Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mark data as pii or creds and check encryption at rest #127

Merged
merged 1 commit into from
Dec 24, 2020
Merged

mark data as pii or creds and check encryption at rest #127

merged 1 commit into from
Dec 24, 2020

Conversation

nineinchnick
Copy link
Collaborator

  • mark data as pii or creds and if it's encrypted at rest
  • add two new threats, one that checks if sensitive data is sufficiently protected, second to check if credentials are not hardcoded (or otherwise long lived)

This is supposed to allow removing attrs like storesPII from the Datastore in #119

@nineinchnick nineinchnick mentioned this pull request Oct 4, 2020
Open
@nineinchnick nineinchnick force-pushed the data-attrs branch 2 times, most recently from fd8c601 to 5cbe02f Compare October 4, 2020 17:13
@rgacote
Copy link

rgacote commented Oct 17, 2020

If PII is explicitly identified, why not also break out PCI (credit cards) and PHI (health information)?

@nineinchnick
Copy link
Collaborator Author

If PII is explicitly identified, why not also break out PCI (credit cards) and PHI (health information)?

@rgacote This is a great idea. Would you like to work on it? At minimum this involves:

  • defining new attributes and documenting them
  • using them in conditions of existing threats or defining a new threat

@rgacote
Copy link

rgacote commented Oct 26, 2020

If PII is explicitly identified, why not also break out PCI (credit cards) and PHI (health information)?

@rgacote This is a great idea. Would you like to work on it? At minimum this involves:

  • defining new attributes and documenting them
  • using them in conditions of existing threats or defining a new threat

Wish I could work on it. In the middle of three security assessments at the moment...

@ghost
Copy link

ghost commented Dec 13, 2020

DeepCode's analysis on #eaed85 found:

  • ℹ️ 3 minor issues. 👇

Top issues

Description Example fixes
Access to a protected member _safeset of a client class Occurrences: 🔧 Example fixes
Redefining name 'd' from outer scope (line 366) Occurrences: 🔧 Example fixes
Using possibly undefined loop variable 'd' Occurrences: 🔧 Example fixes

👉 View analysis in DeepCode’s Dashboard | Configure the bot

@izar izar merged commit fbf177b into izar:master Dec 24, 2020
@mikejarrett mikejarrett mentioned this pull request Mar 15, 2021
Merged
@nineinchnick nineinchnick deleted the data-attrs branch April 30, 2021 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@izar izar Awaiting requested review from izar izar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nineinchnick @rgacote @izar