代码审计报告提出的一个问题:
明文暴露配置信息风险
解决方案可以使用jasypt实现
需要使用依赖:
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
加密实现案例:
import com.yonyou.cloud.repair.RepairApplication;
import org.jasypt.encryption.StringEncryptor;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = RepairApplication.class )
public class DatabaseTest {
@Autowired
private StringEncryptor encryptor;
@Test
public void Test() {
String url = encryptor.encrypt("10.180.6.116");
String name = encryptor.encrypt("6379");
String password = encryptor.encrypt("cyx_Pass1234");
System.out.println("database url: " + url);
System.out.println("database name: " + name);
System.out.println("database password: " + password);
Assert.assertTrue(url.length() > 0);
Assert.assertTrue(name.length() > 0);
Assert.assertTrue(password.length() > 0);
}
}
结合application.yml配置信息的处理:
加密的密文需要加上ENC()修饰,在加载过程处理解密
# 现UAT环境库
url: ENC(3HhbZfqGCMCr+ux/0hUbmMGtnP1v03lj/nSIYpS1mwDN745DC2V/rM3IXeWKRTq0Z67V3l67tpuzaj+IoCAQkjms2HW2Df7bPAFBFC6Q8ixaucMo2JHoMz16jxvCHrlz7CUAwTH/oZpzoqzEbfJgu3bixM5DoaOmQGSeWk67hZVSYoKjx77Oif08fecAid/nobzBSvuzYhcMIylWkWyONg==)
username: ENC(Q+bk/oOkE92lcvFJXXzk6RMV1homL+Ij)
password: ENC(fzPoG+f1QEM1AfRGqAVCTpJ9bzYNbSAj0jpAX6DNqTk=)
密文加密的盐值配置【yml配置层级就是第一级】:
jasypt:
encryptor:
password: Y6M8fAJQdU7jNp5MW
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
