github.com/jaylevin/jenkins-library@v1.230.4/pkg/cnbutils/privacy/privacy.go (about) 1 package privacy 2 3 import ( 4 "strings" 5 6 containerName "github.com/google/go-containerregistry/pkg/name" 7 ) 8 9 var allowedBuildpackSources = []struct { 10 registry, repositoryPrefix string 11 }{ 12 // Paketo 13 { 14 registry: "gcr.io", 15 repositoryPrefix: "paketo-buildpacks/", 16 }, { 17 registry: "index.docker.io", 18 repositoryPrefix: "paketobuildpacks/", 19 }, 20 // Google Buildpacks 21 { 22 registry: "gcr.io", 23 repositoryPrefix: "buildpacks/", 24 }, 25 // Heroku 26 { 27 registry: "public.ecr.aws", 28 repositoryPrefix: "heroku-buildpacks/", 29 }, 30 } 31 32 func FilterBuilder(builder string) string { 33 result := FilterBuildpacks([]string{builder}) 34 return result[0] 35 } 36 37 // FilterBuildpacks filters a list of buildpacks to redact Personally Identifiable Information (PII) like the hostname of a personal registry 38 func FilterBuildpacks(buildpacks []string) []string { 39 result := make([]string, 0, len(buildpacks)) 40 for _, buildpack := range buildpacks { 41 ref, err := containerName.ParseReference(strings.ToLower(buildpack)) 42 if err != nil { 43 result = append(result, "<error>") 44 continue 45 } 46 47 registry := ref.Context().Registry.Name() 48 repository := ref.Context().RepositoryStr() 49 50 allowed := false 51 for _, allowedBuildpackSource := range allowedBuildpackSources { 52 if registry == allowedBuildpackSource.registry && strings.HasPrefix(repository, allowedBuildpackSource.repositoryPrefix) { 53 allowed = true 54 break 55 } 56 } 57 58 if allowed { 59 result = append(result, buildpack) 60 } else { 61 result = append(result, "<redacted>") 62 } 63 } 64 return result 65 } 66 67 var allowedEnvKeys = map[string]interface{}{ 68 // Java 69 // https://github.com/paketo-buildpacks/sap-machine and https://github.com/paketo-buildpacks/bellsoft-liberica 70 "BP_JVM_VERSION": nil, 71 "BP_JVM_TYPE": nil, 72 // https://github.com/paketo-buildpacks/apache-tomcat 73 "BP_TOMCAT_VERSION": nil, 74 75 // Node 76 // https://github.com/paketo-buildpacks/node-engine 77 "BP_NODE_VERSION": nil, 78 } 79 80 // FilterEnv filters a map of environment variables to redact Personally Identifiable Information (PII) 81 func FilterEnv(in map[string]interface{}) map[string]interface{} { 82 out := map[string]interface{}{} 83 for key, value := range in { 84 _, allowed := allowedEnvKeys[key] 85 if allowed { 86 out[key] = value 87 } 88 } 89 return out 90 }