Übereinstimmungen bei Domainnamen auslassen, die Teil von E-Mail-Adressen in einem DOMAIN_NAME-Detektorscan sind
Weitere Informationen
Eine ausführliche Dokumentation, die dieses Codebeispiel enthält, finden Sie hier:
Codebeispiel
C#
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
using System.Linq;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using static Google.Cloud.Dlp.V2.CustomInfoType.Types;
public class InspectStringWithoutOverlap
{
public static InspectContentResponse Inspect(string projectId, string textToInspect)
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
var dlp = DlpServiceClient.Create();
// Specify the type and content to be inspected.
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.TextUtf8,
Data = Google.Protobuf.ByteString.CopyFromUtf8(textToInspect)
};
var contentItem = new ContentItem
{
ByteItem = byteContentItem
};
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
var infoTypes = new string[] { "DOMAIN_NAME", "EMAIL_ADDRESS" }.Select(it => new InfoType { Name = it });
// Define a custom info type to exclude email addresses
var customInfoType = new CustomInfoType
{
InfoType = new InfoType { Name = "EMAIL_ADDRESS" },
ExclusionType = ExclusionType.Exclude
};
// Exclude EMAIL_ADDRESS matches
var exclusionRule = new ExclusionRule
{
ExcludeInfoTypes = new ExcludeInfoTypes
{
InfoTypes = { new InfoType { Name = "EMAIL_ADDRESS" } }
},
MatchingType = MatchingType.PartialMatch
};
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
var ruleSet = new InspectionRuleSet
{
InfoTypes = { new InfoType { Name = "DOMAIN_NAME" } },
Rules = { new InspectionRule { ExclusionRule = exclusionRule } }
};
// Construct the configuration for the Inspect request, including the ruleset.
var config = new InspectConfig
{
InfoTypes = { infoTypes },
CustomInfoTypes = { customInfoType },
IncludeQuote = true,
RuleSet = { ruleSet }
};
// Construct the Inspect request to be sent by the client.
var request = new InspectContentRequest
{
Parent = new LocationName(projectId, "global").ToString(),
Item = contentItem,
InspectConfig = config
};
// Use the client to send the API request.
var response = dlp.InspectContent(request);
return response;
}
}
Go
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectStringWithoutOverlap inspects a string for sensitive data
// and omit overlapping matches on domain and email
func inspectStringWithoutOverlap(w io.Writer, projectID, textToInspect string) error {
// projectID := "my-project-id"
// textToInspect := "example.com is a domain, james@example.org is an email."
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// Specify the type and content to be inspected.
contentItem := &dlppb.ContentItem{
DataItem: &dlppb.ContentItem_ByteItem{
ByteItem: &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_TEXT_UTF8,
Data: []byte(textToInspect),
},
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes := []*dlppb.InfoType{
{Name: "DOMAIN_NAME"},
{Name: "EMAIL_ADDRESS"},
}
// Define a custom info type to exclude email addresses
customInfotype := &dlppb.CustomInfoType{
InfoType: &dlppb.InfoType{
Name: "EMAIL_ADDRESS",
},
ExclusionType: dlppb.CustomInfoType_EXCLUSION_TYPE_EXCLUDE,
}
// Exclude EMAIL_ADDRESS matches
exclusionRule := &dlppb.ExclusionRule{
Type: &dlppb.ExclusionRule_ExcludeInfoTypes{
ExcludeInfoTypes: &dlppb.ExcludeInfoTypes{
InfoTypes: []*dlppb.InfoType{
{Name: "EMAIL_ADDRESS"},
},
},
},
MatchingType: dlppb.MatchingType_MATCHING_TYPE_PARTIAL_MATCH,
}
// Construct a ruleSet that applies the exclusion rule to the DOMAIN_NAME infoType.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
ruleSet := &dlppb.InspectionRuleSet{
InfoTypes: []*dlppb.InfoType{
{Name: "DOMAIN_NAME"},
},
Rules: []*dlppb.InspectionRule{
{
Type: &dlppb.InspectionRule_ExclusionRule{
ExclusionRule: exclusionRule,
},
},
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.InspectContentRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
Item: contentItem,
// Construct the Inspect request to be sent by the client.
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
CustomInfoTypes: []*dlppb.CustomInfoType{
customInfotype,
},
IncludeQuote: true,
RuleSet: []*dlppb.InspectionRuleSet{
ruleSet,
},
},
}
// Send the request.
resp, err := client.InspectContent(ctx, req)
if err != nil {
return err
}
// Process the results.
fmt.Fprintf(w, "Findings: %v\n", len(resp.Result.Findings))
for _, v := range resp.GetResult().Findings {
fmt.Fprintf(w, "Quote: %v\n", v.GetQuote())
fmt.Fprintf(w, "Infotype Name: %v\n", v.GetInfoType().GetName())
fmt.Fprintf(w, "Likelihood: %v\n", v.GetLikelihood())
}
return nil
}
Java
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CustomInfoType;
import com.google.privacy.dlp.v2.CustomInfoType.ExclusionType;
import com.google.privacy.dlp.v2.ExcludeInfoTypes;
import com.google.privacy.dlp.v2.ExclusionRule;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectionRule;
import com.google.privacy.dlp.v2.InspectionRuleSet;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.MatchingType;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class InspectStringWithoutOverlap {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String textToInspect = "example.com is a domain, james@example.org is an email.";
inspectStringWithoutOverlap(projectId, textToInspect);
}
// Inspects the provided text, avoiding matches specified in the exclusion list.
public static void inspectStringWithoutOverlap(String projectId, String textToInspect)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the type and content to be inspected.
ByteContentItem byteItem =
ByteContentItem.newBuilder()
.setType(BytesType.TEXT_UTF8)
.setData(ByteString.copyFromUtf8(textToInspect))
.build();
ContentItem item = ContentItem.newBuilder().setByteItem(byteItem).build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
List<InfoType> infoTypes = new ArrayList<>();
for (String typeName : new String[] {"DOMAIN_NAME", "EMAIL_ADDRESS"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
// Define a custom info type to exclude email addresses
CustomInfoType customInfoType =
CustomInfoType.newBuilder()
.setInfoType(InfoType.newBuilder().setName("EMAIL_ADDRESS"))
.setExclusionType(ExclusionType.EXCLUSION_TYPE_EXCLUDE)
.build();
// Exclude EMAIL_ADDRESS matches
ExclusionRule exclusionRule =
ExclusionRule.newBuilder()
.setExcludeInfoTypes(
ExcludeInfoTypes.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("EMAIL_ADDRESS")))
.setMatchingType(MatchingType.MATCHING_TYPE_PARTIAL_MATCH)
.build();
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
InspectionRuleSet ruleSet =
InspectionRuleSet.newBuilder()
.addInfoTypes(InfoType.newBuilder().setName("DOMAIN_NAME"))
.addRules(InspectionRule.newBuilder().setExclusionRule(exclusionRule))
.build();
// Construct the configuration for the Inspect request, including the ruleset.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.addCustomInfoTypes(customInfoType)
.setIncludeQuote(true)
.addRuleSet(ruleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request =
InspectContentRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response = dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: " + response.getResult().getFindingsCount());
for (Finding f : response.getResult().getFindingsList()) {
System.out.println("\tQuote: " + f.getQuote());
System.out.println("\tInfo type: " + f.getInfoType().getName());
System.out.println("\tLikelihood: " + f.getLikelihood());
}
}
}
}
Node.js
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'example.com is a domain, james@example.org is an email.';
async function inspectStringWithoutOverlap() {
// Construct item to inspect
const item = {value: string};
// The infoTypes of information to match
const infoTypes = [{name: 'DOMAIN_NAME'}, {name: 'EMAIL_ADDRESS'}];
// Define a custom info type to exclude email addresses
const customInfoTypes = [
{
infoType: {name: 'EMAIL_ADDRESS'},
exclusionType:
DLP.protos.google.privacy.dlp.v2.CustomInfoType.ExclusionType
.EXCLUSION_TYPE_EXCLUDE,
},
];
// Construct a exclusion rule
const exclusionRule = {
excludeInfoTypes: {
infoTypes: [{name: 'EMAIL_ADDRESS'}],
},
matchingType:
DLP.protos.google.privacy.dlp.v2.MatchingType
.MATCHING_TYPE_PARTIAL_MATCH,
};
// Construct a rule set with exclusions
const ruleSet = [
{
infoTypes: [{name: 'DOMAIN_NAME'}],
rules: [
{
exclusionRule: exclusionRule,
},
],
},
];
// Construct the inspect configuration
const inspectConfig = {
infoTypes: infoTypes,
customInfoTypes: customInfoTypes,
ruleSet: ruleSet,
includeQuote: true,
};
// Combine configurations into a request for the service.
const request = {
parent: `projects/${projectId}/locations/global`,
inspectConfig: inspectConfig,
item: item,
};
// Run request
const [response] = await dlp.inspectContent(request);
// Print Findings
const findings = response.result.findings;
if (findings.length > 0) {
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding => {
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
} else {
console.log('No findings.');
}
}
inspectStringWithoutOverlap();
PHP
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType;
use Google\Cloud\Dlp\V2\CustomInfoType\ExclusionType;
use Google\Cloud\Dlp\V2\ExcludeInfoTypes;
use Google\Cloud\Dlp\V2\ExclusionRule;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\MatchingType;
/**
* Inspect a string for sensitive data, omitting overlapping matches on domain and email
* Omit matches on domain names that are part of email addresses in a DOMAIN_NAME detector scan.
*
* @param string $projectId The Google Cloud project id to use as a parent resource.
* @param string $textToInspect The string to inspect.
*/
function inspect_string_without_overlap(
// TODO(developer): Replace sample parameters before running the code.
string $projectId,
string $textToInspect = 'example.com is a domain, james@example.org is an email.'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$projectId/locations/global";
// Specify what content you want the service to Inspect.
$item = (new ContentItem())
->setValue($textToInspect);
// Specify the type of info the inspection will look for.
$domainName = (new InfoType())
->setName('DOMAIN_NAME');
$emailAddress = (new InfoType())
->setName('EMAIL_ADDRESS');
$infoTypes = [$domainName, $emailAddress];
// Define a custom info type to exclude email addresses
$customInfoType = (new CustomInfoType())
->setInfoType($emailAddress)
->setExclusionType(ExclusionType::EXCLUSION_TYPE_EXCLUDE);
// Exclude EMAIL_ADDRESS matches
$matchingType = MatchingType::MATCHING_TYPE_PARTIAL_MATCH;
$exclusionRule = (new ExclusionRule())
->setMatchingType($matchingType)
->setExcludeInfoTypes((new ExcludeInfoTypes())
->setInfoTypes([$customInfoType->getInfoType()])
);
// Construct a ruleset that applies the exclusion rule to the DOMAIN_NAME infotype.
// If a DOMAIN_NAME match is part of an EMAIL_ADDRESS match, the DOMAIN_NAME match will
// be excluded.
$inspectionRuleSet = (new InspectionRuleSet())
->setInfoTypes([$domainName])
->setRules([
(new InspectionRule())
->setExclusionRule($exclusionRule),
]);
// Construct the configuration for the Inspect request, including the ruleset.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes)
->setCustomInfoTypes([$customInfoType])
->setIncludeQuote(true)
->setRuleSet([$inspectionRuleSet]);
// Run request
$inspectContentRequest = (new InspectContentRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setItem($item);
$response = $dlp->inspectContent($inspectContentRequest);
// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
printf('No findings.' . PHP_EOL);
} else {
printf('Findings:' . PHP_EOL);
foreach ($findings as $finding) {
printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
printf(
' Likelihood: %s' . PHP_EOL,
Likelihood::name($finding->getLikelihood()));
}
}
}
Python
Informationen zum Installieren und Verwenden der Clientbibliothek für den Schutz sensibler Daten finden Sie unter Clientbibliotheken für den Schutz sensibler Daten.
Richten Sie Standardanmeldedaten für Anwendungen ein, um sich beim Schutz sensibler Daten zu authentifizieren. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
import google.cloud.dlp
def inspect_string_without_overlap(project: str, content_string: str) -> None:
"""Matches EMAIL_ADDRESS and DOMAIN_NAME, but DOMAIN_NAME is omitted
if it overlaps with EMAIL_ADDRESS
Uses the Data Loss Prevention API to omit matches of one infotype
that overlap with another.
Args:
project: The Google Cloud project id to use as a parent resource.
content_string: The string to inspect.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct a list of infoTypes for DLP to locate in `content_string`. See
# https://cloud.google.com/dlp/docs/concepts-infotypes for more information
# about supported infoTypes.
info_types_to_locate = [{"name": "DOMAIN_NAME"}, {"name": "EMAIL_ADDRESS"}]
# Define a custom info type to exclude email addresses
custom_info_types = [
{
"info_type": {"name": "EMAIL_ADDRESS"},
"exclusion_type": google.cloud.dlp_v2.CustomInfoType.ExclusionType.EXCLUSION_TYPE_EXCLUDE,
}
]
# Construct a rule set that will exclude DOMAIN_NAME matches
# that overlap with EMAIL_ADDRESS matches
rule_set = [
{
"info_types": [{"name": "DOMAIN_NAME"}],
"rules": [
{
"exclusion_rule": {
"exclude_info_types": {
"info_types": [{"name": "EMAIL_ADDRESS"}]
},
"matching_type": google.cloud.dlp_v2.MatchingType.MATCHING_TYPE_PARTIAL_MATCH,
}
}
],
}
]
# Construct the configuration dictionary
inspect_config = {
"info_types": info_types_to_locate,
"custom_info_types": custom_info_types,
"rule_set": rule_set,
"include_quote": True,
}
# Construct the `item`.
item = {"value": content_string}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item}
)
# Print out the results.
if response.result.findings:
for finding in response.result.findings:
print(f"Quote: {finding.quote}")
print(f"Info type: {finding.info_type.name}")
print(f"Likelihood: {finding.likelihood}")
else:
print("No findings.")
Nächste Schritte
Informationen zum Suchen und Filtern von Codebeispielen für andere Google Cloud-Produkte finden Sie im Google Cloud-Beispielbrowser.