前言
在项目落地的过程中,经常需要用到实际的业务数据进行系统调试,出于安全性的考虑,客户现场一般不允许直接将生产环境配置(网络设备配置、服务器配置等)导出,而由于生产环境的相对的不便利性(环境稳定性、工具依赖性等),直接在生产环境进行调试往往效率非常低下。
基于以上情况,可通过本工具将生产环境的配置信息中的敏感信息进行脱敏后直接导出脱敏后的配置即可。
逻辑
- 通过正则表达式提取配置文件中所有ip并去重
- 将每个ip映射成对应的假ip(映射无任何规则,不可逆向)
- 将映射后的ip替换配置文件中对应ip信息
代码
# _*_ coding: utf-8 _*_
import re
input_file = 'input.txt'
output_file = 'output.txt'
ip_head = '111' # 转换后ip前缀
with open(input_file, 'r') as fr:
data = fr.read()
ip_r = r'([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?)'
re_ip = re.findall(ip_r, data)
re_ip = [i[0] for i in re_ip]
all_ip = list()
for ri in re_ip:
if ri not in all_ip:
all_ip.append(ri)
import pprint
pprint.pprint(all_ip)
ip_map = list()
def is_mask(ip):
key1,key2,key3,key4 = ip.split('.')
key1 = ('00000000' + bin(int(key1))[2:])[-8:]
key2 = ('00000000' + bin(int(key2))[2:])[-8:]
key3 = ('00000000' + bin(int(key3))[2:])[-8:]
key4 = ('00000000' + bin(int(key4))[2:])[-8:]
key = key1 + key2 + key3 + key4
key = key.replace('0', ' ')
return key.replace(' ', '') == key.rstrip()
for i in range(len(all_ip)):
print(all_ip[i])
if '/' in all_ip[i]:
key1 = (i+1) / (255*255) + 1 # 加1,避免ip地址首8位值为0
key2 = ((i+1) / 255 ) % 255
key3 = (i+1) % 255
item = '%s.%s.%s.0/%s' % (key1, key2, key3, all_ip[i].split('/')[1])
ip_map.append(item)
data = data.replace(all_ip[i], item)
continue
if is_mask(all_ip[i]):
continue
key1 = ip_head
key2 = (i+1) / (255*255)
key3 = ((i+1) / 255 ) % 255
key4 = (i+1) % 255
item = '%s.%s.%s.%s' % (key1, key2, key3, key4)
ip_map.append(item)
#data = data.replace(all_ip[i], item)
pattern = r'(\D)%s(\D)' % all_ip[i]
repl = r'\g<1>%s\g<2>' % item
data = re.sub(pattern, repl, data)
with open(output_file, 'w') as fw:
fw.write(data)
验证效果
输入内容
hello world 100.100.100.101 AA_100.100.110.110
100.112.123.251 098 tcp
udp hello 100.233.09
subnet 192.168.1.0/24 hihih udp 0-9
hihih
abc
输出内容
hello world 111.0.0.3 AA_111.0.0.2
111.0.0.1 098 tcp
udp hello 100.233.09
subnet 111.0.0.4/24 hihih udp 0-9
hihih
abc