User Guide
Also available as:
PDF

XPath-Based Anonymization Rules

XPath-based rules anonymize XML data using XPath.

Required and Optional Fields

  • name

  • description (optional)

  • rule_id (should be set to XPATH)

  • paths

  • include_files

  • exclude_files (optional)

  • action (optional, default value is ANONYMIZE)

  • replace_value (optional, applicable only when action=REPLACE)

  • shared (optional, default value is true)

  • enabled (optional, default value is true)

For more information on each field, refer to Fields Used for Defining Anonymization Rules.

Rule Definition Example

  {
    "name": "XPATH_RULE",
    "rule_id": "XPATH",
    "paths": ["/data/record[1]/value"],
    "include_files": ["*test_config.xml"],
    "shared": true
  }

Sample Input XML Data

<data>
    <record>
        <name>password</name>
        <value>valueToAnonymize</value>
    </record>
    <record>
        <name>name</name>
        <value>value</value>
    </record>
</data>

Sample Output XML Data (After Anonymization)

<data>
    <record>
        <name>password</name>
        <value>¶smfz923swc¶</value>
    </record>
    <record>
        <name>name</name>
        <value>value</value>
    </record>
</data>

For more examples, refer to Examples of XPath-Based Anonymization Rules.

You can use this reference documentation for XPath.

Examples of XPath-Based Anonymization Rules

This section includes examples of commonly used XPath-based anonymization rules.

Example 1: Rule with nested XML structure

Rule definition example:

{
  "name": "NESTED_XPATH_RULE",
  "rule_id": "XPATH",
  "paths": ["/configs/properties/passwd"],
  "include_files": ["*config.xml"],
  "shared": true
}

Input data:

<?xml version="1.0" encoding="UTF-8" ?>
<configs>
    <properties>
        <user>abc</user>
        <passwd>1234</passwd>
    </properties>
</configs>

Output data (after anonymization):

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configs>
    <properties>
        <user>abc</user>
        <passwd>¶9165¶</passwd>
    </properties>
</configs>

Example 2: Rule with XML array structure

Rule definition example:

{
  "name": "ARRAY_XPATH_RULE",
  "rule_id": "XPATH",
  "paths": ["/configs/properties[2]/passwd"],
  "include_files": ["*config.xml"],
  "shared": true
}

Input data:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configs>
    <properties>
        <database>mysql</database>
        <url>user@host:port</url>
    </properties>
    <properties>
        <user>abc</user>
        <passwd>1234</passwd>
    </properties>
</configs>

Output data (after anonymization):

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configs>
    <properties>
        <database>mysql</database>
        <url>user@host:port</url>
    </properties>
    <properties>
        <user>abc</user>
        <passwd>¶9165¶</passwd>
    </properties>
</configs>

Example 3: Rule with XML map structure

Rule definition example:

{
  "name": "MAP_XPATH_RULE",
  "rule_id": "XPATH",
  "paths": ["/configs/properties/passwd"],
  "include_files": ["*config.xml"],
  "shared": true
}

Input data:

<?xml version="1.0" encoding="UTF-8" ?>
<configs>
    <db>mysql</db>
    <properties>
        <user_name>sa</user_name>
        <passwd>sa_pass</passwd>
    </properties>
    <pooli_size>32</pooli_size>
    <timeout>10</timeout>
</configs>

Output data (after anonymization):

<?xml version="1.0" encoding="UTF-8" standalone="no"?><configs>
    <db>mysql</db>
    <properties>
        <user_name>sa</user_name>
        <passwd>¶vm_wtto¶</passwd>
    </properties>
    <pooli_size>32</pooli_size>
    <timeout>10</timeout>
</configs>

Example 4: Rule to mask all array elements

Rule definition example:

{
  "name": "ALL_FROM_ARRAY_XPATH_RULE",
  "rule_id": "XPATH",
  "paths": ["/configs/properties[*]/passwd"],
  "include_files": ["*config.xml"],
  "shared": true
}

Input data:

<?xml version="1.0" encoding="UTF-8" ?>
<configs>
    <properties>
        <user>abc1</user>
        <passwd>pass1</passwd>
    </properties>
    <properties>
        <user>abc2</user>
        <passwd>pass2</passwd>
    </properties>
</configs>

Output data (after anonymization):

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configs>
    <properties>
        <user>abc1</user>
        <passwd>¶smfz7¶</passwd>
    </properties>
    <properties>
        <user>abc2</user>
        <passwd>¶smfz8¶</passwd>
    </properties>
</configs>

Example 5: Rule to mask some array elements which have passwd

Rule definition example:

{
  "name": "SOME_FROM_ARRAY_XPATH_RULE",
  "rule_id": "XPATH",
  "paths": ["/configs/properties[passwd]/passwd"],
  "include_files": ["*config.xml"],
  "shared": true
}

Input data:

<?xml version="1.0" encoding="UTF-8" ?>
<configs>
    <properties>
        <user>abc1</user>
        <passwd1>pass1</passwd1>
    </properties>
    <properties>
        <user>abc2</user>
        <passwd2>pass2</passwd2>
    </properties>
    <properties>
        <user>abc3</user>
        <passwd>pass3</passwd>
    </properties>
</configs>

Output data (after anonymization):

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configs>
    <properties>
        <user>abc1</user>
        <passwd1>pass1</passwd1>
    </properties>
    <properties>
        <user>abc2</user>
        <passwd2>pass2</passwd2>
    </properties>
    <properties>
        <user>abc3</user>
        <passwd>¶smfz9¶</passwd>
    </properties>
</configs>