[PSL-3160] Proactive PII Defense - Update email regex + tests #302
Conversation
|
For current scope of impact from various libs that we manage, I found this visual from kibana (see screenshot below) and this integrationMethodMap in our int dash code to be helpful. 
Our "Frontend Beacon / UI" delegates network calls to this client-js lib, so I feel great about where we are adding this layer of security / defensive programming. |
deomsj
left a comment
deomsj
left a comment
There was a problem hiding this comment.
Thank you for leading the way on this @vbartonicek. Changes to util and related specs make sense and work great, nice work!
| const PII_REGEX = [ | ||
| { | ||
| pattern: /^[\w\-+\\.]+@([\w-]+\.)+[\w-]{2,4}$/, | ||
| pattern: /[\w\-+\\.]+@([\w-]+\.)+[\w-]{2,4}/, |
There was a problem hiding this comment.
removing the "starts with" (^) and "ends with" ($) criteria from this pattern makes perfect conceptual sense to me.
this not only helps us match on strings with whitespace on either side of an email but also with other characters as well. We do want to prevent sending emails in tracking events regardless of whether the entire string is an email. that is what this change does. i like it
esezen
deleted the
psl-3160-investigate-and-fix-emails-detected-in-search-submit-terms
branch
This updates the email regex to exclude any strings containing a valid email. Check updated tests for more info.