dlp.proto

Package: dlp.options.gloo.solo.io

Types:

• FilterConfig
• DlpRule
• Config
• Action
• ActionType
• CustomAction

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto

FilterConfig

Listener level config for dlp filter

"dlpRules": []dlp.options.gloo.solo.io.DlpRule

DlpRule

Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

"matcher": .matchers.core.gloo.solo.io.Matcher
"actions": []dlp.options.gloo.solo.io.Action

Config

Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

"actions": []dlp.options.gloo.solo.io.Action

Action

A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than CUSTOM

actionType: VISA

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

customAction:
name: test
regex:
- "hello"
- "world"
maskChar: Y
percent: 60

"actionType": .dlp.options.gloo.solo.io.Action.ActionType
"customAction": .dlp.options.gloo.solo.io.CustomAction
"shadow": bool

ActionType

The following pre-made action types map to the following regex matchers:

SSN:

• ‘(?!\D)[0-9]{9}(?=\D|$)’
• ‘(?!\D)[0-9]{3}-[0-9]{2}-[0-9]{4}(?=\D|$)’
• ‘(?!\D)[0-9]{3}\ [0-9]{2}\ [0-9]{4}(?=\D|$)’

MASTERCARD:

• ‘(?!\D)5[1-5][0-9]{2}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

VISA:

• ‘(?!\D)4[0-9]{3}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

AMEX:

• ‘(?!\D)(34|37)[0-9]{2}(\ |-|)[0-9]{6}(\ |-|)[0-9]{5}(?=\D|$)’

DISCOVER:

• ‘(?!\D)6011(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

JCB:

• ‘(?!\D)3[0-9]{3}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’
• ‘(?!\D)(2131|1800)[0-9]{11}(?=\D|$)’

DINERS_CLUB:

• ‘(?!\D)30[0-5][0-9](\ |-|)[0-9]{6}(\ |-|)[0-9]{4}(?=\D|$)’
• ‘(?!\D)(36|38)[0-9]{2}(\ |-|)[0-9]{6}(\ |-|)[0-9]{4}(?=\D|$)’

CREDIT_CARD_TRACKERS:

• ‘[1-9][0-9]{2}-[0-9]{2}-[0-9]{4}^\d’
• ‘(?!\D)%?[Bb]\d{13,19}^[-/.\w\s]{2,26}^[0-9][0-9][01][0-9][0-9]{3}’
• ‘(?!\D);\d{13,19}=(\d{3}|)(\d{4}|=)’

ALL_CREDIT_CARDS:

• (All credit card related regexes from above)

CustomAction

A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: hello world

And there is a custom action

customAction:
name: test
regex:
- "hello"
- "world"
maskChar: Y
percent: 60

the result would be: YYYlo YYYld

If the mask_char, and percent were left to default, the result would be: XXXXo XXXXd

"name": string
"regex": []string
"maskChar": string
"percent": .envoy.type.Percent