wip

Author: russelmrcl

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/CsvFieldConfiguration.java

@@ -3,25 +3,18 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.*;
 import java.util.*;
 
-/**
- * Loads field risk mappings from a CSV file with format:
- * field_name,description,risk_level
- * where risk_level must be one of: high, medium, low, unclassified
- */
 public class CsvFieldConfiguration implements FieldConfiguration {
 
  private static final Logger log = LoggerFactory.getLogger(CsvFieldConfiguration.class);
 
+ private final Map<String, String> riskLevels = new HashMap<>();
+ private final Map<String, String> categories = new HashMap<>();
+
  @Override
  public Map<String, String> getFields(String fileName) {
- Map<String, String> riskDict = new HashMap<>();
-
  try (InputStream inputStream = getResourceAsStream(fileName)) {
  BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
  String line;
@@ -43,20 +36,27 @@ public Map<String, String> getFields(String fileName) {
  }
 
  String field = parts[0].trim().toLowerCase(Locale.ROOT);
+ String category = parts[1].trim();
  String riskLevel = parts[2].trim().toLowerCase(Locale.ROOT);
 
  if (!isValidRiskLevel(riskLevel)) {
  log.warn("Invalid risk level '{}' for field '{}'. Defaulting to 'unclassified'", riskLevel, field);
  riskLevel = "unclassified";
  }
 
- riskDict.put(field, riskLevel);
+ riskLevels.put(field, riskLevel);
+ categories.put(field, category);
  }
 
  } catch (IOException e) {
  throw new RuntimeException("Error reading CSV field configuration: " + fileName, e);
  }
- return riskDict;
+
+ return riskLevels;
+ }
+
+ public Map<String, String> getFieldCategories() {
+ return categories;
  }
 
  private InputStream getResourceAsStream(String fileName) {

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/DLPAnalyzer.java

@@ -25,9 +25,11 @@ public class DLPAnalyzer {
  private static final ObjectMapper MAPPER = new ObjectMapper(JSON_FACTORY);
 
  private final Map<String, RiskReport.Category> riskDict;
+ private final Map<String, String> categoryMap;
 
- public DLPAnalyzer(Map<String, String> rawRiskMap) {
+ public DLPAnalyzer(Map<String, String> rawRiskMap, Map<String, String> categoryMap) {
  this.riskDict = mapToEnumRiskLevels(rawRiskMap);
+ this.categoryMap = categoryMap;
  }
 
  private Map<String, RiskReport.Category> mapToEnumRiskLevels(Map<String, String> raw) {
@@ -66,7 +68,10 @@ private void traverse(JsonNode node, Deque<String> path, RiskReport report) {
  String lastSegment = path.peekLast() != null ? path.peekLast().toLowerCase(Locale.ROOT) : "";
 
  RiskReport.Category level = classify(fullPath, lastSegment);
- report.recordField(fullPath, level.name());
+ String riskLevel = level.name();
+ String category = categoryMap.getOrDefault(fullPath, categoryMap.getOrDefault(lastSegment, "Unknown"));
+
+ report.recordField(fullPath, riskLevel, category);
  }
  }
 

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/DLPInterceptor.java

@@ -33,13 +33,17 @@ public class DLPInterceptor extends AbstractInterceptor {
 
  @Override
  public void init() {
- Map<String, String> config = fieldsConfig != null ?
- new CsvFieldConfiguration().getFields(fieldsConfig) :
- Map.of();
+ if (fieldsConfig != null) {
+ CsvFieldConfiguration csv = new CsvFieldConfiguration();
+ Map<String, String> levels = csv.getFields(fieldsConfig);
+ Map<String, String> cats = csv.getFieldCategories();
+ this.dlpAnalyzer = new DLPAnalyzer(levels, cats);
+ } else {
+ this.dlpAnalyzer = new DLPAnalyzer(Map.of(), Map.of());
+ }
  actions.addAll(masks);
  actions.addAll(filters);
  actions.addAll(reports);
- this.dlpAnalyzer = new DLPAnalyzer(config);
  super.init();
  }
 

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/Filter.java

@@ -5,12 +5,16 @@
 import com.jayway.jsonpath.JsonPath;
 import com.jayway.jsonpath.Option;
 import com.predic8.membrane.annot.MCElement;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.util.Set;
 
 @MCElement(name = "filter")
 public class Filter extends Action {
 
+ private static final Logger log = LoggerFactory.getLogger(Filter.class);
+
  private static final Configuration SAFE_CONFIG = Configuration.builder()
  .options(Set.of(Option.DEFAULT_PATH_LEAF_TO_NULL))
  .build();
@@ -26,9 +30,12 @@ public String apply(DLPContext context) {
  }
 
  doc.delete(getField());
+
+ log.info("[Filter] Removed field {} with value: {}", getField(), value);
  return doc.jsonString();
 
  } catch (Exception e) {
+ log.error("[Filter] Failed to apply filter on field: {}", getField(), e);
  throw new RuntimeException("Failed to apply filter on field: " + getField(), e);
  }
  }

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/Mask.java

@@ -34,6 +34,15 @@ public String getKeepRight() {
 
  @MCAttribute
  public void setKeepRight(String keepRight) {
+ if (keepRight != null) {
+ try {
+ if (Integer.parseInt(keepRight) < 0) {
+ throw new IllegalArgumentException("keepRight must be non-negative: " + keepRight);
+ }
+ } catch (NumberFormatException e) {
+ throw new IllegalArgumentException("keepRight must be a valid integer: " + keepRight, e);
+ }
+ }
  this.keepRight = keepRight;
  }
 }

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/Report.java

@@ -4,7 +4,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.Objects;
+import java.util.Locale;
 
 @MCElement(name = "report")
 public class Report extends Action {
@@ -14,19 +14,33 @@ public class Report extends Action {
  @Override
  public String apply(DLPContext context) {
  if (context == null || !context.hasRiskReport()) {
- log.warn("No RiskReport provided. Skipping report logging.");
- return Objects.requireNonNull(context).getBody();
+ log.warn("No RiskReport provided. Skipping field report.");
+ return context.getBody();
  }
- RiskReport report = context.getRiskReport();
- log.info("DLP Risk Summary: Category={}, Counts={}",
- report.getCategory(), report.getRiskCounts());
- if (!report.getMatchedFields().isEmpty()) {
- StringBuilder sb = new StringBuilder("Matched fields:");
- report.getMatchedFields().forEach((field, category) ->
- sb.append("\n - ").append(field).append(" -> ").append(category));
- log.info(sb.toString());
+
+ String path = getField(); // e.g. $.first_name
+ if (path == null || path.isBlank()) {
+ log.warn("No field specified in <report />. Skipping.");
+ return context.getBody();
  }
+
+ try {
+ String normalized = path.replaceFirst("^\\$\\.", "").toLowerCase(Locale.ROOT);
+
+ String riskLevel = context.getRiskReport()
+ .getMatchedFields()
+ .getOrDefault(normalized, "UNCLASSIFIED");
+
+ String category = context.getRiskReport()
+ .getCategoryOf(normalized);
+
+ log.info("DLP Field Report: Field='{}', Category='{}', Risk Level='{}'",
+ normalized, category, riskLevel);
+
+ } catch (Exception e) {
+ log.warn("Could not log field '{}': {}", getField(), e.getMessage());
+ }
+
  return context.getBody();
  }
-
 }

core/src/main/java/com/predic8/membrane/core/interceptor/dlp/RiskReport.java

@@ -7,20 +7,27 @@ public class RiskReport {
  private static final List<String> LEVELS = List.of("high", "medium", "low", "unclassified");
 
  private final Map<String, String> matchedFields = new LinkedHashMap<>();
+ private final Map<String, String> fieldCategories = new LinkedHashMap<>();
  private final EnumMap<Category, Integer> riskCounts = new EnumMap<>(Category.class);
  private final EnumMap<Category, Map<String, Integer>> riskDetails = new EnumMap<>(Category.class);
 
- public void recordField(String field, String riskLevel) {
+ public void recordField(String field, String riskLevel, String category) {
  matchedFields.put(field, riskLevel);
- Category category = Category.fromString(riskLevel);
- riskCounts.merge(category, 1, Integer::sum);
- riskDetails.computeIfAbsent(category, r -> new LinkedHashMap<>()).merge(field, 1, Integer::sum);
+ fieldCategories.put(field, category);
+
+ Category cat = Category.fromString(riskLevel);
+ riskCounts.merge(cat, 1, Integer::sum);
+ riskDetails.computeIfAbsent(cat, r -> new LinkedHashMap<>()).merge(field, 1, Integer::sum);
+ }
+
+ public String getCategoryOf(String field) {
+ return fieldCategories.getOrDefault(field, "Unknown");
  }
 
  public Category getCategory() {
- if (riskCounts.getOrDefault("high", 0) > 0) return Category.HIGH;
- if (riskCounts.getOrDefault("medium", 0) > 0) return Category.MEDIUM;
- if (riskCounts.getOrDefault("low", 0) > 0) return Category.LOW;
+ if (riskCounts.getOrDefault(Category.HIGH, 0) > 0) return Category.HIGH;
+ if (riskCounts.getOrDefault(Category.MEDIUM, 0) > 0) return Category.MEDIUM;
+ if (riskCounts.getOrDefault(Category.LOW, 0) > 0) return Category.LOW;
  return Category.UNCLASSIFIED;
  }