Merge pull request #6175 from 317787106/feature/sensitive_ip

CodeNinjaEvan · web-flow · commit 0c2756946120 · 2025-02-15T10:55:11.000+08:00
feat(log): Don't logging ip of fast forward node
diff --git a/common/src/main/java/org/tron/common/log/layout/DesensitizedConverter.java b/common/src/main/java/org/tron/common/log/layout/DesensitizedConverter.java
@@ -0,0 +1,49 @@
+package org.tron.common.log.layout;
+
+import ch.qos.logback.classic.pattern.ClassicConverter;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import lombok.extern.slf4j.Slf4j;
+import org.tron.common.parameter.CommonParameter;
+
+@Slf4j(topic = "Parser")
+public class DesensitizedConverter extends ClassicConverter {
+
+  private static final int SENSITIVE_WORD_SIZE = 1_000;
+
+  private static final Pattern pattern = Pattern.compile(
+      "(((25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d)))\\.){3}(25[0-5]|2[0-4]\\d|((1\\d{2})|"
+          + "([1-9]?\\d))))");
+
+  private static final Cache<String, String> sensitiveCache = CacheBuilder.newBuilder()
+      .maximumSize(SENSITIVE_WORD_SIZE)
+      .recordStats().build();
+
+  public static void addSensitive(String key, String value) {
+    sensitiveCache.put(key, value);
+  }
+
+  private String desensitization(String content) {
+    Matcher matcher = pattern.matcher(content);
+    while (matcher.find()) {
+      String key = matcher.group();
+      String value = sensitiveCache.getIfPresent(key);
+      if (value != null) {
+        content = content.replaceAll(key, value);
+      } else {
+        content = content.replaceAll(key, "IP");
+      }
+    }
+
+    return content;
+  }
+
+  @Override
+  public String convert(ILoggingEvent iLoggingEvent) {
+    String source = iLoggingEvent.getFormattedMessage();
+    return CommonParameter.getInstance().isFastForward() ? desensitization(source) : source;
+  }
+}
diff --git a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java
@@ -18,8 +18,11 @@
 import org.tron.common.crypto.SignInterface;
 import org.tron.common.crypto.SignUtils;
 import org.tron.common.es.ExecutorServiceManager;
+import org.tron.common.log.layout.DesensitizedConverter;
 import org.tron.common.parameter.CommonParameter;
 import org.tron.common.utils.ByteArray;
+import org.tron.common.utils.ByteUtil;
+import org.tron.common.utils.DecodeUtil;
 import org.tron.common.utils.Sha256Hash;
 import org.tron.core.ChainBaseManager;
 import org.tron.core.capsule.TransactionCapsule;
@@ -165,6 +168,10 @@ public boolean checkHelloMessage(HelloMessage message, Channel channel) {
       }
       if (flag) {
         TronNetService.getP2pConfig().getTrustNodes().add(channel.getInetAddress());
+        byte[] addressByte = ByteUtil.merge(new byte[] {DecodeUtil.addressPreFixByte},
+            msg.getAddress().toByteArray());
+        DesensitizedConverter.addSensitive(channel.getInetAddress().toString().substring(1),
+            ByteArray.toHexString(addressByte));
       }
       return flag;
     } catch (Exception e) {
diff --git a/framework/src/main/resources/logback.xml b/framework/src/main/resources/logback.xml
@@ -4,6 +4,8 @@
 
   <!-- Be sure to flush latest logs on exit -->
   <shutdownHook class="org.tron.core.config.TronLogShutdownHook"/>
+  <conversionRule conversionWord="m"
+    converterClass="org.tron.common.log.layout.DesensitizedConverter"/>
 
   <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
     <encoder>
diff --git a/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java b/framework/src/test/java/org/tron/common/logsfilter/DesensitizedConverterTest.java
@@ -0,0 +1,32 @@
+package org.tron.common.logsfilter;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.log.layout.DesensitizedConverter;
+
+public class DesensitizedConverterTest {
+
+  @Test
+  public void testReplace()
+      throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+    DesensitizedConverter converter = new DesensitizedConverter();
+    DesensitizedConverter.addSensitive("192.168.1.10", "address1");
+    DesensitizedConverter.addSensitive("197.168.1.10", "address2");
+
+    Method method = converter.getClass().getDeclaredMethod(
+        "desensitization", String.class);
+    method.setAccessible(true);
+
+    String logStr1 = "This is test log /192.168.1.10:100, /197.168.1.10:200, /197.168.1.10:100";
+    String result1 = (String) method.invoke(converter, logStr1);
+    Assert.assertEquals("This is test log /address1:100, /address2:200, /address2:100",
+        result1);
+
+    String logStr2 = "This is test log /192.168.1.100:100, /197.168.1.10:200, /197.168.1.10:100";
+    String result2 = (String) method.invoke(converter, logStr2);
+    Assert.assertEquals("This is test log /IP:100, /address2:200, /address2:100",
+        result2);
+  }
+}
diff --git a/framework/src/test/java/org/tron/core/jsonrpc/ApiUtilTest.java b/framework/src/test/java/org/tron/core/jsonrpc/ApiUtilTest.java
@@ -0,0 +1,46 @@
+package org.tron.core.jsonrpc;
+
+import static org.tron.common.utils.Commons.decodeFromBase58Check;
+import static org.tron.keystore.Wallet.generateRandomBytes;
+
+import com.google.protobuf.ByteString;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.utils.ByteArray;
+import org.tron.core.capsule.BlockCapsule;
+import org.tron.core.services.jsonrpc.JsonRpcApiUtil;
+import org.tron.protos.Protocol.Block;
+import org.tron.protos.Protocol.BlockHeader;
+import org.tron.protos.Protocol.BlockHeader.raw;
+import org.tron.protos.contract.SmartContractOuterClass.TriggerSmartContract;
+
+public class ApiUtilTest {
+
+  @Test
+  public void testGetBlockID() {
+    byte[] mockedHash = generateRandomBytes(128);
+    // common parent block
+    BlockCapsule blockCapsule = new BlockCapsule(Block.newBuilder().setBlockHeader(
+        BlockHeader.newBuilder().setRawData(
+            raw.newBuilder().setParentHash(ByteString.copyFrom(mockedHash))
+                .setNumber(0))).build());
+    String blockIdStr = JsonRpcApiUtil.getBlockID(blockCapsule.getInstance());
+    Assert.assertEquals(2 + 64, blockIdStr.length());
+  }
+
+  @Test
+  public void testTriggerCallContract() {
+    byte[] address = decodeFromBase58Check("TEPRbQxXQEpHpeEx8tK5xHVs7NWudAAZgu");
+    //nile usdt
+    byte[] contractAddress = decodeFromBase58Check("TXYZopYRdj2D9XRtbG411XZZ3kM5VkAeBf");
+    long callValue = 100;
+    //transfer to address TVjsyZ7fYF3qLF6BQgPmTEZy1xrNNyVAAA with 10*10^6
+    byte[] data = ByteArray.fromHexString("a9059cbb000000000000000000000000d8dd39e2dea27a4000"
+        + "1884901735e3940829bb440000000000000000000000000000000000000000000000000000000000989680");
+    long tokenValue = 10;
+    String tokenId = "1000001";
+    TriggerSmartContract triggerSmartContract = JsonRpcApiUtil.triggerCallContract(address,
+        contractAddress, callValue, data, tokenValue, tokenId);
+    Assert.assertNotNull(triggerSmartContract);
+  }
+}
