Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to modify the sensitive information in the JSON string, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

Modifying sensitive information in JSON strings requires that sensitive information in json strings be encrypted

For example, the ID card of the mobile phone number, which requires traversing the json and covering all the sensitive key, originally thought it was very difficult. After thinking about it, the code modification was done in about an hour, which is actually a simple recursion, the same as traversing a directory and outputting all the file names.

Cut the crap and paste the code and test cases directly.

Package com.ucredit.test; import com.alibaba.fastjson.JSON;import com.alibaba.fastjson.JSONArray;import com.alibaba.fastjson.JSONObject; / * Created by beibei on 18-1-24. * / public class JsonTest {public static void main (String [] args) {String sa = "{'sa':'saas','sb': [' sa','ds','sda'], 'sc': {' dsa':'21'}}"; JSONObject jsonObject = JSON.parseObject (sa); System.out.println (changeSensitiveMsg (jsonObject). ToJSONString ()) } / / Recursive object private static JSONObject changeSensitiveMsg (JSONObject jsonObject) {for (String key: jsonObject.keySet ()) {String json = jsonObject.getString (key); if (isObject (json)) {jsonObject.put (key, changeSensitiveMsg (JSON.parseObject (json) } else if (isArray (json)) {jsonObject.put (key, changeSensitiveMsg (JSON.parseArray (json);} else {/ / this is the operation if (isSensitiveKey (key)) jsonObject.put (key, "test") that finally overrides the sensitive attribute. }} return jsonObject;} / / Recursive array private static JSONArray changeSensitiveMsg (JSONArray jsonArray) {for (int I = 0; I < jsonArray.size ()) {String value = jsonArray.getString (I); if (isArray (value)) {jsonArray.set (I, changeSensitiveMsg (jsonArray.getJSONArray (I) } else if (isObject (value)) {jsonArray.set (I, changeSensitiveMsg (JSON.parseObject (value);}} return jsonArray } / / to determine whether it is an object or not. This method needs to be optimized. It takes a long time to encounter special characters. You can directly judge private static boolean isObject (String str) {try {JSON.parseObject (str); return true;} catch (Exception e) {return false according to the first letter of the json string. }} / / to determine whether it is an array. This method needs to be optimized. It takes time to encounter special characters. You can directly judge private static boolean isArray (String str) {try {JSON.parseArray (str); return true;} catch (Exception e) {return false according to the first letter of the json string. }} / / whether sensitive key public static boolean isSensitiveKey (String key) {return true;}} clears sensitive string content

The password in the connection mailbox, SMS and other server information belongs to sensitive information and needs to be cleared in memory. The general practice is to pass the clear text of the password to char [] in the foreground, and change each element of the array to 0 after use.

However, there must be situations where String is not applicable, such as the user password used to connect to the mailbox server; the json string passed by the rest API contains the password plaintext.

Analysis.

The string is of final type and cannot be changed during run time. It involves constant pool. Assigning it to null will not reclaim memory. But unlike new String, memory can be reclaimed. However, JVM recycling is not timely, and if you can clear the char [] content after using it, you can also keep the content in the constant pool unchanged. The question turns into how to clean up new String memory?

Solution idea

String is just a reference that says that char [] value,value is an internal private variable and cannot be accessed.

But java reflection can do this. The code is as follows:

Char [] chars = new char []; String valueStr = new String (chars); System.out.println (valueStr); Field field = valueStr.getClass (). GetDeclaredField ("value"); field.setAccessible (true); field.set (valueStr, new char [] {0,0,0,0}); field.setAccessible (false); System.out.println (valueStr); System.out.println ("aaaa") System.out.println (new String (new char [] {'a','a'}))

Change the private variable to be accessible, get the value, change the value of the array, and then set the permission back. Plus printing the constant pool string is the same as new String, and the result is as follows:

Tests show that this method is feasible and will not change the string content of the same content later. By looking at the source code, the org.codehaus.jackson.map.ObjectMapper.writeValueAsString (Object value) method, the returned string is also new String, so it is also applicable. After testing, it will not affect other json strings with the same content.

In this way, sensitive information content can be cleared in this way for both json strings and new String. But it should be noted that if it is not a string from new, once modified, it will affect the content of the constant pool string, with serious consequences.

Thank you for reading this article carefully. I hope the article "how to modify the sensitive Information in the JSON string" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.