修改指定 infoType 检测器的检测机制,帮助优化敏感数据保护返回的扫描结果。
如果要从内置 infoType 检测器返回的结果中排除或包含更多值,您可以从头开始创建新的自定义 infoType,并定义敏感数据保护应查找的所有条件。或者,您也可以根据自己指定的条件,优化敏感数据保护的内置或自定义检测器返回的结果。您可添加检查规则来实现此目的,它们有助于减少噪声、提高精确率和召回率,或者调整扫描结果的确定性。
本主题讨论如何使用两种类型的检查规则来排除某些结果或添加额外结果,所有操作均根据您指定的自定义条件执行。本主题还将介绍几种您可能需要更改现有 infoType 检测器的场景。
这两种检查规则是:
排除规则
排除规则对以下情况非常有用:
- 您希望排除结果中因 infoType 检测器重叠而导致的重复的扫描匹配项。例如,您要扫描电子邮件地址和电话号码,但却获得两个带电话号码的电子邮件地址匹配项,例如“206-555-0764@example.org”。
- 扫描结果中有噪音。例如,您发现在扫描合法电子邮件地址时,同一虚拟电子邮件地址(例如“example@example.com”)或网域(例如“example.com”)返回的次数过多。
- 您有一个要从结果中排除的术语、短语或字符组合的列表。
- 您想要从结果中排除整列数据。
- 您想要排除与正则表达式匹配的字符串附近的发现结果。
排除规则 API 概览
敏感数据保护在 ExclusionRule 对象中定义排除规则。在 ExclusionRule 中,您可以指定以下其中一项:
Dictionary对象,其中包含要从结果中排除的字符串列表。Regex对象,用于定义正则表达式模式。结果中将排除与该模式匹配的字符串。ExcludeInfoTypes对象,包含一组 infoType 检测器。如果发现结果与此处列出的任何 infoType 检测器匹配,则该发现结果会从结果中排除。ExcludeByHotword对象,其中包含以下内容:- 用于定义启动指令的正则表达式。
- proximity值,用于定义启动指令与结果之间的距离。
如果发现结果在设置的接近度范围内,则会从结果中排除该发现结果。对于表,此排除规则类型允许您从结果中排除整列数据。
排除规则示例场景
以下各个 JSON 代码段说明了如何针对指定场景配置敏感数据保护。
在 EMAIL_ADDRESS 检测器扫描中忽略特定电子邮件地址
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,它应避免在使用 infoType 检测器 EMAIL_ADDRESS 的扫描中与“example@example.com”相匹配:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Collections.Generic;
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class InspectStringWithExclusionDict
{
public static InspectContentResponse Inspect(string projectId, string textToInspect, List<String> excludedMatchList)
{
var dlp = DlpServiceClient.Create();
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteContentItem };
var infoTypes = new string[] { "PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER" }.Select(it => new InfoType { Name = it });
var exclusionRule = new ExclusionRule
{
MatchingType = MatchingType.FullMatch,
Dictionary = new CustomInfoType.Types.Dictionary
{
WordList = new CustomInfoType.Types.Dictionary.Types.WordList
{
Words = { excludedMatchList }
}
}
};
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "EMAIL_ADDRESS" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
var config = new InspectConfig
{
InfoTypes = { infoTypes },
IncludeQuote = true,
RuleSet = { ruleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringWithExclusionDictionary inspects a string for sensitive data
// using exclusion dictionary, here the function omits a specific email address
// from an EMAIL_ADDRESS detector scan with an exclusion dictionary
func inspectStringWithExclusionDictionary(w io.Writer, projectID, textToInspect string, excludedMatchList []string) error {
// projectID := "my-project-id"
// textToInspect := "Some email addresses: gary@example.com, example@example.com"
// excludedMatchList := []string{"example@example.com"}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
{Name: "CREDIT_CARD_NUMBER"},
}
// Exclude matches from the specified excludedMatchList.
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Dictionary{
Dictionary: &dlppb.CustomInfoType_Dictionary{
Source: &dlppb.CustomInfoType_Dictionary_WordList_{
WordList: &dlppb.CustomInfoType_Dictionary_WordList{
Words: excludedMatchList,
},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_FULL_MATCH,
}
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infoType.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
// Construct the configuration for the Inspect request, including the ruleSet.
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary.WordList;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class InspectStringWithExclusionDict {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "Some email addresses: gary@example.com, example@example.com";
List<String> excludedMatchList = Arrays.asList("example@example.com");
inspectStringWithExclusionDict(projectId, textToInspect, excludedMatchList);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringWithExclusionDict(
String projectId, String textToInspect, List<String> excludedMatchList) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName : new String[] {"PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Exclude matches from the specified excludedMatchList.
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setMatchingType(MatchingType.MATCHING_TYPE_FULL_MATCH)
.setDictionary(
Dictionary.newBuilder()
.setWordList(WordList.newBuilder().addAllWords(excludedMatchList)))
.build();
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("EMAIL_ADDRESS"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Some email addresses: gary@example.com, example@example.com';
// The infoTypes of information to match
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }];
// Words to exclude
// const excludedWords = ['gary@example.com'];
async function inspectStringWithExclusionDict() {
// Specify the type and content to be inspected.
const item = {
byteItem: {
type: DLP.protos.google.privacy.dlp.v2.ByteContentItem.BytesType
.TEXT_UTF8,
data: Buffer.from(string, 'utf-8'),
},
};
// Exclude matches from the specified excludedWords.
const exclusionRule = {
dictionary: {
wordList: {
words: excludedWords,
},
},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
};
// Construct a ruleset that applies the exclusion rule to the specified infotype.
const ruleSet = [
{
infoTypes: infoTypes,
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
infoTypes: infoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print Findings
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringWithExclusionDict();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary\WordList;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, using exclusion dictionary
* Omit a specific email address from an EMAIL_ADDRESS detector scan with an exclusion dictionary.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_with_exclusion_dict(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'Some email addresses: gary@example.com, example@example.com'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$infotypes = [
(new InfoType())->setName('PHONE_NUMBER'),
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('CREDIT_CARD_NUMBER'),
];
// Exclude matches from the specified excludedMatchList.
$excludedMatchList = (new Dictionary())
->setWordList((new WordList())
->setWords(['example@example.com']));
$matchingType = MatchingType::MATCHING_TYPE_FULL_MATCH;
$exclusionRule = (new ExclusionRule())
->setMatchingType($matchingType)
->setDictionary($excludedMatchList);
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
$emailAddress = (new InfoType())
->setName('EMAIL_ADDRESS');
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$emailAddress])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infotypes)
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
from typing import List
import google.cloud.dlp
def inspect_string_with_exclusion_dict(
project: str,
content_string: str,
exclusion_list: List[str] = ["example@example.com"],
) -> None:
"""Inspects the provided text, avoiding matches specified in the exclusion list
Uses the Data Loss Prevention API to omit matches on EMAIL_ADDRESS if they are
in the specified exclusion list.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
exclusion_list: The list of strings to ignore matches on
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "EMAIL_ADDRESS"}]
# Construct a rule set that will only match on EMAIL_ADDRESS
# if the match text is not in the exclusion list.
rule_set = [
{
"info_types": info_types_to_locate,
"rules": [
{
"exclusion_rule": {
"dictionary": {"word_list": {"words": exclusion_list}},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": info_types_to_locate,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
],
"rules":[
{
"exclusionRule":{
"dictionary":{
"wordList":{
"words":[
"example@example.com"
]
}
},
"matchingType": "MATCHING_TYPE_FULL_MATCH"
}
}
]
}
]
}
...
在 EMAIL_ADDRESS 检测器扫描中忽略以特定网域结尾的电子邮件地址
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,它应避免在使用 infoType 检测器 EMAIL_ADDRESS 的扫描中与以“@example.com”结尾的任何电子邮件地址匹配:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Collections.Generic;
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class InspectStringWithExclusionRegex
{
public static InspectContentResponse Inspect(string projectId, string textToInspect, string excludedRegex)
{
var dlp = DlpServiceClient.Create();
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteContentItem };
var infoTypes = new string[] { "PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER" }.Select(it => new InfoType { Name = it });
var exclusionRule = new ExclusionRule
{
MatchingType = MatchingType.FullMatch,
Regex = new CustomInfoType.Types.Regex { Pattern = excludedRegex }
};
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "EMAIL_ADDRESS" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
var config = new InspectConfig
{
InfoTypes = { infoTypes },
IncludeQuote = true,
RuleSet = { ruleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringWithExclusionRegex inspects a string excluding REGEX matches
// in this function specifically the function omits email addresses ending with a specific
// domain from EMAIL_ADDRESS detector scan.
func inspectStringWithExclusionRegex(w io.Writer, projectID, textToInspect, excludedRegex string) error {
// projectID := "my-project-id"
// textToInspect := "Some email addresses: gary@example.com, bob@example.org"
// excludedRegex := ".+@example.com"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "PHONE_NUMBER"},
{Name: "EMAIL_ADDRESS"},
{Name: "CREDIT_CARD_NUMBER"},
}
// Exclude matches from the specified excludedMatchList.
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Regex{
Regex: &dlppb.CustomInfoType_Regex{
Pattern: excludedRegex,
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_FULL_MATCH,
}
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType.Regex;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class InspectStringWithExclusionRegex {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "Some email addresses: gary@example.com, bob@example.org";
String excludedRegex = ".+@example.com";
inspectStringWithExclusionRegex(projectId, textToInspect, excludedRegex);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringWithExclusionRegex(
String projectId, String textToInspect, String excludedRegex) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName : new String[] {"PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Exclude matches from the specified excludedMatchList.
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setMatchingType(MatchingType.MATCHING_TYPE_FULL_MATCH)
.setRegex(Regex.newBuilder().setPattern(excludedRegex))
.build();
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("EMAIL_ADDRESS"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Some email addresses: gary@example.com, bob@example.org';
// Exclusion Regex
// const exclusionRegex = '.+@example.com';
async function inspectStringMultipleRules() {
// Specify the type and content to be inspected.
const item = {
byteItem: {
type: DLP.protos.google.privacy.dlp.v2.ByteContentItem.BytesType
.TEXT_UTF8,
data: Buffer.from(string, 'utf-8'),
},
};
// Info Types for inspection
const infoTypes = [{name: 'EMAIL_ADDRESS'}];
// Construct a exclusion rule that uses a regex pattern
const exclusionRule = {
regex: {pattern: exclusionRegex},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
};
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
const ruleSet = [
{
infoTypes: infoTypes,
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
infoTypes: infoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print findings.
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringMultipleRules();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string, excluding REGEX matches
* Omit email addresses ending with a specific domain from an EMAIL_ADDRESS detector scan.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_with_exclusion_regex(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'Some email addresses: gary@example.com, bob@example.org'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$infotypes = [
(new InfoType())->setName('PHONE_NUMBER'),
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('CREDIT_CARD_NUMBER'),
];
// Exclude matches from the specified excludedRegex.
$excludedRegex = '.+@example.com';
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_FULL_MATCH)
->setRegex((new Regex())
->setPattern($excludedRegex));
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([
(new InfoType())
->setName('EMAIL_ADDRESS')
])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infotypes)
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_with_exclusion_regex(
project: str, content_string: str, exclusion_regex: str = ".+@example.com"
) -> None:
"""Inspects the provided text, avoiding matches specified in the exclusion regex
Uses the Data Loss Prevention API to omit matches on EMAIL_ADDRESS if they match
the specified exclusion regex.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
exclusion_regex: The regular expression to exclude matches on
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "EMAIL_ADDRESS"}]
# Construct a rule set that will only match on EMAIL_ADDRESS
# if the specified regex doesn't also match.
rule_set = [
{
"info_types": info_types_to_locate,
"rules": [
{
"exclusion_rule": {
"regex": {"pattern": exclusion_regex},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": info_types_to_locate,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
],
"rules":[
{
"exclusionRule":{
"regex":{
"pattern":".+@example.com"
},
"matchingType": "MATCHING_TYPE_FULL_MATCH"
}
}
]
}
]
}
...
忽略包含子字符串“TEST”的扫描匹配项
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,该机制应从指定的 infoType 列表中排除包含令牌“TEST”的任何发现结果。
请注意,这相当于将“TEST”作为令牌(而非子字符串)匹配,因此,虽然“TEST@email.com”之类的内容会匹配,但“TESTER@email.com”则不会。如果需要匹配子字符串,请在排除规则中使用正则表达式,而不是字典。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Collections.Generic;
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class InspectStringWithExclusionDictSubstring
{
public static InspectContentResponse Inspect(string projectId, string textToInspect, List<String> excludedSubstringList)
{
var dlp = DlpServiceClient.Create();
var byteItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteItem };
var infoTypes = new string[]
{
"EMAIL_ADDRESS",
"DOMAIN_NAME",
"PHONE_NUMBER",
"PERSON_NAME"
}.Select(it => new InfoType { Name = it });
var exclusionRule = new ExclusionRule
{
MatchingType = MatchingType.PartialMatch,
Dictionary = new CustomInfoType.Types.Dictionary
{
WordList = new CustomInfoType.Types.Dictionary.Types.WordList
{
Words = { excludedSubstringList }
}
}
};
var ruleSet = new InspectionRuleSet
{
InfoTypes = { infoTypes },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
var config = new InspectConfig
{
InfoTypes = { infoTypes },
IncludeQuote = true,
RuleSet = { ruleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringWithExclusionDictSubstring inspects a string
// with an exclusion dictionary substring
func inspectStringWithExclusionDictSubstring(w io.Writer, projectID, textToInspect string, excludedSubString []string) error {
// projectID := "my-project-id"
// textToInspect := "Some email addresses: gary@example.com, TEST@example.com"
// excludedSubString := []string{"TEST"}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
{Name: "DOMAIN_NAME"},
{Name: "PHONE_NUMBER"},
{Name: "PERSON_NAME"},
}
// Exclude partial matches from the specified excludedSubstringList.
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Dictionary{
Dictionary: &dlppb.CustomInfoType_Dictionary{
Source: &dlppb.CustomInfoType_Dictionary_WordList_{
WordList: &dlppb.CustomInfoType_Dictionary_WordList{
Words: excludedSubString,
},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleSet that applies the exclusion rule to the EMAIL_ADDRESSES infoType.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: infoTypes,
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary.WordList;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class InspectStringWithExclusionDictSubstring {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "Some email addresses: gary@example.com, TEST@example.com";
List<String> excludedSubstringList = Arrays.asList("TEST");
inspectStringWithExclusionDictSubstring(projectId, textToInspect, excludedSubstringList);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringWithExclusionDictSubstring(
String projectId, String textToInspect, List<String> excludedSubstringList)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName :
new String[] {"EMAIL_ADDRESS", "DOMAIN_NAME", "PHONE_NUMBER", "PERSON_NAME"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Exclude partial matches from the specified excludedSubstringList.
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.setDictionary(
Dictionary.newBuilder()
.setWordList(WordList.newBuilder().addAllWords(excludedSubstringList)))
.build();
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addAllInfoTypes(infoTypes)
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Some email addresses: gary@example.com, TEST@example.com';
// List of substrings to be used for exclusion
// const excludedSubstringList = ['Test'];
async function inspectStringExclusionDictSubstr() {
// Specify the type and content to be inspected.
const item = {
byteItem: {
type: DLP.protos.google.privacy.dlp.v2.ByteContentItem.BytesType
.TEXT_UTF8,
data: Buffer.from(string, 'utf-8'),
},
};
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
const infoTypes = [
{name: 'EMAIL_ADDRESS'},
{name: 'DOMAIN_NAME'},
{name: 'PHONE_NUMBER'},
{name: 'PERSON_NAME'},
];
// Exclude partial matches from the specified excludedSubstringList.
const exclusionRule = {
dictionary: {wordList: {words: excludedSubstringList}},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
const ruleSet = [
{
infoTypes: infoTypes,
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
infoTypes: infoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print findings.
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringExclusionDictSubstr();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary\WordList;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string with an exclusion dictionary substring
* Omit scan matches that include the substring "TEST".
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
* @param array $excludedSubStringArray The sub string to excluded.
*/
function inspect_string_with_exclusion_dict_substring(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'Some email addresses: gary@example.com, TEST@example.com',
array $excludedSubStringArray = ['Test']
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$infotypes = [
(new InfoType())->setName('PHONE_NUMBER'),
(new InfoType())->setName('EMAIL_ADDRESS'),
(new InfoType())->setName('DOMAIN_NAME'),
(new InfoType())->setName('PERSON_NAME'),
];
// Exclude matches from the specified excludedSubstringList.
$excludedSubstringList = (new Dictionary())
->setWordList((new WordList())
->setWords($excludedSubStringArray));
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_PARTIAL_MATCH)
->setDictionary($excludedSubstringList);
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes($infotypes)
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infotypes)
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
from typing import List
import google.cloud.dlp
def inspect_string_with_exclusion_dict_substring(
project: str, content_string: str, exclusion_list: List[str] = ["TEST"]
) -> None:
"""Inspects the provided text, avoiding matches that contain excluded tokens
Uses the Data Loss Prevention API to omit matches if they include tokens
in the specified exclusion list.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
exclusion_list: The list of strings to ignore partial matches on
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "EMAIL_ADDRESS"}, {"name": "DOMAIN_NAME"}]
# Construct a rule set that will only match if the match text does not
# contains tokens from the exclusion list.
rule_set = [
{
"info_types": info_types_to_locate,
"rules": [
{
"exclusion_rule": {
"dictionary": {"word_list": {"words": exclusion_list}},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": info_types_to_locate,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
},
{
"name":"DOMAIN_NAME"
},
{
"name":"PHONE_NUMBER"
},
{
"name":"PERSON_NAME"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
},
{
"name":"DOMAIN_NAME"
},
{
"name":"PHONE_NUMBER"
},
{
"name":"PERSON_NAME"
}
],
"rules":[
{
"exclusionRule":{
"dictionary":{
"wordList":{
"words":[
"TEST"
]
}
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
}
]
}
]
}
...
在自定义 infoType 检测器扫描中忽略包含子字符串“Jimmy”的扫描匹配项
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,该声明应避免在使用指定自定义正则表达式检测器的扫描中与名字“Jimmy”相匹配:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class InspectStringCustomExcludingSubstring
{
public static InspectContentResponse Inspect(string projectId, string textToInspect, string customDetectorPattern, List<String> excludedSubstringList)
{
var dlp = DlpServiceClient.Create();
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteContentItem };
var infoType = new InfoType
{
Name = "CUSTOM_NAME_DETECTOR"
};
var customInfoType = new CustomInfoType
{
InfoType = infoType,
Regex = new CustomInfoType.Types.Regex { Pattern = customDetectorPattern }
};
var exclusionRule = new ExclusionRule
{
MatchingType = MatchingType.PartialMatch,
Dictionary = new CustomInfoType.Types.Dictionary
{
WordList = new CustomInfoType.Types.Dictionary.Types.WordList
{
Words = { excludedSubstringList }
}
}
};
var ruleSet = new InspectionRuleSet
{
InfoTypes = { infoType },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
var config = new InspectConfig
{
CustomInfoTypes = { customInfoType },
IncludeQuote = true,
RuleSet = { ruleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringCustomExcludingSubstring inspects a string for sensitive data, excluding a custom substring
func inspectStringCustomExcludingSubstring(w io.Writer, projectID, textToInspect, customDetectorPattern string, excludedSubstringList []string) error {
// projectId := "your-project-id"
// textToInspect := "Name: Doe, John. Name: Example, Jimmy"
// customDetectorPattern := "[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}"
// excludedSubstringList := []string{"Jimmy"}
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
infoType := &dlppb.InfoType{
Name: "CUSTOM_NAME_DETECTOR",
}
customInfotype := &dlppb.CustomInfoType{
InfoType: infoType,
Type: &dlppb.CustomInfoType_Regex_{
Regex: &dlppb.CustomInfoType_Regex{
Pattern: customDetectorPattern,
},
},
}
// Exclude partial matches from the specified excludedSubstringList.
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Dictionary{
Dictionary: &dlppb.CustomInfoType_Dictionary{
Source: &dlppb.CustomInfoType_Dictionary_WordList_{
WordList: &dlppb.CustomInfoType_Dictionary_WordList{
Words: excludedSubstringList,
},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infoType.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
infoType,
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: &dlppb.InspectConfig{
CustomInfoTypes: []*dlppb.CustomInfoType{
customInfotype,
},
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary.WordList;
import com.google.privacy.dlp.v2.CustomInfoType.Regex;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
public class InspectStringCustomExcludingSubstring {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "Name: Doe, John. Name: Example, Jimmy";
String customDetectorPattern = "[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}";
List<String> excludedSubstringList = Arrays.asList("Jimmy");
inspectStringCustomExcludingSubstring(
projectId, textToInspect, customDetectorPattern, excludedSubstringList);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringCustomExcludingSubstring(
String projectId,
String textToInspect,
String customDetectorPattern,
List<String> excludedSubstringList)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
InfoType infoType = InfoType.newBuilder().setName("CUSTOM_NAME_DETECTOR").build();
CustomInfoType customInfoType =
CustomInfoType.newBuilder()
.setInfoType(infoType)
.setRegex(Regex.newBuilder().setPattern(customDetectorPattern))
.build();
// Exclude partial matches from the specified excludedSubstringList.
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.setDictionary(
Dictionary.newBuilder()
.setWordList(WordList.newBuilder().addAllWords(excludedSubstringList)))
.build();
// Construct a ruleset that applies the exclusion rule to the EMAIL_ADDRESSES infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(infoType)
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addCustomInfoTypes(customInfoType)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Name: Doe, John. Name: Example, Jimmy';
// Words to exclude
// const excludedWords = ['Jimmy'];
async function inspectStringCustomExclusionDict() {
// Specify the content to be inspected.
const item = {value: string};
// Specify the type of info the inspection will look for.
const customInfoTypes = [
{
infoType: {name: 'CUSTOM_NAME_DETECTOR'},
regex: {pattern: '[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}'},
},
];
// Exclude partial matches from the specified excludedSubstringList.
const exclusionRUle = {
dictionary: {wordList: {words: excludedWords}},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// Construct a rule set that will only match if the match text does not
// contains tokens from the exclusion list.
const ruleSet = [
{
infoTypes: [{name: 'CUSTOM_NAME_DETECTOR'}],
rules: [
{
exclusionRule: exclusionRUle,
},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
customInfoTypes: customInfoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print findings.
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringCustomExclusionDict();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary\WordList;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, excluding a custom substring
* Illustrates how to use an InspectConfig to instruct Cloud DLP to avoid matching on the name "Jimmy" in a scan that uses the specified custom regular expression detector.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_custom_excluding_substring(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'Name: Doe, John. Name: Example, Jimmy'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$customDetectorPattern = '[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}';
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$customerNameDetector = (new InfoType())
->setName('CUSTOM_NAME_DETECTOR');
$customInfoType = (new CustomInfoType())
->setInfoType($customerNameDetector)
->setRegex((new Regex())
->setPattern($customDetectorPattern));
// Exclude partial matches from the specified excludedSubstringList.
$excludedSubstringList = (new Dictionary())
->setWordList((new WordList())
->setWords(['Jimmy']));
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_PARTIAL_MATCH)
->setDictionary($excludedSubstringList);
// Construct a ruleset that applies the exclusion rule.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$customerNameDetector])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setCustomInfoTypes([$customInfoType])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
from typing import List
import google.cloud.dlp
def inspect_string_custom_excluding_substring(
project: str, content_string: str, exclusion_list: List[str] = ["jimmy"]
) -> None:
"""Inspects the provided text with a custom detector, avoiding matches on specific tokens
Uses the Data Loss Prevention API to omit matches on a custom detector
if they include tokens in the specified exclusion list.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
exclusion_list: The list of strings to ignore matches on
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a custom regex detector for names
custom_info_types = [
{
"info_type": {"name": "CUSTOM_NAME_DETECTOR"},
"regex": {"pattern": "[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}"},
}
]
# Construct a rule set that will only match if the match text does not
# contains tokens from the exclusion list.
rule_set = [
{
"info_types": [{"name": "CUSTOM_NAME_DETECTOR"}],
"rules": [
{
"exclusion_rule": {
"dictionary": {"word_list": {"words": exclusion_list}},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"custom_info_types": custom_info_types,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"customInfoTypes":[
{
"infoType":{
"name":"CUSTOM_NAME_DETECTOR"
},
"regex":{
"pattern":"[A-Z][a-z]{1,15}, [A-Z][a-z]{1,15}"
}
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"CUSTOM_NAME_DETECTOR"
}
],
"rules":[
{
"exclusionRule":{
"dictionary":{
"wordList":{
"words":[
"Jimmy"
]
}
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
}
]
}
]
}
...
在与自定义检测器重叠的 PERSON_NAME 检测器扫描中忽略扫描匹配项
在这种情况下,如果匹配项与使用代码段第一部分中定义的自定义正则表达式检测器的扫描也匹配,则用户不希望从使用 PERSON_NAME 内置检测器的敏感数据保护扫描中返回匹配项。
以下采用多种语言的 JSON 代码段和代码在 InspectConfig 中同时指定了自定义正则表达式检测器和排除规则。自定义正则表达式检测器用于指定要从结果中排除的姓名。排除规则指定如果针对 PERSON_NAME 的扫描返回的任何结果也被自定义正则表达式检测器匹配到,则忽略这些结果。请注意,VIP_DETECTOR 在此情况下标记为 EXCLUSION_TYPE_EXCLUDE,因此它本身不产生结果。它只会影响 PERSON_NAME 检测器生成的结果。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using static Google.Cloud.Dlp.V2.CustomInfoType.Types;
public class InspectStringCustomOmitOverlap
{
public static InspectContentResponse Inspect(string projectId, string textToInspect)
{
var dlp = DlpServiceClient.Create();
var byteItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteItem };
var customInfoType = new CustomInfoType
{
InfoType = new InfoType { Name = "VIP_DETECTOR" },
Regex = new CustomInfoType.Types.Regex { Pattern = "Larry Page|Sergey Brin" },
ExclusionType = ExclusionType.Exclude
};
var exclusionRule = new ExclusionRule
{
ExcludeInfoTypes = new ExcludeInfoTypes { InfoTypes = { customInfoType.InfoType } },
MatchingType = MatchingType.FullMatch
};
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "PERSON_NAME" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
var config = new InspectConfig
{
InfoTypes = { new InfoType { Name = "PERSON_NAME" } },
CustomInfoTypes = { customInfoType },
IncludeQuote = true,
RuleSet = { ruleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringCustomOmitOverlap inspects a string for sensitive data with omitting custom matches
func inspectStringCustomOmitOverlap(w io.Writer, projectID, textToInspect, customInfoTypeName, infoTypeName, regex string) error {
// projectID := "my-project-id"
// textToInspect := "Name: Jane Doe. Name: Larry Page."
// customInfoTypeName := "VIP_DETECTOR"
// infoTypeName := "PERSON_NAME"
// regex := "Larry Page|Sergey Brin"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Construct the custom infoType.
customInfotype := &dlppb.CustomInfoType{
InfoType: &dlppb.InfoType{
Name: customInfoTypeName,
},
Type: &dlppb.CustomInfoType_Regex_{
Regex: &dlppb.CustomInfoType_Regex{
Pattern: regex,
},
},
ExclusionType: dlppb.CustomInfoType_EXCLUSION_TYPE_EXCLUDE,
}
// Exclude matches that also match the custom infoType.
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_ExcludeInfoTypes{
ExcludeInfoTypes: &dlppb.ExcludeInfoTypes{
InfoTypes: []*dlppb.InfoType{
customInfotype.GetInfoType(),
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_FULL_MATCH,
}
// Construct a ruleSet that applies the exclusion rule to the PERSON_NAME infoType.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: infoTypeName},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the configuration for the Inspect request, including the ruleSet.
config := &dlppb.InspectConfig{
InfoTypes: []*dlppb.InfoType{
{Name: infoTypeName},
},
CustomInfoTypes: []*dlppb.CustomInfoType{
customInfotype,
},
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
}
// Create a configured request.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: config,
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Parse the response and process results
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType;
import com.google.privacy.dlp.v2.CustomInfoType.ExclusionType;
import com.google.privacy.dlp.v2.CustomInfoType.Regex;
import com.google.privacy.dlp.v2.ExcludeInfoTypes;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
public class InspectStringCustomOmitOverlap {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "Name: Jane Doe. Name: Larry Page.";
inspectStringCustomOmitOverlap(projectId, textToInspect);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringCustomOmitOverlap(String projectId, String textToInspect)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Construct the custom infotype.
CustomInfoType customInfoType =
CustomInfoType.newBuilder()
.setInfoType(InfoType.newBuilder().setName("VIP_DETECTOR"))
.setRegex(Regex.newBuilder().setPattern("Larry Page|Sergey Brin"))
.setExclusionType(ExclusionType.EXCLUSION_TYPE_EXCLUDE)
.build();
// Exclude matches that also match the custom infotype.
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setExcludeInfoTypes(
ExcludeInfoTypes.newBuilder().addInfoTypes(customInfoType.getInfoType()))
.setMatchingType(MatchingType.MATCHING_TYPE_FULL_MATCH)
.build();
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME"))
.addCustomInfoTypes(customInfoType)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Name: Jane Doe. Name: Larry Page.';
async function inspectStringCustomOmitOverlap() {
// Construct item to inspect
const item = {value: string};
// Construct a custom regex detector for names
const customInfoTypes = [
{
infoType: {name: 'VIP_DETECTOR'},
regex: {pattern: 'Larry Page|Sergey Brin'},
exclusionType:
DLP.protos.google.privacy.dlp.v2.CustomInfoType.ExclusionType
.EXCLUSION_TYPE_EXCLUDE,
},
];
// Construct a exclusion rule
const exclusionRule = {
excludeInfoTypes: {
infoTypes: [{name: 'VIP_DETECTOR'}],
},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
};
// Construct a rule set that will only match if the match text does not
// contains Info type matches.
const ruleSet = [
{
infoTypes: [{name: 'PERSON_NAME'}],
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the inspect configuration
const inspectConfig = {
infoTypes: [{name: 'PERSON_NAME'}],
customInfoTypes: customInfoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Combine configurations into a request for the service.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Run request
const [response] = await dlp.inspectContent(request);
// Print Findings
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringCustomOmitOverlap();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType;
use Google\Cloud\Dlp\V2\CustomInfoType\ExclusionType;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\ExcludeInfoTypes;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, omitting custom matches
* Omit scan matches from a PERSON_NAME detector scan that overlap with a custom detector.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_custom_omit_overlap(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'Name: Jane Doe. Name: Larry Page.'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$vipDetector = (new InfoType())
->setName('VIP_DETECTOR');
$pattern = 'Larry Page|Sergey Brin';
$customInfoType = (new CustomInfoType())
->setInfoType($vipDetector)
->setRegex((new Regex())
->setPattern($pattern))
->setExclusionType(ExclusionType::EXCLUSION_TYPE_EXCLUDE);
// Exclude matches that also match the custom infotype.
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_FULL_MATCH)
->setExcludeInfoTypes((new ExcludeInfoTypes())
->setInfoTypes([$customInfoType->getInfoType()])
);
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
$personName = (new InfoType())
->setName('PERSON_NAME');
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$personName])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes([$personName])
->setCustomInfoTypes([$customInfoType])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_custom_omit_overlap(project: str, content_string: str) -> None:
"""Matches PERSON_NAME and a custom detector,
but if they overlap only matches the custom detector
Uses the Data Loss Prevention API to omit matches on a built-in detector
if they overlap with matches from a custom detector
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a custom regex detector for names
custom_info_types = [
{
"info_type": {"name": "VIP_DETECTOR"},
"regex": {"pattern": "Larry Page|Sergey Brin"},
"exclusion_type": google.cloud.dlp_v2.CustomInfoType.ExclusionType.EXCLUSION_TYPE_EXCLUDE,
}
]
# Construct a rule set that will exclude PERSON_NAME matches
# that overlap with VIP_DETECTOR matches
rule_set = [
{
"info_types": [{"name": "PERSON_NAME"}],
"rules": [
{
"exclusion_rule": {
"exclude_info_types": {
"info_types": [{"name": "VIP_DETECTOR"}]
},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_FULL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": [{"name": "PERSON_NAME"}],
"custom_info_types": custom_info_types,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"customInfoTypes":[
{
"infoType":{
"name":"VIP_DETECTOR"
},
"regex":{
"pattern":"Dana Williams|Quinn Garcia"
},
"exclusionType":"EXCLUSION_TYPE_EXCLUDE"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"rules":[
{
"exclusionRule":{
"excludeInfoTypes":{
"infoTypes":[
{
"name":"VIP_DETECTOR"
}
]
},
"matchingType": "MATCHING_TYPE_FULL_MATCH"
}
}
]
}
]
}
...
忽略同时被 EMAIL_ADDRESS 检测器匹配到的 PERSON_NAME 检测器匹配项
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,在 PERSON_NAME 检测器的匹配项与 EMAIL_ADDRESS 检测器的匹配项重叠的情况下,它应仅返回一个匹配项。这样是为了避免出现电子邮件地址(如“james@example.com”)在 PERSON_NAME 和 EMAIL_ADDRESS 检测器上都显示为匹配项的情况。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
public class InspectStringOmitOverlap
{
public static InspectContentResponse Inspect(string projectId, string textToInspect)
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
var dlp = DlpServiceClient.Create();
// Specify the type and content to be inspected.
var byteItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem { ByteItem = byteItem };
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
var infoTypes = new string[] { "PERSON_NAME", "EMAIL_ADDRESS" }.Select(it => new InfoType { Name = it });
// Exclude EMAIL_ADDRESS matches
var exclusionRule = new ExclusionRule
{
ExcludeInfoTypes = new ExcludeInfoTypes { InfoTypes = { new InfoType { Name = "EMAIL_ADDRESS" } } },
MatchingType = MatchingType.PartialMatch
};
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
// If a PERSON_NAME match overlaps with an EMAIL_ADDRESS match, the PERSON_NAME match will
// be excluded.
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "PERSON_NAME" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
// Construct the configuration for the Inspect request, including the ruleset.
var config = new InspectConfig
{
InfoTypes = { infoTypes },
IncludeQuote = true,
RuleSet = { ruleSet }
};
// Construct the Inspect request to be sent by the client.
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
// Use the client to send the API request.
var response = dlp.InspectContent(request);
// Parse the response and process results
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringOmitOverlap inspects a string for sensitive data and
// omitting overlapping matches on person and email
func inspectStringOmitOverlap(w io.Writer, projectID, textToInspect string) error {
// projectID := "my-project-id"
// textToInspect := "gary@example.com"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "PERSON_NAME"},
{Name: "EMAIL_ADDRESS"},
}
// Exclude EMAIL_ADDRESS matches
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_ExcludeInfoTypes{
ExcludeInfoTypes: &dlppb.ExcludeInfoTypes{
InfoTypes: []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleSet that applies the exclusion rule to the PERSON_NAME infoType.
// If a PERSON_NAME match overlaps with an EMAIL_ADDRESS match, the PERSON_NAME match will
// be excluded.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "PERSON_NAME"},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.ExcludeInfoTypes;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class InspectStringOmitOverlap {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "james@example.com";
inspectStringOmitOverlap(projectId, textToInspect);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringOmitOverlap(String projectId, String textToInspect)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName : new String[] {"PERSON_NAME", "EMAIL_ADDRESS"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Exclude EMAIL_ADDRESS matches
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setExcludeInfoTypes(
ExcludeInfoTypes.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("EMAIL_ADDRESS")))
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.build();
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
// If a PERSON_NAME match overlaps with an EMAIL_ADDRESS match, the PERSON_NAME match will
// be excluded.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'james@example.com';
async function inspectStringWithoutOverlapPersonEmail() {
// Construct item to inspect
const item = {
byteItem: {
type: DLP.protos.google.privacy.dlp.v2.ByteContentItem.BytesType
.TEXT_UTF8,
data: Buffer.from(string, 'utf-8'),
},
};
// Specify the type of info the inspection will look for.
const infoTypes = [{name: 'PERSON_NAME'}, {name: 'EMAIL_ADDRESS'}];
// Exclude EMAIL_ADDRESS matches
const exclusionRule = {
excludeInfoTypes: {
infoTypes: [{name: 'EMAIL_ADDRESS'}],
},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
// If a PERSON_NAME match overlaps with an EMAIL_ADDRESS match, the PERSON_NAME match will
// be excluded.
const ruleSet = [
{
infoTypes: [{name: 'PERSON_NAME'}],
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
infoTypes: infoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Run request
const [response] = await dlp.inspectContent(request);
// Print Findings
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringWithoutOverlapPersonEmail();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\ExcludeInfoTypes;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, omitting overlapping matches on person and email
* Omit matches on a PERSON_NAME detector if also matched by an EMAIL_ADDRESS detector.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_omit_overlap(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'james@example.org is an email.'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$personName = (new InfoType())
->setName('PERSON_NAME');
$emailAddress = (new InfoType())
->setName('EMAIL_ADDRESS');
$infoTypes = [$personName, $emailAddress];
// Exclude EMAIL_ADDRESS matches
$exclusionRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_PARTIAL_MATCH)
->setExcludeInfoTypes((new ExcludeInfoTypes())
->setInfoTypes([$emailAddress])
);
// Construct a ruleset that applies the exclusion rule to the PERSON_NAME infotype.
// If a PERSON_NAME match overlaps with an EMAIL_ADDRESS match, the PERSON_NAME match will
// be excluded.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$personName])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes)
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_omit_overlap(
project: str,
content_string: str,
) -> None:
"""Matches PERSON_NAME and EMAIL_ADDRESS, but not both.
Uses the Data Loss Prevention API omit matches on PERSON_NAME if the
EMAIL_ADDRESS detector also matches.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "PERSON_NAME"}, {"name": "EMAIL_ADDRESS"}]
# Construct the configuration dictionary that will only match on PERSON_NAME
# if the EMAIL_ADDRESS doesn't also match. This configuration helps reduce
# the total number of findings when there is a large overlap between different
# infoTypes.
inspect_config = {
"info_types": info_types_to_locate,
"rule_set": [
{
"info_types": [{"name": "PERSON_NAME"}],
"rules": [
{
"exclusion_rule": {
"exclude_info_types": {
"info_types": [{"name": "EMAIL_ADDRESS"}]
},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
}
],
}
],
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"PERSON_NAME"
},
{
"name":"EMAIL_ADDRESS"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"rules":[
{
"exclusionRule":{
"excludeInfoTypes":{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
]
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
}
]
}
]
}
...
在 DOMAIN_NAME 检测器扫描中忽略电子邮件地址域名匹配项
以下多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 向敏感数据保护表明,仅当匹配项与 EMAIL_ADDRESS 检测器扫描中的匹配项不重叠时,它才应返回 DOMAIN_NAME 检测器扫描的匹配项。在此场景中,主扫描是 DOMAIN_NAME 检测器扫描。用户不希望在结果中返回属于电子邮件地址一部分的域名匹配项:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using static Google.Cloud.Dlp.V2.CustomInfoType.Types;
public class InspectStringWithoutOverlap
{
public static InspectContentResponse Inspect(string projectId, string textToInspect)
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
var dlp = DlpServiceClient.Create();
// Specify the type and content to be inspected.
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem
{
ByteItem = byteContentItem
};
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
var infoTypes = new string[] { "DOMAIN_NAME", "EMAIL_ADDRESS" }.Select(it => new InfoType { Name = it });
// Define a custom info type to exclude email addresses
var customInfoType = new CustomInfoType
{
InfoType = new InfoType { Name = "EMAIL_ADDRESS" },
ExclusionType = ExclusionType.Exclude
};
// Exclude EMAIL_ADDRESS matches
var exclusionRule = new ExclusionRule
{
ExcludeInfoTypes = new ExcludeInfoTypes
{
InfoTypes = { new InfoType { Name = "EMAIL_ADDRESS" } }
},
MatchingType = MatchingType.PartialMatch
};
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "DOMAIN_NAME" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
// Construct the configuration for the Inspect request, including the ruleset.
var config = new InspectConfig
{
InfoTypes = { infoTypes },
CustomInfoTypes = { customInfoType },
IncludeQuote = true,
RuleSet = { ruleSet }
};
// Construct the Inspect request to be sent by the client.
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
// Use the client to send the API request.
var response = dlp.InspectContent(request);
return response;
}
}Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringWithoutOverlap inspects a string for sensitive data
// and omit overlapping matches on domain and email
func inspectStringWithoutOverlap(w io.Writer, projectID, textToInspect string) error {
// projectID := "my-project-id"
// textToInspect := "example.com is a domain, james@example.org is an email."
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "DOMAIN_NAME"},
{Name: "EMAIL_ADDRESS"},
}
// Define a custom info type to exclude email addresses
customInfotype := &dlppb.CustomInfoType{
InfoType: &dlppb.InfoType{
Name: "EMAIL_ADDRESS",
},
ExclusionType: dlppb.CustomInfoType_EXCLUSION_TYPE_EXCLUDE,
}
// Exclude EMAIL_ADDRESS matches
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_ExcludeInfoTypes{
ExcludeInfoTypes: &dlppb.ExcludeInfoTypes{
InfoTypes: []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleSet that applies the exclusion rule to the DOMAIN_NAME infoType.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "DOMAIN_NAME"},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
// Construct the Inspect request to be sent by the client.
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
CustomInfoTypes: []*dlppb.CustomInfoType{
customInfotype,
},
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType;
import com.google.privacy.dlp.v2.CustomInfoType.ExclusionType;
import com.google.privacy.dlp.v2.ExcludeInfoTypes;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class InspectStringWithoutOverlap {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "example.com is a domain, james@example.org is an email.";
inspectStringWithoutOverlap(projectId, textToInspect);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringWithoutOverlap(String projectId, String textToInspect)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName : new String[] {"DOMAIN_NAME", "EMAIL_ADDRESS"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Define a custom info type to exclude email addresses
CustomInfoType customInfoType =
CustomInfoType.newBuilder()
.setInfoType(InfoType.newBuilder().setName("EMAIL_ADDRESS"))
.setExclusionType(ExclusionType.EXCLUSION_TYPE_EXCLUDE)
.build();
// Exclude EMAIL_ADDRESS matches
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setExcludeInfoTypes(
ExcludeInfoTypes.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("EMAIL_ADDRESS")))
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.build();
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("DOMAIN_NAME"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.addCustomInfoTypes(customInfoType)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'example.com is a domain, james@example.org is an email.';
async function inspectStringWithoutOverlap() {
// Construct item to inspect
const item = {value: string};
// The infoTypes of information to match
const infoTypes = [{name: 'DOMAIN_NAME'}, {name: 'EMAIL_ADDRESS'}];
// Define a custom info type to exclude email addresses
const customInfoTypes = [
{
infoType: {name: 'EMAIL_ADDRESS'},
exclusionType:
DLP.protos.google.privacy.dlp.v2.CustomInfoType.ExclusionType
.EXCLUSION_TYPE_EXCLUDE,
},
];
// Construct a exclusion rule
const exclusionRule = {
excludeInfoTypes: {
infoTypes: [{name: 'EMAIL_ADDRESS'}],
},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// Construct a rule set with exclusions
const ruleSet = [
{
infoTypes: [{name: 'DOMAIN_NAME'}],
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the inspect configuration
const inspectConfig = {
infoTypes: infoTypes,
customInfoTypes: customInfoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Combine configurations into a request for the service.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Run request
const [response] = await dlp.inspectContent(request);
// Print Findings
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringWithoutOverlap();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType;
use Google\Cloud\Dlp\V2\CustomInfoType\ExclusionType;
use Google\Cloud\Dlp\V2\ExcludeInfoTypes;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, omitting overlapping matches on domain and email
* Omit matches on domain names that are part of email addresses in a DOMAIN_NAME detector scan.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_without_overlap(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'example.com is a domain, james@example.org is an email.'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$domainName = (new InfoType())
->setName('DOMAIN_NAME');
$emailAddress = (new InfoType())
->setName('EMAIL_ADDRESS');
$infoTypes = [$domainName, $emailAddress];
// Define a custom info type to exclude email addresses
$customInfoType = (new CustomInfoType())
->setInfoType($emailAddress)
->setExclusionType(ExclusionType::EXCLUSION_TYPE_EXCLUDE);
// Exclude EMAIL_ADDRESS matches
$matchingType = MatchingType::MATCHING_TYPE_PARTIAL_MATCH;
$exclusionRule = (new ExclusionRule())
->setMatchingType($matchingType)
->setExcludeInfoTypes((new ExcludeInfoTypes())
->setInfoTypes([$customInfoType->getInfoType()])
);
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$domainName])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes)
->setCustomInfoTypes([$customInfoType])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(
' Likelihood: %s' . PHP_EOL,
Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_without_overlap(project: str, content_string: str) -> None:
"""Matches EMAIL_ADDRESS and DOMAIN_NAME, but DOMAIN_NAME is omitted
if it overlaps with EMAIL_ADDRESS
Uses the Data Loss Prevention API to omit matches of one infotype
that overlap with another.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "DOMAIN_NAME"}, {"name": "EMAIL_ADDRESS"}]
# Define a custom info type to exclude email addresses
custom_info_types = [
{
"info_type": {"name": "EMAIL_ADDRESS"},
"exclusion_type": google.cloud.dlp_v2.CustomInfoType.ExclusionType.EXCLUSION_TYPE_EXCLUDE,
}
]
# Construct a rule set that will exclude DOMAIN_NAME matches
# that overlap with EMAIL_ADDRESS matches
rule_set = [
{
"info_types": [{"name": "DOMAIN_NAME"}],
"rules": [
{
"exclusion_rule": {
"exclude_info_types": {
"info_types": [{"name": "EMAIL_ADDRESS"}]
},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": info_types_to_locate,
"custom_info_types": custom_info_types,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"DOMAIN_NAME"
},
{
"name":"EMAIL_ADDRESS"
}
],
"customInfoTypes":[
{
"infoType":{
"name":"EMAIL_ADDRESS"
},
"exclusionType":"EXCLUSION_TYPE_EXCLUDE"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"DOMAIN_NAME"
}
],
"rules":[
{
"exclusionRule":{
"excludeInfoTypes":{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
]
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
}
]
}
]
}
...
忽略位于字符串附近的匹配项
以下示例说明了如何在发现结果前 10 个字符或之后 10 个字符内排除 US_SOCIAL_SECURITY_NUMBER infoType 检测器的匹配项。
由于存在排除规则,此示例不会将 222-22-2222 归类为可能的美国社会保障号。
{
"item": {
"value": "The customer sent the product SKU 222-22-2222"
},
"inspectConfig": {
"infoTypes": [
{
"name": "US_SOCIAL_SECURITY_NUMBER"
}
],
"ruleSet": [
{
"infoTypes": [
{
"name": "US_SOCIAL_SECURITY_NUMBER"
}
],
"rules": [
{
"exclusionRule": {
"excludeByHotword": {
"hotwordRegex": {
"pattern": "(SKU)"
},
"proximity": {
"windowBefore": 10,
"windowAfter": 10
}
},
"matchingType": "MATCHING_TYPE_FULL_MATCH"
}
}
]
}
],
"includeQuote": true
}
}
忽略整列中的发现结果
以下示例说明了如何在整列表格数据列中排除与正则表达式匹配的发现结果。在此示例中,如果与 US_SOCIAL_SECURITY_NUMBER infoType 检测器匹配的任何发现结果位于伪造社会保障号列中,则该发现结果会从结果中排除。
此示例仅返回 222-22-2222,因为 111-11-1111 在伪造社会保障号列中。
{
"item": {
"table": {
"headers": [
{
"name": "Fake Social Security Number"
},
{
"name": "Real Social Security Number"
}
],
"rows": [
{
"values": [
{
"stringValue": "111-11-1111"
},
{
"stringValue": "222-22-2222"
}
]
}
]
}
},
"inspectConfig": {
"infoTypes": [
{
"name": "US_SOCIAL_SECURITY_NUMBER"
}
],
"includeQuote": true,
"ruleSet": [
{
"infoTypes": [
{
"name": "US_SOCIAL_SECURITY_NUMBER"
}
],
"rules": [
{
"exclusionRule": {
"excludeByHotword": {
"hotwordRegex": {
"pattern": "(Fake Social Security Number)"
},
"proximity": {
"windowBefore": 1
}
},
"matchingType": "MATCHING_TYPE_FULL_MATCH"
}
}
]
}
],
"minLikelihood": "POSSIBLE"
}
}
热词规则
热词规则对以下情况非常有用:
- 您想要根据匹配项与热词的邻近度来更改分配给扫描匹配项的可能性值。例如,您希望根据患者姓名与“患者”一词的邻近度,为患者姓名匹配项设置更高的可能性值。
- 检查结构化的表格数据时,您想要根据列标题名称来更改分配给匹配项的可能性值。例如,您希望为标题为
ACCOUNT_ID的列中的US_SOCIAL_SECURITY_NUMBER设置更高的可能性值。
热词规则 API 概览
在敏感数据保护的 InspectionRule 对象中,您可以指定一个 HotwordRule 对象,用于调整在启动指令的一定邻近程度内发现结果的可能性。
InspectionRule 对象在 InspectionRuleSet 对象中分组为“规则集”,组中还有规则集所适用的 infoType 检测器列表。规则集中的规则按指定顺序进行应用。
热词规则示例场景
以下代码段说明了如何针对指定场景配置敏感数据保护。
提高旁边有热词“患者”的 PERSON_NAME 匹配项的可能性
以下采用多种语言的 JSON 代码段和代码说明了如何使用 InspectConfig 属性来扫描医疗数据库中的患者姓名。您可以使用敏感数据保护的内置 PERSON_NAME infoType 检测器,但这会导致敏感数据保护匹配所有人名,而不仅仅是患者姓名。为解决此问题,您可以添加一条热词规则,用于在潜在匹配项第一个字符的一定邻近字符范围内查找“患者”一词。然后,您可以向匹配该模式的结果分配“可能性极大”(very likely) 这一可能性,因为这些结果符合您的特殊条件。通过在 InspectConfig 中将 Likelihood 的最小值设为 VERY_LIKELY,可确保结果中仅返回符合此配置的匹配项。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using System;
using static Google.Cloud.Dlp.V2.CustomInfoType.Types;
public class InspectStringCustomHotword
{
public static InspectContentResponse Inspect(string projectId, string textToInspect, string customHotword)
{
var dlp = DlpServiceClient.Create();
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem
{
ByteItem = byteContentItem
};
var hotwordRule = new DetectionRule.Types.HotwordRule
{
HotwordRegex = new Regex { Pattern = customHotword },
Proximity = new DetectionRule.Types.Proximity { WindowBefore = 50 },
LikelihoodAdjustment = new DetectionRule.Types.LikelihoodAdjustment { FixedLikelihood = Likelihood.VeryLikely }
};
var infoType = new InfoType { Name = "PERSON_NAME" };
var inspectionRuleSet = new InspectionRuleSet
{
InfoTypes = { infoType },
Rules = { new InspectionRule { HotwordRule = hotwordRule } }
};
var inspectConfig = new InspectConfig
{
InfoTypes = { infoType },
IncludeQuote = true,
RuleSet = { inspectionRuleSet },
MinLikelihood = Likelihood.VeryLikely
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = inspectConfig
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringCustomHotWord inspects a string from sensitive data by using a custom hot word
func inspectStringCustomHotWord(w io.Writer, projectID, textToInspect, customHotWord, infoTypeName string) error {
// projectID := "my-project-id"
// textToInspect := "patient name: John Doe"
// customHotWord := "patient"
// infoTypeName := "PERSON_NAME"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Increase likelihood of matches that have customHotword nearby
hotwordRule := &dlppb.InspectionRule_HotwordRule{
HotwordRule: &dlppb.CustomInfoType_DetectionRule_HotwordRule{
HotwordRegex: &dlppb.CustomInfoType_Regex{
Pattern: customHotWord,
},
Proximity: &dlppb.CustomInfoType_DetectionRule_Proximity{
WindowBefore: 50,
},
LikelihoodAdjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment{
Adjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment_FixedLikelihood{
FixedLikelihood: dlppb.Likelihood_VERY_LIKELY,
},
},
},
}
// Construct a ruleset that applies the hotword rule to the PERSON_NAME infotype.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: infoTypeName}, //"PERSON_NAME"
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_HotwordRule{
HotwordRule: hotwordRule.HotwordRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
InspectConfig: &dlppb.InspectConfig{
InfoTypes: []*dlppb.InfoType{
{Name: infoTypeName}, //"PERSON_NAME"
},
IncludeQuote: true,
MinLikelihood: dlppb.Likelihood_VERY_LIKELY,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Parse the response and process results
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.LikelihoodAdjustment;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.Proximity;
import com.google.privacy.dlp.v2.CustomInfoType.Regex;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.Likelihood;
import com.google.privacy.dlp.v2.LocationName;
import com.google.protobuf.ByteString;
import java.io.IOException;
public class InspectStringCustomHotword {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "patient name: John Doe";
String customHotword = "patient";
inspectStringCustomHotword(projectId, textToInspect, customHotword);
}
// Inspects the provided text.
public static void inspectStringCustomHotword(
String projectId, String textToInspect, String customHotword) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Increase likelihood of matches that have customHotword nearby
HotwordRule hotwordRule =
HotwordRule.newBuilder()
.setHotwordRegex(Regex.newBuilder().setPattern(customHotword))
.setProximity(Proximity.newBuilder().setWindowBefore(50))
.setLikelihoodAdjustment(
LikelihoodAdjustment.newBuilder().setFixedLikelihood(Likelihood.VERY_LIKELY))
.build();
// Construct a ruleset that applies the hotword rule to the PERSON_NAME infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME").build())
.addRules(InspectionRule.newBuilder().setHotwordRule(hotwordRule))
.build();
// Construct the configuration for the Inspect request.
InspectConfig config =
InspectConfig.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME").build())
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.setMinLikelihood(Likelihood.VERY_LIKELY)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'patient name: John Doe';
// Custom hotward
// const customHotword = 'patient';
async function inspectStringCustomHotword() {
// Specify the type and content to be inspected.
const item = {
byteItem: {
type: DLP.protos.google.privacy.dlp.v2.ByteContentItem.BytesType
.TEXT_UTF8,
data: Buffer.from(string, 'utf-8'),
},
};
// Increase likelihood of matches that have customHotword nearby.
const hotwordRule = {
hotwordRegex: {
pattern: customHotword,
},
proximity: {
windowBefore: 50,
},
likelihoodAdjustment: {
fixedLikelihood:
DLP.protos.google.privacy.dlp.v2.Likelihood.VERY_LIKELY,
},
};
// Construct a ruleset that applies the hotword rule to the PERSON_NAME infotype.
const ruleSet = [
{
infoTypes: [{name: 'PERSON_NAME'}],
rules: [
{
hotwordRule: hotwordRule,
},
],
},
];
// Construct the configuration for the Inspect request.
const inspectConfig = {
infoTypes: [{name: 'PERSON_NAME'}],
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print findings.
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringCustomHotword();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\HotwordRule;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\LikelihoodAdjustment;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\Proximity;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
/**
* Inspect a string from sensitive data by using a custom hotword
* Increase the likelihood of a PERSON_NAME match if there is the hotword "patient" nearby. Illustrates using the InspectConfig property for the purpose of scanning a medical database for patient names. You can use Cloud DLP's built-in PERSON_NAME infoType detector, but that causes Cloud DLP to match on all names of people, not just names of patients. To fix this, you can include a hotword rule that looks for the word "patient" within a certain character proximity from the first character of potential matches. You can then assign findings that match this pattern a likelihood of "very likely," since they correspond to your special criteria. Setting the minimum likelihood to VERY_LIKELY within InspectConfig ensures that only matches to this configuration are returned in findings.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_custom_hotword(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'patient name: John Doe'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Construct hotword rules
$hotwordRule = (new HotwordRule())
->setHotwordRegex(
(new Regex())
->setPattern('patient')
)
->setProximity(
(new Proximity())
->setWindowBefore(50)
)
->setLikelihoodAdjustment(
(new LikelihoodAdjustment())
->setFixedLikelihood(Likelihood::VERY_LIKELY)
);
// Construct a ruleset that applies the hotword rule to the PERSON_NAME infotype.
$personName = (new InfoType())
->setName('PERSON_NAME');
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$personName])
->setRules([
(new InspectionRule())
->setHotwordRule($hotwordRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes([$personName])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet])
->setMinLikelihood(Likelihood::VERY_LIKELY);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_w_custom_hotword(
project: str, content_string: str, custom_hotword: str = "patient"
) -> None:
"""Uses the Data Loss Prevention API increase likelihood for matches on
PERSON_NAME if the user specified custom hot-word is present. Only
includes findings with the increased likelihood by setting a minimum
likelihood threshold of VERY_LIKELY.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
custom_hotword: The custom hot-word used for likelihood boosting.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a rule set with caller provided hotword, with a likelihood
# boost to VERY_LIKELY when the hotword are present within the 50 character-
# window preceding the PII finding.
hotword_rule = {
"hotword_regex": {"pattern": custom_hotword},
"likelihood_adjustment": {
"fixed_likelihood": google.cloud.dlp_v2.Likelihood.VERY_LIKELY
},
"proximity": {"window_before": 50},
}
rule_set = [
{
"info_types": [{"name": "PERSON_NAME"}],
"rules": [{"hotword_rule": hotword_rule}],
}
]
# Construct the configuration dictionary with the custom regex info type.
inspect_config = {
"rule_set": rule_set,
"min_likelihood": google.cloud.dlp_v2.Likelihood.VERY_LIKELY,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"rules":[
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"patient"
},
"proximity":{
"windowBefore":50
},
"likelihoodAdjustment":{
"fixedLikelihood":"VERY_LIKELY"
}
}
}
]
}
],
"minLikelihood":"VERY_LIKELY"
}
...
如需详细了解热词,请参阅自定义匹配可能性。
多种检查规则场景
以下采用多种语言的 InspectConfig JSON 代码段和代码说明了如何同时应用排除规则和热词规则。此代码段的规则集同时包含热词规则以及字典和正则表达式排除规则。请注意,这四条规则在 rules 元素的数组中指定。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using System;
using System.Text.RegularExpressions;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using static Google.Cloud.Dlp.V2.CustomInfoType.Types;
public class InspectStringMultipleRules
{
public static InspectContentResponse Inspect(string projectId, string textToInspect)
{
var dlp = DlpServiceClient.Create();
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem
{
ByteItem = byteContentItem
};
var patientRule = new DetectionRule.Types.HotwordRule
{
HotwordRegex = new CustomInfoType.Types.Regex { Pattern = "patient" },
Proximity = new DetectionRule.Types.Proximity { WindowBefore = 10 },
LikelihoodAdjustment = new DetectionRule.Types.LikelihoodAdjustment { FixedLikelihood = Likelihood.VeryLikely }
};
var doctorRule = new DetectionRule.Types.HotwordRule
{
HotwordRegex = new CustomInfoType.Types.Regex { Pattern = "doctor" },
Proximity = new DetectionRule.Types.Proximity { WindowBefore = 10 },
LikelihoodAdjustment = new DetectionRule.Types.LikelihoodAdjustment { FixedLikelihood = Likelihood.Unlikely }
};
// Construct exclusion rules
var quasimodoRule = new ExclusionRule
{
Dictionary = new Dictionary { WordList = new Dictionary.Types.WordList { Words = { "Quasimodo" } } },
MatchingType = MatchingType.PartialMatch
};
var redactedRule = new ExclusionRule
{
Regex = new CustomInfoType.Types.Regex { Pattern = "REDACTED" },
MatchingType = MatchingType.PartialMatch
};
var infoType = new InfoType { Name = "PERSON_NAME" };
var inspectionRuleSet = new InspectionRuleSet
{
InfoTypes = { infoType },
Rules =
{
new InspectionRule { HotwordRule = patientRule },
new InspectionRule { HotwordRule = doctorRule},
new InspectionRule { ExclusionRule = quasimodoRule },
new InspectionRule { ExclusionRule = redactedRule }
}
};
var inspectConfig = new InspectConfig
{
InfoTypes = { infoType },
IncludeQuote = true,
RuleSet = { inspectionRuleSet }
};
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = inspectConfig
};
var response = dlp.InspectContent(request);
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach (var f in response.Result.Findings)
{
Console.WriteLine("\tQuote: " + f.Quote);
Console.WriteLine("\tInfo type: " + f.InfoType.Name);
Console.WriteLine("\tLikelihood: " + f.Likelihood);
}
return response;
}
}Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringMultipleRules inspects the provided text,
// avoiding matches specified in the exclusion list.
// this function implements the both exclusion and hot word rules.
func inspectStringMultipleRules(w io.Writer, projectID, textToInspect string) error {
// projectID := "my-project-id"
// textToInspect := "patient: Jane Doe"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
ContentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Construct the rule that adjust the likelihood of findings
// within a certain proximity of hot-word("patient").
patientRule := &dlppb.InspectionRule_HotwordRule{
HotwordRule: &dlppb.CustomInfoType_DetectionRule_HotwordRule{
HotwordRegex: &dlppb.CustomInfoType_Regex{
Pattern: "patient",
},
Proximity: &dlppb.CustomInfoType_DetectionRule_Proximity{
WindowBefore: 10,
},
LikelihoodAdjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment{
Adjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment_FixedLikelihood{
FixedLikelihood: dlppb.Likelihood_VERY_LIKELY,
},
},
},
}
// Construct the rule that adjust the likelihood of findings
// within a certain proximity of hot-word("doctor").
doctorRule := &dlppb.InspectionRule_HotwordRule{
HotwordRule: &dlppb.CustomInfoType_DetectionRule_HotwordRule{
HotwordRegex: &dlppb.CustomInfoType_Regex{
Pattern: "doctor",
},
Proximity: &dlppb.CustomInfoType_DetectionRule_Proximity{
WindowBefore: 10,
},
LikelihoodAdjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment{
Adjustment: &dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment_FixedLikelihood{
FixedLikelihood: dlppb.Likelihood_UNLIKELY,
},
},
},
}
// Construct the exclusion rule that avoids the matches for the specified word list.
quasimodoRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Dictionary{
Dictionary: &dlppb.CustomInfoType_Dictionary{
Source: &dlppb.CustomInfoType_Dictionary_WordList_{
WordList: &dlppb.CustomInfoType_Dictionary_WordList{
Words: []string{"Quasimodo"},
},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct the exclusion rule that avoids the matches for the specified regex pattern.
redactedRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_Regex{
Regex: &dlppb.CustomInfoType_Regex{
Pattern: "REDACTED",
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleSet that applies the rules to the PERSON_NAME infoType.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "PERSON_NAME"},
},
Rules: []*dlppb.InspectionRule{
{Type: &dlppb.InspectionRule_HotwordRule{HotwordRule: doctorRule.HotwordRule}},
{Type: &dlppb.InspectionRule_HotwordRule{HotwordRule: patientRule.HotwordRule}},
{Type: &dlppb.InspectionRule_ExclusionRule{ExclusionRule: quasimodoRule}},
{Type: &dlppb.InspectionRule_ExclusionRule{ExclusionRule: redactedRule}},
},
}
// Construct the configuration for the Inspect request, including the ruleSet.
inspectConfig := &dlppb.InspectConfig{
InfoTypes: []*dlppb.InfoType{
{Name: "PERSON_NAME"},
},
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
}
// Create and send the request.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: ContentItem,
InspectConfig: inspectConfig,
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.LikelihoodAdjustment;
import com.google.privacy.dlp.v2.CustomInfoType.DetectionRule.Proximity;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary;
import com.google.privacy.dlp.v2.CustomInfoType.Dictionary.WordList;
import com.google.privacy.dlp.v2.CustomInfoType.Regex;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.Likelihood;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
public class InspectStringMultipleRules {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "patient: Jane Doe";
inspectStringMultipleRules(projectId, textToInspect);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringMultipleRules(String projectId, String textToInspect)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Construct hotword rules
HotwordRule patientRule =
HotwordRule.newBuilder()
.setHotwordRegex(Regex.newBuilder().setPattern("patient"))
.setProximity(Proximity.newBuilder().setWindowBefore(10))
.setLikelihoodAdjustment(
LikelihoodAdjustment.newBuilder().setFixedLikelihood(Likelihood.VERY_LIKELY))
.build();
HotwordRule doctorRule =
HotwordRule.newBuilder()
.setHotwordRegex(Regex.newBuilder().setPattern("doctor"))
.setProximity(Proximity.newBuilder().setWindowBefore(10))
.setLikelihoodAdjustment(
LikelihoodAdjustment.newBuilder().setFixedLikelihood(Likelihood.UNLIKELY))
.build();
// Construct exclusion rules
ExclusionRule quasimodoRule =
ExclusionRule.newBuilder()
.setDictionary(
Dictionary.newBuilder().setWordList(WordList.newBuilder().addWords("Quasimodo")))
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.build();
ExclusionRule redactedRule =
ExclusionRule.newBuilder()
.setRegex(Regex.newBuilder().setPattern("REDACTED"))
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.build();
// Construct a ruleset that applies the rules to the PERSON_NAME infotype.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME"))
.addRules(InspectionRule.newBuilder().setHotwordRule(patientRule))
.addRules(InspectionRule.newBuilder().setHotwordRule(doctorRule))
.addRules(InspectionRule.newBuilder().setExclusionRule(quasimodoRule))
.addRules(InspectionRule.newBuilder().setExclusionRule(redactedRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("PERSON_NAME"))
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'patient: Jane Doe';
async function inspectStringMultipleRules() {
// Construct item to inspect
const item = {value: string};
// Construct hotword rules
const patientRule = {
hotwordRegex: {pattern: 'patient'},
proximity: {windowBefore: 10},
likelihoodAdjustment: {
fixedLikelihood:
DLP.protos.google.privacy.dlp.v2.Likelihood.VERY_LIKELY,
},
};
const doctorRule = {
hotwordRegex: {pattern: 'doctor'},
proximity: {windowBefore: 10},
likelihoodAdjustment: {
fixedLikelihood: DLP.protos.google.privacy.dlp.v2.Likelihood.UNLIKELY,
},
};
// Construct exclusion rules
const quasimodoRule = {
dictionary: {wordList: {words: ['quasimodo']}},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
const redactedRule = {
regex: {pattern: 'REDACTED'},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// The infoTypes of information to match
const infoTypes = [{name: 'PERSON_NAME'}];
// Construct a ruleset that applies the rules to the PERSON_NAME infotype.
const ruleSet = [
{
infoTypes: infoTypes,
rules: [
{hotwordRule: patientRule},
{hotwordRule: doctorRule},
{exclusionRule: quasimodoRule},
{exclusionRule: redactedRule},
],
},
];
// Construct the configuration for the Inspect request, including the ruleset.
const inspectConfig = {
infoTypes: infoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Construct the Inspect request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Use the client to send the API request.
const [response] = await dlp.inspectContent(request);
// Print findings.
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringMultipleRules();PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\HotwordRule;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\LikelihoodAdjustment;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\Proximity;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary;
use Google\Cloud\Dlp\V2\CustomInfoType\Dictionary\WordList;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data by using multiple rules
* Illustrates applying both exclusion and hotword rules. This snippet's rule set includes both hotword rules and dictionary and regex exclusion rules. Notice that the four rules are specified in an array within the rules element.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_multiple_rules(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'patient: Jane Doe'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Construct hotword rules
$patientRule = (new HotwordRule())
->setHotwordRegex((new Regex())
->setPattern('patient'))
->setProximity((new Proximity())
->setWindowBefore(10))
->setLikelihoodAdjustment((new LikelihoodAdjustment())
->setFixedLikelihood(Likelihood::VERY_LIKELY));
$doctorRule = (new HotwordRule())
->setHotwordRegex((new Regex())
->setPattern('doctor'))
->setProximity((new Proximity())
->setWindowBefore(10))
->setLikelihoodAdjustment((new LikelihoodAdjustment())
->setFixedLikelihood(Likelihood::VERY_UNLIKELY));
// Construct exclusion rules
$wordList = (new Dictionary())
->setWordList((new WordList())
->setWords(['Quasimodo']));
$quasimodoRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_PARTIAL_MATCH)
->setDictionary($wordList);
$redactedRule = (new ExclusionRule())
->setMatchingType(MatchingType::MATCHING_TYPE_PARTIAL_MATCH)
->setRegex((new Regex())
->setPattern('REDACTED'));
// Specify the exclusion rule and build-in info type the inspection will look for.
$personName = (new InfoType())
->setName('PERSON_NAME');
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$personName])
->setRules([
(new InspectionRule())
->setHotwordRule($patientRule),
(new InspectionRule())
->setHotwordRule($doctorRule),
(new InspectionRule())
->setExclusionRule($quasimodoRule),
(new InspectionRule())
->setExclusionRule($redactedRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes([$personName])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
}
}
}Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def inspect_string_multiple_rules(project: str, content_string: str) -> None:
"""Uses the Data Loss Prevention API to modify likelihood for matches on
PERSON_NAME combining multiple hotword and exclusion rules.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct hotword rules
patient_rule = {
"hotword_regex": {"pattern": "patient"},
"proximity": {"window_before": 10},
"likelihood_adjustment": {
"fixed_likelihood": google.cloud.dlp_v2.Likelihood.VERY_LIKELY
},
}
doctor_rule = {
"hotword_regex": {"pattern": "doctor"},
"proximity": {"window_before": 10},
"likelihood_adjustment": {
"fixed_likelihood": google.cloud.dlp_v2.Likelihood.UNLIKELY
},
}
# Construct exclusion rules
quasimodo_rule = {
"dictionary": {"word_list": {"words": ["quasimodo"]}},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
redacted_rule = {
"regex": {"pattern": "REDACTED"},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
# Construct the rule set, combining the above rules
rule_set = [
{
"info_types": [{"name": "PERSON_NAME"}],
"rules": [
{"hotword_rule": patient_rule},
{"hotword_rule": doctor_rule},
{"exclusion_rule": quasimodo_rule},
{"exclusion_rule": redacted_rule},
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": [{"name": "PERSON_NAME"}],
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
REST
要详细了解如何将 DLP API 与 JSON 结合使用,请参阅 JSON 快速入门。
...
"inspectConfig":{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"ruleSet":[
{
"infoTypes":[
{
"name":"PERSON_NAME"
}
],
"rules":[
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"patient"
},
"proximity":{
"windowBefore":10
},
"likelihoodAdjustment":{
"fixedLikelihood":"VERY_LIKELY"
}
}
},
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"doctor"
},
"proximity":{
"windowBefore":10
},
"likelihoodAdjustment":{
"fixedLikelihood":"UNLIKELY"
}
}
},
{
"exclusionRule":{
"dictionary":{
"wordList":{
"words":[
"Quasimodo"
]
}
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
},
{
"exclusionRule":{
"regex":{
"pattern":"REDACTED"
},
"matchingType": "MATCHING_TYPE_PARTIAL_MATCH"
}
}
]
}
]
}
...
重叠的 infoType 检测器
可以定义与内置 infoType 检测器同名的自定义 infoType 检测器。如热词规则示例场景部分中的示例所示,如果您创建与内置 infoType 同名的自定义 infoType 检测器,则新 infoType 检测器检测到的任何结果都会添加到内置检测器检测到的结果中。仅当 InspectConfig 对象的 infoType 列表中指定了内置 infoType 时,才会出现此情况。
创建新的自定义 infoType 检测器时,请对示例内容进行充分测试,确保其按预期工作。