-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathobfuscator.go
160 lines (138 loc) · 4.08 KB
/
obfuscator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package sqllexer
import (
"strings"
)
type obfuscatorConfig struct {
DollarQuotedFunc bool `json:"dollar_quoted_func"`
ReplaceDigits bool `json:"replace_digits"`
ReplacePositionalParameter bool `json:"replace_positional_parameter"`
ReplaceBoolean bool `json:"replace_boolean"`
ReplaceNull bool `json:"replace_null"`
KeepJsonPath bool `json:"keep_json_path"` // by default, we replace json path with placeholder
ReplaceBindParameter bool `json:"replace_bind_parameter"`
}
type obfuscatorOption func(*obfuscatorConfig)
func WithReplaceDigits(replaceDigits bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.ReplaceDigits = replaceDigits
}
}
func WithReplacePositionalParameter(replacePositionalParameter bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.ReplacePositionalParameter = replacePositionalParameter
}
}
func WithReplaceBoolean(replaceBoolean bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.ReplaceBoolean = replaceBoolean
}
}
func WithReplaceNull(replaceNull bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.ReplaceNull = replaceNull
}
}
func WithDollarQuotedFunc(dollarQuotedFunc bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.DollarQuotedFunc = dollarQuotedFunc
}
}
func WithKeepJsonPath(keepJsonPath bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.KeepJsonPath = keepJsonPath
}
}
func WithReplaceBindParameter(replaceBindParameter bool) obfuscatorOption {
return func(c *obfuscatorConfig) {
c.ReplaceBindParameter = replaceBindParameter
}
}
type Obfuscator struct {
config *obfuscatorConfig
}
func NewObfuscator(opts ...obfuscatorOption) *Obfuscator {
obfuscator := &Obfuscator{
config: &obfuscatorConfig{},
}
for _, opt := range opts {
opt(obfuscator.config)
}
return obfuscator
}
const (
StringPlaceholder = "?"
NumberPlaceholder = "?"
)
// Obfuscate takes an input SQL string and returns an obfuscated SQL string.
// The obfuscator replaces all literal values with a single placeholder
func (o *Obfuscator) Obfuscate(input string, lexerOpts ...lexerOption) string {
var obfuscatedSQL strings.Builder
lexer := New(
input,
lexerOpts...,
)
var lastToken Token // The last token that is not whitespace or comment
for {
token := lexer.Scan()
if token.Type == EOF {
break
}
obfuscatedSQL.WriteString(o.ObfuscateTokenValue(token, lastToken, lexerOpts...))
if token.Type != WS {
lastToken = token
}
}
return strings.TrimSpace(obfuscatedSQL.String())
}
func (o *Obfuscator) ObfuscateTokenValue(token Token, lastToken Token, lexerOpts ...lexerOption) string {
switch token.Type {
case NUMBER:
if o.config.KeepJsonPath && isJsonOperator(&lastToken) {
return token.Value
}
return NumberPlaceholder
case DOLLAR_QUOTED_FUNCTION:
if o.config.DollarQuotedFunc {
// obfuscate the content of dollar quoted function
quotedFunc := token.Value[6 : len(token.Value)-6] // remove the $func$ prefix and suffix
var obfuscatedDollarQuotedFunc strings.Builder
obfuscatedDollarQuotedFunc.WriteString("$func$")
obfuscatedDollarQuotedFunc.WriteString(o.Obfuscate(quotedFunc, lexerOpts...))
obfuscatedDollarQuotedFunc.WriteString("$func$")
return obfuscatedDollarQuotedFunc.String()
} else {
return StringPlaceholder
}
case STRING, INCOMPLETE_STRING, DOLLAR_QUOTED_STRING:
if o.config.KeepJsonPath && isJsonOperator(&lastToken) {
return token.Value
}
return StringPlaceholder
case POSITIONAL_PARAMETER:
if o.config.ReplacePositionalParameter {
return StringPlaceholder
} else {
return token.Value
}
case BIND_PARAMETER:
if o.config.ReplaceBindParameter {
return StringPlaceholder
} else {
return token.Value
}
case IDENT, QUOTED_IDENT:
if o.config.ReplaceBoolean && isBoolean(token.Value) {
return StringPlaceholder
}
if o.config.ReplaceNull && isNull(token.Value) {
return StringPlaceholder
}
if o.config.ReplaceDigits {
return replaceDigits(token.Value, NumberPlaceholder)
} else {
return token.Value
}
default:
return token.Value
}
}