Skip to content
This repository has been archived by the owner on Oct 4, 2022. It is now read-only.

Commit

Permalink
Merge pull request #5 from folio-org/UXPROD-336
Browse files Browse the repository at this point in the history 
Implement PII message identification (UXPROD-336)
  • Loading branch information
@mreno-EBSCO
mreno-EBSCO committed Dec 13, 2018
2 parents a24019e + beb134d commit 30b42d8
Show file tree
Hide file tree
Showing 8 changed files with 415 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pom.xml
View file
Expand Up @@ -98,6 +98,11 @@
<version>${vertx.version}</version>
</dependency>

<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<version>2.4.0</version>
</dependency>
</dependencies>
<build>
<resources>
Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/folio/aes/service/AesService.java
View file
Expand Up @@ -49,6 +49,7 @@ private JsonObject collectData(RoutingContext ctx) {
data.put("headers", AesUtil.convertMultiMapToJsonObject(ctx.request().headers()));
data.put("params", AesUtil.convertMultiMapToJsonObject(ctx.request().params()));
String bodyString = ctx.getBodyAsString();
data.put("pii", AesUtil.containsPII(bodyString));
if (bodyString.length() > BODY_LIMIT) {
data.put("body", new JsonObject().put("content",
bodyString.substring(0, BODY_LIMIT) + "..."));
Expand Down
16 changes: 16 additions & 0 deletions src/main/java/org/folio/aes/util/AesUtil.java
View file
@@ -1,5 +1,9 @@
package org.folio.aes.util;

import java.util.List;

import com.jayway.jsonpath.JsonPath;

import io.vertx.core.MultiMap;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
Expand Down Expand Up @@ -47,4 +51,16 @@ public static void maskPassword(JsonObject jsonObject) {
}
}
}

public static boolean containsPII(String bodyString) {
for (final JsonPath jp : Constant.PII_JSON_PATHS) {
final List<String> pathList = jp.read(bodyString,
Constant.PII_JSON_PATH_CONFIG);
if (!pathList.isEmpty()) {
return true;
}
}

return false;
}
}
16 changes: 16 additions & 0 deletions src/main/java/org/folio/aes/util/Constant.java
View file
@@ -1,8 +1,13 @@
package org.folio.aes.util;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import com.jayway.jsonpath.Configuration;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Option;

public class Constant {

private Constant() {
Expand All @@ -21,4 +26,15 @@ private Constant() {

public static final String TENANT_DEFAULT = "no_tenant";
public static final int BODY_LIMIT = 5000;

public static final Configuration PII_JSON_PATH_CONFIG = Configuration
.defaultConfiguration()
.addOptions(Option.AS_PATH_LIST, Option.SUPPRESS_EXCEPTIONS);
public static final List<JsonPath> PII_JSON_PATHS =
Collections.unmodifiableList(Arrays.asList(
JsonPath.compile("$..personal"),
JsonPath.compile("$..username"),
JsonPath.compile("$..requester"),
JsonPath.compile("$..user")
));
}
8 changes: 8 additions & 0 deletions src/main/resources/log4j.properties
View file
@@ -0,0 +1,8 @@
# variables are substituted from filters-[production|development].properties
log4j.rootLogger=INFO, CONSOLE
#log4j.rootLogger=DEBUG, CONSOLE

# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{HH:mm:ss} %-5p %-20.20C{1} %m%n
23 changes: 23 additions & 0 deletions src/test/java/org/folio/aes/util/AesUtilTest.java
View file
Expand Up @@ -2,6 +2,9 @@

import static org.junit.Assert.*;

import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Arrays;

import org.folio.aes.util.AesUtil;
Expand Down Expand Up @@ -46,4 +49,24 @@ public void testMaskPassword() {
}
}

@Test
public void testContainsPII() {
String user = "{\"username\":\"jhandey\",\"id\":\"7261ecaae3a74dc68b468e12a70b1aec\",\"active\":true,\"type\":\"patron\",\"patronGroup\":\"4bb563d9-3f9d-4e1e-8d1d-04e75666d68f\",\"meta\":{\"creation_date\":\"2016-11-05T0723\",\"last_login_date\":\"\"},\"personal\":{\"lastName\":\"Handey\",\"firstName\":\"Jack\",\"email\":\"jhandey@biglibrary.org\",\"phone\":\"2125551212\"}}";

assertTrue(AesUtil.containsPII(user));
}

@Test
public void testContainsPIINoPII() {
String item = "{\"id\":\"0b96a642-5e7f-452d-9cae-9cee66c9a892\",\"title\":\"Uprooted\",\"callNumber\":\"D11.J54 A3 2011\",\"barcode\":\"645398607547\",\"status\":{\"name\":\"Available\"},\"materialType\":{\"id\":\"fcf3d3dc-b27f-4ce4-a530-542ea53cacb5\",\"name\":\"Book\"},\"permanentLoanType\":{\"id\":\"8e570d0d-931c-43d1-9ca1-221e693ea8d2\",\"name\":\"Can Circulate\"},\"temporaryLoanType\":{\"id\":\"74c25903-4019-4d8a-9360-5cb7761f44e5\",\"name\":\"Course Reserve\"},\"permanentLocation\":{\"id\":\"d9cd0bed-1b49-4b5e-a7bd-064b8d177231\",\"name\":\"Main Library\"}}";

assertFalse(AesUtil.containsPII(item));
}

@Test
public void testContainsPIIUserList() throws Exception {
String users = new String(Files.readAllBytes(Paths.get("src/test/resources/data/users.json")), StandardCharsets.UTF_8);

assertTrue(AesUtil.containsPII(users));
}
}

0 comments on commit 30b42d8

Please sign in to comment.