forked from dgiot/dgiot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
emqx_node_dump.erl
87 lines (75 loc) · 2.65 KB
/
emqx_node_dump.erl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
%%--------------------------------------------------------------------
%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
%% Collection of functions for creating node dumps
-module(emqx_node_dump).
-export([ sys_info/0
, app_env_dump/0
]).
sys_info() ->
#{ release => emqx_app:get_release()
, otp_version => emqx_vm:get_otp_version()
}.
app_env_dump() ->
censor(ets:tab2list(ac_tab)).
censor([]) ->
[];
censor([{{env, App, Key}, Val} | Rest]) ->
[{{env, App, Key}, censor([Key, App], Val)} | censor(Rest)];
censor([_ | Rest]) ->
censor(Rest).
censor(Path, {Key, Val}) when is_atom(Key) ->
{Key, censor([Key|Path], Val)};
censor(Path, M) when is_map(M) ->
Fun = fun(Key, Val) ->
censor([Key|Path], Val)
end,
maps:map(Fun, M);
censor(Path, L = [Fst|_]) when is_tuple(Fst) ->
[censor(Path, I) || I <- L];
censor([Key | _], Val) ->
case is_sensitive(Key) of
true -> obfuscate_value(Val);
false -> Val
end.
is_sensitive(Key) when is_atom(Key) ->
is_sensitive(atom_to_binary(Key, utf8));
is_sensitive(Key) when is_list(Key) ->
try iolist_to_binary(Key) of
Bin ->
is_sensitive(Bin)
catch
_ : _ ->
false
end;
is_sensitive(Key) when is_binary(Key) ->
lists:any(fun(Pattern) -> re:run(Key, Pattern) =/= nomatch end,
["passwd", "password", "secret"]);
is_sensitive(Key) when is_tuple(Key) ->
false.
obfuscate_value(Val) when is_binary(Val) ->
<<"********">>;
obfuscate_value(_Val) ->
"********".
-ifdef(TEST).
-include_lib("eunit/include/eunit.hrl").
censor_test() ->
?assertMatch( [{{env, emqx, listeners}, #{password := <<"********">>}}]
, censor([foo, {{env, emqx, listeners}, #{password => <<"secret">>}}, {app, bar}])
),
?assertMatch( [{{env, emqx, listeners}, [{foo, 1}, {password, "********"}]}]
, censor([{{env, emqx, listeners}, [{foo, 1}, {password, "secret"}]}])
).
-endif. %% TEST