遮盖图片中的敏感数据

使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。

Cloud Data Loss Prevention 可以隐去图片中的敏感文本。借助 infoType 检测器Cloud Vision,Cloud DLP 可检查图片中的文本并检测文本中的敏感数据,然后返回已将任何匹配的敏感数据用不透明矩形遮盖的图片。

例如,请参考下面这两张“遮盖前”和“遮盖后”的图片。原始图片是通过扫描纸质文档生成的典型图片文件示例。在此示例中,Cloud DLP 已配置为根据不同的内容,使用不同颜色的矩形遮盖美国社会保障号、电子邮件地址和电话号码。

遮盖前和遮盖后的图片(点击可放大)
  1. 图片遮盖前的扫描图片
  2. 图片遮盖后的扫描图片

限制和注意事项

隐去图片中的内容时,请考虑以下几点。

支持的文件类型

Cloud DLP 可以隐去许多图片类型(包括 JPEG、BMP 和 PNG)中的敏感数据。如需了解详情,请参阅支持的文件类型

SVG、PDF、XLSX、PPTX 或 DOCX 文件不支持内容隐去。

发现结果限制

遮盖图片中的数据时,发现结果限制不适用。它们可能会导致意外或可能不一致的结果,其中只有一些数据会被隐去。如果您在请求中包含 FindingLimits,Cloud DLP 会生成错误。

准备工作

  1. 登录您的 Google Cloud 帐号。如果您是 Google Cloud 新手,请创建一个帐号来评估我们的产品在实际场景中的表现。新客户还可获享 $300 赠金,用于运行、测试和部署工作负载。

  2. 在 Google Cloud Console 中的项目选择器页面上,选择或创建一个 Google Cloud 项目

    转到“项目选择器”

  3. 确保您的 Cloud 项目已启用结算功能。了解如何检查项目是否已启用结算功能

  4. 启用 DLP API。

    启用 API

  5. 创建服务帐号:

    1. 在 Google Cloud 控制台中,转到创建服务帐号页面。

      转到“创建服务帐号”
    2. 选择您的项目。

    3. 服务帐号名称字段中,输入一个名称。Google Cloud 控制台会根据此名称填充服务帐号 ID 字段。

      服务帐号说明字段中,输入说明。例如,Service account for quickstart

    4. 点击创建并继续

    5. 如需提供对项目的访问权限,请向服务帐号授予以下角色:Project > Owner

      选择角色列表中,选择一个角色。

      如需添加其他角色,请点击 添加其他角色,然后添加其他各个角色。

    6. 点击继续

    7. 点击完成以完成服务帐号的创建过程。

      不要关闭浏览器窗口。您将在下一步骤中用到它。

  6. 创建服务帐号密钥:

    1. 在 Google Cloud 控制台中,点击您创建的服务帐号的电子邮件地址。
    2. 点击密钥
    3. 点击添加密钥,然后点击创建新密钥
    4. 点击创建。JSON 密钥文件将下载到您的计算机上。
    5. 点击关闭

  7. 将环境变量 GOOGLE_APPLICATION_CREDENTIALS 设置为包含您的服务帐号密钥的 JSON 文件的路径。 此变量仅适用于当前的 shell 会话,因此,如果您打开新的会话,请重新设置该变量。

  8. 安装 Google Cloud CLI。

  9. 如需初始化 gcloud CLI,请运行以下命令: 

    gcloud init
    10.

  10. 在 Google Cloud Console 中的项目选择器页面上,选择或创建一个 Google Cloud 项目

    转到“项目选择器”

  11. 确保您的 Cloud 项目已启用结算功能。了解如何检查项目是否已启用结算功能

  12. 启用 DLP API。

    启用 API

  13. 创建服务帐号:

    1. 在 Google Cloud 控制台中,转到创建服务帐号页面。

      转到“创建服务帐号”
    2. 选择您的项目。

    3. 服务帐号名称字段中,输入一个名称。Google Cloud 控制台会根据此名称填充服务帐号 ID 字段。

      服务帐号说明字段中,输入说明。例如,Service account for quickstart

    4. 点击创建并继续

    5. 如需提供对项目的访问权限,请向服务帐号授予以下角色:Project > Owner

      选择角色列表中,选择一个角色。

      如需添加其他角色,请点击 添加其他角色,然后添加其他各个角色。

    6. 点击继续

    7. 点击完成以完成服务帐号的创建过程。

      不要关闭浏览器窗口。您将在下一步骤中用到它。

  14. 创建服务帐号密钥:

    1. 在 Google Cloud 控制台中,点击您创建的服务帐号的电子邮件地址。
    2. 点击密钥
    3. 点击添加密钥,然后点击创建新密钥
    4. 点击创建。JSON 密钥文件将下载到您的计算机上。
    5. 点击关闭

  15. 将环境变量 GOOGLE_APPLICATION_CREDENTIALS 设置为包含您的服务帐号密钥的 JSON 文件的路径。 此变量仅适用于当前的 shell 会话,因此,如果您打开新的会话,请重新设置该变量。

  16. 安装 Google Cloud CLI。

  17. 如需初始化 gcloud CLI,请运行以下命令: 

    gcloud init
    18.

遮盖图片中的所有默认 infoType

如需遮盖图片中的敏感数据,请向 DLP API 的 image.redact 方法提交图片。除非您指定要搜索的特定信息类型 (infoType),否则 Cloud DLP 会搜索最常见的 infoType。

如需遮盖图片中的默认 infoType,请执行以下操作:

  1. 将图片编码为 base64 字符串。

    如果您计划使用某个 Cloud DLP 客户端库执行此任务,请跳过此步骤。

  2. image.redact 方法提交请求。

    如果要隐去默认 infoType,则请求只需要使用 base64 编码的图片。

例如,请参考下面的图片:这是一个通过扫描纸质文档生成的典型图片文件示例。

未进行隐去处理的原始图片(点击可放大)

如需遮盖图片中的默认 infoType,请向 DLP API 的 image.redact 方法发送以下请求:

协议

{
  "byteItem": {
    "data": "[BASE64-ENCODED-IMAGE]",
    "type": "IMAGE_JPEG"
  }
}

Cloud DLP 返回以下内容:

    {
      "redactedImage": "[BASE64-ENCODED-IMAGE]"
    }

对 base64 编码的图片进行解码。

Java

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;

class RedactImageFileAllInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "my-project-id";
    String inputPath = "src/test/resources/sensitive-data-image.jpeg";
    String outputPath = "sensitive-data-image-redacted.jpeg";
    redactImageFileAllInfoTypes(projectId, inputPath, outputPath);
  }

  static void redactImageFileAllInfoTypes(String projectId, String inputPath, String outputPath)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify the content to be redacted.
      ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
      ByteContentItem byteItem =
          ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();

      // Construct the Redact request to be sent by the client.
      // Do not specify the type of info to redact.
      RedactImageRequest request =
          RedactImageRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setByteItem(byteItem)
              .build();

      // Use the client to send the API request.
      RedactImageResponse response = dlp.redactImage(request);

      // Parse the response and process results.
      FileOutputStream redacted = new FileOutputStream(outputPath);
      redacted.write(response.getRedactedImage().toByteArray());
      redacted.close();
      System.out.println("Redacted image written to " + outputPath);
    }
  }
}

生成的图片如下所示:

遮盖后的图片,所有 infoType(点击可放大)

请注意,除了遮盖手写的社会保障号、电子邮件地址和电话号码之外,Cloud DLP 还隐去了年份。下一部分演示了如何仅遮盖某些 infoType。

遮盖图片中的特定 infoType

如果您只需要遮盖图片中的某些敏感数据,请指定这些数据相应的内置 infoType。

如需遮盖图片中的特定 infoType,请向 DLP API 的 image.redact 方法提交请求。该请求必须包含以下内容:* 图片。* 一个或多个 infoType 检测器

请参考上一部分中的原始图片。如要仅遮盖美国社会保障号、电子邮件地址和电话号码,请将以下 JSON 发送到 DLP API 的 image.redact 方法:

协议

    {
      "byteItem": {
        "data": "[BASE64-ENCODED-IMAGE]",
        "type": "IMAGE_JPEG"
      },
      "imageRedactionConfigs": [
        {
          "infoType": {
            "name": "US_SOCIAL_SECURITY_NUMBER"
          }
        },
        {
          "infoType": {
            "name": "EMAIL_ADDRESS"
          }
        },
        {
          "infoType": {
            "name": "PHONE_NUMBER"
          }
        }
      ]
    }

Cloud DLP 返回以下内容:

    {
      "redactedImage": "[BASE64-ENCODED-IMAGE]"
    }

对 base64 编码的图片进行解码。

Java

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;

class RedactImageFileListedInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "my-project-id";
    String inputPath = "src/test/resources/sensitive-data-image.jpeg";
    String outputPath = "sensitive-data-image-redacted.jpeg";
    redactImageFileListedInfoTypes(projectId, inputPath, outputPath);
  }

  static void redactImageFileListedInfoTypes(String projectId, String inputPath, String outputPath)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify the content to be redacted.
      ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
      ByteContentItem byteItem =
          ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();

      // Specify the types of info necessary to redact.
      List<InfoType> infoTypes = new ArrayList<>();
      // See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
      for (String typeName :
          new String[] {"US_SOCIAL_SECURITY_NUMBER", "EMAIL_ADDRESS", "PHONE_NUMBER"}) {
        infoTypes.add(InfoType.newBuilder().setName(typeName).build());
      }
      InspectConfig inspectConfig = InspectConfig.newBuilder().addAllInfoTypes(infoTypes).build();

      // Prepare redaction configs.
      List<ImageRedactionConfig> imageRedactionConfigs =
          infoTypes.stream()
              .map(infoType -> ImageRedactionConfig.newBuilder().setInfoType(infoType).build())
              .collect(Collectors.toList());

      // Construct the Redact request to be sent by the client.
      RedactImageRequest request =
          RedactImageRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setByteItem(byteItem)
              .addAllImageRedactionConfigs(imageRedactionConfigs)
              .setInspectConfig(inspectConfig)
              .build();

      // Use the client to send the API request.
      RedactImageResponse response = dlp.redactImage(request);

      // Parse the response and process results.
      FileOutputStream redacted = new FileOutputStream(outputPath);
      redacted.write(response.getRedactedImage().toByteArray());
      redacted.close();
      System.out.println("Redacted image written to " + outputPath);
    }
  }
}

C#

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;

public class RedactImage
{
    public static RedactImageResponse Redact(string projectId, string originalImagePath, string redactedImagePath)
    {
        var request = new RedactImageRequest
        {
            Parent = new LocationName(projectId, "global").ToString(),
            InspectConfig = new InspectConfig
            {
                MinLikelihood = Likelihood.Likely,
                Limits = new InspectConfig.Types.FindingLimits() { MaxFindingsPerItem = 5 },
                IncludeQuote = true,
                InfoTypes =
                    {
                        new InfoType { Name = "PHONE_NUMBER" },
                        new InfoType { Name = "EMAIL_ADDRESS" }
                    }
            },
            ByteItem = new ByteContentItem
            {
                Type = ByteContentItem.Types.BytesType.ImagePng,
                Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
            },
        };

        var client = DlpServiceClient.Create();
        var response = client.RedactImage(request);

        Console.WriteLine($"Extracted text: {response.ExtractedText}");

        // Writes redacted image into file
        response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));

        return response;
    }
}

生成的图片如下所示:

遮盖后的图片,3 个 infoType(点击可放大)

如果您想一目了然地查看被遮盖的内容,可以为遮盖的 infoType 信息添加颜色。请参阅以下部分了解详情。

为图片中遮盖的 infoType 添加颜色

要为遮盖的 infoType 信息添加颜色,请将 infoType 检测器与 RGB 颜色空间值配对。

如需为图片中遮盖的 infoType 添加颜色,请向 DLP API 的 image.redact 方法提交请求。该请求必须包含以下内容:* 图片。* 一个或多个 infoType 检测器,使用 RGB 颜色空间值为每个检测器分配一种颜色。

请参考第一部分中的原始图片。要使用紫色框遮盖美国社会保障号、使用绿色框遮盖电子邮件地址以及使用橙色框遮盖电话号码,请将以下 JSON 发送到 DLP API 的 image.redact 方法:

协议

    {
      "byteItem": {
        "data": "[BASE64-ENCODED-IMAGE]",
        "type": "IMAGE_JPEG"
      },
      "imageRedactionConfigs": [
        {
          "infoType": {
            "name": "US_SOCIAL_SECURITY_NUMBER"
          },
          "redactionColor": {
            "red": 0.3,
            "green": 0.1,
            "blue": 0.6
          }
        },
        {
          "infoType": {
            "name": "EMAIL_ADDRESS"
          },
          "redactionColor": {
            "red": 0.5,
            "blue": 0.5,
            "green": 1
          }
        },
        {
          "infoType": {
            "name": "PHONE_NUMBER"
          },
          "redactionColor": {
            "red": 1,
            "blue": 0,
            "green": 0.6
          }
        }
      ]
    }

Cloud DLP 返回以下内容:

    {
      "redactedImage": "[BASE64-ENCODED-IMAGE]"
    }

对 base64 编码的图片进行解码。

Java

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.Color;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

class RedactImageFileColoredInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "my-project-id";
    String inputPath = "src/test/resources/test.png";
    String outputPath = "redacted.png";
    redactImageFileColoredInfoTypes(projectId, inputPath, outputPath);
  }

  static void redactImageFileColoredInfoTypes(String projectId, String inputPath, String outputPath)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify the content to be redacted.
      ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
      ByteContentItem byteItem =
          ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();

      // Define types of info to redact associate each one with a different color.
      // See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
      ImageRedactionConfig ssnRedactionConfig =
          ImageRedactionConfig.newBuilder()
              .setInfoType(InfoType.newBuilder().setName("US_SOCIAL_SECURITY_NUMBER").build())
              .setRedactionColor(Color.newBuilder().setRed(.3f).setGreen(.1f).setBlue(.6f).build())
              .build();
      ImageRedactionConfig emailRedactionConfig =
          ImageRedactionConfig.newBuilder()
              .setInfoType(InfoType.newBuilder().setName("EMAIL_ADDRESS").build())
              .setRedactionColor(Color.newBuilder().setRed(.5f).setGreen(.5f).setBlue(1).build())
              .build();
      ImageRedactionConfig phoneRedactionConfig =
          ImageRedactionConfig.newBuilder()
              .setInfoType(InfoType.newBuilder().setName("PHONE_NUMBER").build())
              .setRedactionColor(Color.newBuilder().setRed(1).setGreen(0).setBlue(.6f).build())
              .build();

      // Create collection of all redact configurations.
      List<ImageRedactionConfig> imageRedactionConfigs =
          Arrays.asList(ssnRedactionConfig, emailRedactionConfig, phoneRedactionConfig);

      // List types of info to search for.
      InspectConfig config =
          InspectConfig.newBuilder()
              .addAllInfoTypes(
                  imageRedactionConfigs.stream()
                      .map(ImageRedactionConfig::getInfoType)
                      .collect(Collectors.toList()))
              .build();

      // Construct the Redact request to be sent by the client.
      RedactImageRequest request =
          RedactImageRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setByteItem(byteItem)
              .addAllImageRedactionConfigs(imageRedactionConfigs)
              .setInspectConfig(config)
              .build();

      // Use the client to send the API request.
      RedactImageResponse response = dlp.redactImage(request);

      // Parse the response and process results.
      FileOutputStream redacted = new FileOutputStream(outputPath);
      redacted.write(response.getRedactedImage().toByteArray());
      redacted.close();
      System.out.println("Redacted image written to " + outputPath);
    }
  }
}

生成的图片如下所示:

遮盖后的图片,3 种不同颜色的 infoType(点击可放大)

遮盖图片中的所有文本

Cloud DLP 还包含一个选项,可以遮盖图片中检测到的所有文本。

如需遮盖图片中的所有文本,请向 DLP API 的 image.redact 方法提交请求。该请求必须包含以下内容:* 图片。* 将 redactAllText 选项设置为 true

请参考第一部分中的原始图片。要遮盖所有文本,请将以下 JSON 发送到 DLP API 的 image.redact 方法:

协议

    {
      "byteItem": {
        "data": "[BASE64-ENCODED-IMAGE]",
        "type": "IMAGE_JPEG"
      },
      "imageRedactionConfigs": [
        {
          "redactAllText": true
        }
      ]
    }

Cloud DLP 返回以下内容:

    {
      "redactedImage": "[BASE64-ENCODED-IMAGE]"
    }

对 base64 编码的图片进行解码。

Python

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库



def redact_image_all_text(
    project,
    filename,
    output_filename,
):
    """Uses the Data Loss Prevention API to redact all text in an image.

    Args:
        project: The Google Cloud project id to use as a parent resource.
        filename: The path to the file to inspect.
        output_filename: The path to which the redacted image will be written.

    Returns:
        None; the response from the API is printed to the terminal.
    """
    # Import the client library
    import google.cloud.dlp

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the image_redaction_configs, indicating to DLP that all text in
    # the input image should be redacted.
    image_redaction_configs = [{"redact_all_text": True}]

    # Construct the byte_item, containing the file's byte data.
    with open(filename, mode="rb") as f:
        byte_item = {"type_": google.cloud.dlp_v2.FileType.IMAGE, "data": f.read()}

    # Convert the project id into a full resource id.
    parent = f"projects/{project}"

    # Call the API.
    response = dlp.redact_image(
        request={
            "parent": parent,
            "image_redaction_configs": image_redaction_configs,
            "byte_item": byte_item,
        }
    )

    # Write out the results.
    with open(output_filename, mode="wb") as f:
        f.write(response.redacted_image)

    print(
        "Wrote {byte_count} to {filename}".format(
            byte_count=len(response.redacted_image), filename=output_filename
        )
    )

Java

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;

class RedactImageFileAllText {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "my-project-id";
    String inputPath = "src/test/resources/sensitive-data-image.jpeg";
    String outputPath = "sensitive-data-image-redacted.jpeg";
    redactImageFileAllText(projectId, inputPath, outputPath);
  }

  static void redactImageFileAllText(String projectId, String inputPath, String outputPath)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify the content to be redacted.
      ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
      ByteContentItem byteItem =
          ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();

      // Enable redaction of all text.
      ImageRedactionConfig imageRedactionConfig =
          ImageRedactionConfig.newBuilder().setRedactAllText(true).build();

      // Construct the Redact request to be sent by the client.
      // Do not specify the type of info to redact.
      RedactImageRequest request =
          RedactImageRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setByteItem(byteItem)
              .addImageRedactionConfigs(imageRedactionConfig)
              .build();

      // Use the client to send the API request.
      RedactImageResponse response = dlp.redactImage(request);

      // Parse the response and process results.
      FileOutputStream redacted = new FileOutputStream(outputPath);
      redacted.write(response.getRedactedImage().toByteArray());
      redacted.close();
      System.out.println("Redacted image written to " + outputPath);
    }
  }
}

此 API 会以相同格式返回您所提供的图片,但会遮盖根据您的标准识别为包含敏感信息的所有文本。

生成的图片如下所示:

已遮盖所有本文的图片(点击可放大)

代码示例

以下是多种语言的示例代码,演示了如何使用 Cloud DLP 遮盖图片中的敏感文本。

Node.js

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';

// The minimum likelihood required before redacting a match
// const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';

// The infoTypes of information to redact
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }, { name: 'PHONE_NUMBER' }];

// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImage() {
  const imageRedactionConfigs = infoTypes.map(infoType => {
    return {infoType: infoType};
  });

  // Load image
  const fileTypeConstant =
    ['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
      mime.getType(filepath)
    ) + 1;
  const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');

  // Construct image redaction request
  const request = {
    parent: `projects/${projectId}/locations/global`,
    byteItem: {
      type: fileTypeConstant,
      data: fileBytes,
    },
    inspectConfig: {
      minLikelihood: minLikelihood,
      infoTypes: infoTypes,
    },
    imageRedactionConfigs: imageRedactionConfigs,
  };

  // Run image redaction request
  const [response] = await dlp.redactImage(request);
  const image = response.redactedImage;
  fs.writeFileSync(outputPath, image);
  console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImage();

Python

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库

import mimetypes

def redact_image(
    project,
    filename,
    output_filename,
    info_types,
    min_likelihood=None,
    mime_type=None,
):
    """Uses the Data Loss Prevention API to redact protected data in an image.
    Args:
        project: The Google Cloud project id to use as a parent resource.
        filename: The path to the file to inspect.
        output_filename: The path to which the redacted image will be written.
        info_types: A list of strings representing info types to look for.
            A full list of info type categories can be fetched from the API.
        min_likelihood: A string representing the minimum likelihood threshold
            that constitutes a match. One of: 'LIKELIHOOD_UNSPECIFIED',
            'VERY_UNLIKELY', 'UNLIKELY', 'POSSIBLE', 'LIKELY', 'VERY_LIKELY'.
        mime_type: The MIME type of the file. If not specified, the type is
            inferred via the Python standard library's mimetypes module.
    Returns:
        None; the response from the API is printed to the terminal.
    """
    # Import the client library
    import google.cloud.dlp

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Prepare info_types by converting the list of strings into a list of
    # dictionaries (protos are also accepted).
    info_types = [{"name": info_type} for info_type in info_types]

    # Prepare image_redaction_configs, a list of dictionaries. Each dictionary
    # contains an info_type and optionally the color used for the replacement.
    # The color is omitted in this sample, so the default (black) will be used.
    image_redaction_configs = []

    if info_types is not None:
        for info_type in info_types:
            image_redaction_configs.append({"info_type": info_type})

    # Construct the configuration dictionary. Keys which are None may
    # optionally be omitted entirely.
    inspect_config = {
        "min_likelihood": min_likelihood,
        "info_types": info_types,
    }

    # If mime_type is not specified, guess it from the filename.
    if mime_type is None:
        mime_guess = mimetypes.MimeTypes().guess_type(filename)
        mime_type = mime_guess[0] or "application/octet-stream"

    # Select the content type index from the list of supported types.
    supported_content_types = {
        None: 0,  # "Unspecified"
        "image/jpeg": 1,
        "image/bmp": 2,
        "image/png": 3,
        "image/svg": 4,
        "text/plain": 5,
    }
    content_type_index = supported_content_types.get(mime_type, 0)

    # Construct the byte_item, containing the file's byte data.
    with open(filename, mode="rb") as f:
        byte_item = {"type_": content_type_index, "data": f.read()}

    # Convert the project id into a full resource id.
    parent = f"projects/{project}"

    # Call the API.
    response = dlp.redact_image(
        request={
            "parent": parent,
            "inspect_config": inspect_config,
            "image_redaction_configs": image_redaction_configs,
            "byte_item": byte_item,
        }
    )

    # Write out the results.
    with open(output_filename, mode="wb") as f:
        f.write(response.redacted_image)
    print(
        "Wrote {byte_count} to {filename}".format(
            byte_count=len(response.redacted_image), filename=output_filename
        )
    )

Go

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库

import (
	"context"
	"fmt"
	"io"
	"io/ioutil"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// redactImage blacks out the identified portions of the input image (with type bytesType)
// and stores the result in outputPath.
func redactImage(w io.Writer, projectID string, infoTypeNames []string, bytesType dlppb.ByteContentItem_BytesType, inputPath, outputPath string) error {
	// projectID := "my-project-id"
	// infoTypeNames := []string{"US_SOCIAL_SECURITY_NUMBER"}
	// bytesType := dlppb.ByteContentItem_IMAGE_PNG
	// inputPath := /tmp/input
	// outputPath := /tmp/output

	ctx := context.Background()

	client, err := dlp.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("dlp.NewClient: %v", err)
	}
	defer client.Close()

	// Convert the info type strings to a list of InfoTypes.
	var infoTypes []*dlppb.InfoType
	for _, it := range infoTypeNames {
		infoTypes = append(infoTypes, &dlppb.InfoType{Name: it})
	}

	// Convert the info type strings to a list of types to redact in the image.
	var redactInfoTypes []*dlppb.RedactImageRequest_ImageRedactionConfig
	for _, it := range infoTypeNames {
		redactInfoTypes = append(redactInfoTypes, &dlppb.RedactImageRequest_ImageRedactionConfig{
			Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{
				InfoType: &dlppb.InfoType{Name: it},
			},
		})
	}

	// Read the input file.
	b, err := ioutil.ReadFile(inputPath)
	if err != nil {
		return fmt.Errorf("ioutil.ReadFile: %v", err)
	}

	// Create a configured request.
	req := &dlppb.RedactImageRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		InspectConfig: &dlppb.InspectConfig{
			InfoTypes:     infoTypes,
			MinLikelihood: dlppb.Likelihood_POSSIBLE,
		},
		// The item to analyze.
		ByteItem: &dlppb.ByteContentItem{
			Type: bytesType,
			Data: b,
		},
		ImageRedactionConfigs: redactInfoTypes,
	}
	// Send the request.
	resp, err := client.RedactImage(ctx, req)
	if err != nil {
		return fmt.Errorf("RedactImage: %v", err)
	}
	// Write the output file.
	if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
		return fmt.Errorf("ioutil.WriteFile: %v", err)
	}
	fmt.Fprintf(w, "Wrote output to %s", outputPath)
	return nil
}

PHP

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库

use Google\Cloud\Dlp\V2\DlpServiceClient;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\RedactImageRequest\ImageRedactionConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\ByteContentItem;

/**
 * Redact sensitive data from an image.
 *
 * @param string $callingProjectId    The project ID to run the API call under
 * @param string $imagePath           The local filepath of the image to inspect
 * @param string $outputPath          The local filepath to save the resulting image to
 */
function redact_image(
    string $callingProjectId,
    string $imagePath,
    string $outputPath
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    // The infoTypes of information to match
    $phoneNumberInfoType = (new InfoType())
        ->setName('PHONE_NUMBER');
    $infoTypes = [$phoneNumberInfoType];

    // The minimum likelihood required before returning a match
    $minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;

    // Whether to include the matching string in the response
    $includeQuote = true;

    // Create the configuration object
    $inspectConfig = (new InspectConfig())
        ->setMinLikelihood($minLikelihood)
        ->setInfoTypes($infoTypes);

    // Read image file into a buffer
    $imageRef = fopen($imagePath, 'rb');
    $imageBytes = fread($imageRef, filesize($imagePath));
    fclose($imageRef);

    // Get the image's content type
    $typeConstant = (int) array_search(
        mime_content_type($imagePath),
        [false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
    );

    // Create the byte-storing object
    $byteContent = (new ByteContentItem())
        ->setType($typeConstant)
        ->setData($imageBytes);

    // Create the image redaction config objects
    $imageRedactionConfigs = [];
    foreach ($infoTypes as $infoType) {
        $config = (new ImageRedactionConfig())
            ->setInfoType($infoType);
        $imageRedactionConfigs[] = $config;
    }

    $parent = "projects/$callingProjectId/locations/global";

    // Run request
    $response = $dlp->redactImage([
        'parent' => $parent,
        'inspectConfig' => $inspectConfig,
        'byteItem' => $byteContent,
        'imageRedactionConfigs' => $imageRedactionConfigs
    ]);

    // Save result to file
    file_put_contents($outputPath, $response->getRedactedImage());

    // Print completion message
    print('Redacted image saved to ' . $outputPath . PHP_EOL);
}

C#

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库


using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;

public class RedactImage
{
    public static RedactImageResponse Redact(string projectId, string originalImagePath, string redactedImagePath)
    {
        var request = new RedactImageRequest
        {
            Parent = new LocationName(projectId, "global").ToString(),
            InspectConfig = new InspectConfig
            {
                MinLikelihood = Likelihood.Likely,
                Limits = new InspectConfig.Types.FindingLimits() { MaxFindingsPerItem = 5 },
                IncludeQuote = true,
                InfoTypes =
                    {
                        new InfoType { Name = "PHONE_NUMBER" },
                        new InfoType { Name = "EMAIL_ADDRESS" }
                    }
            },
            ByteItem = new ByteContentItem
            {
                Type = ByteContentItem.Types.BytesType.ImagePng,
                Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
            },
        };

        var client = DlpServiceClient.Create();
        var response = client.RedactImage(request);

        Console.WriteLine($"Extracted text: {response.ExtractedText}");

        // Writes redacted image into file
        response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));

        return response;
    }
}

试试看

您可以在 API Explorer 的 image.redact 参考页面上自行尝试本页中的每个示例,或使用您自己的图片尝试这些操作:

转到 API Explorer

后续步骤