Skip to content

Bugfix: overzealous data masking rule for US social security numbers#751

Merged
jongpie merged 5 commits intomainfrom
bugfix/us-social-security-number-data-mask-rule
Aug 28, 2024
Merged

Bugfix: overzealous data masking rule for US social security numbers#751
jongpie merged 5 commits intomainfrom
bugfix/us-social-security-number-data-mask-rule

Conversation

@jongpie
Copy link
Copy Markdown
Owner

@jongpie jongpie commented Aug 28, 2024

Core Unlocked Package Changes

🐞 Fixed #542 (almost exactly 1 year after it was opened😅) to use a more targeted regular expression for identifying US social security numbers (SSN) to mask. Previously, the rule was not restrictive enough in the regular expression used in SensitiveDataRegEx__c, which resulted in the rule masking some values that it should have ignored.

For example, logging a message containing a (fake) credit card number like Here is a value 5000-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule...

  • Previously, this would unintentionally have applied the SSN rule instead, resulting in the value being masked as...
    • Here is a value XXX-XX-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule
  • Now, the US SSN has been corrected, and false-positive matches like credit card numbers will either be correctly masked (using their own matching credit card rule), or ignored (if not a valid SSN or credit card)
    • Here is a value ****-****-****-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule

🤏 And a little bit of scope creep included:

  • Made a small optimization in the Apex class ComponentLogger to cache the field map for LogEntryEvent__e once per transaction
    • This map is used internally to validate & set custom fields in JavaScript, which was added in release v4.14.6
    • Previously, ComponentLogger would re-call the describe method for LogEntryEvent__e every time there was a component log entry that was setting 1 or more custom fields

Pipeline Changes

  • Updated pipeline script scripts/build/validate-custom-metadata-records.apex to validate that the regex values in LogEntryDataMaskRule__mdt work as expected

jongpie added 4 commits August 27, 2024 23:54
@jongpie
Updated pipeline script scripts/build/validate-custom-metadata-record…
d0846a5 
…s.apex to validate the regex values in LogEntryDataMaskRule__mdt work as expected
@jongpie
Corrected the regular expressions used in data mask rule 'SocialSecur…
8832acc 
…ityNumber' to be stricter to avoid incorrectly masking credit card numbers as social security numbers
@jongpie
Scope creep: made a small optimization in ComponentLogger to cache th…
27e6387 
…e field maps for LogEntryEvent__e

Previously, it would re-call the describe method for every component log entry that was setting 1 or more custom fields
@jongpie
Bumped package version number, name, and description
6d7d04a
@jongpie jongpie added Type: Bug Something isn't working Layer: Configuration Items related to the custom hierarchy setting LoggerSettings__c or any included custom metadata type Feature: Data Masking labels Aug 28, 2024
@jongpie jongpie temporarily deployed to Event Monitoring Scratch Org August 28, 2024 04:30 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Base Scratch Org August 28, 2024 04:30 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Platform Cache Scratch Org August 28, 2024 04:36 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Experience Cloud Scratch Org August 28, 2024 04:38 — with GitHub Actions Inactive
@codecov
Copy link
Copy Markdown

codecov Bot commented Aug 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.16%. Comparing base (2894401) to head (6d7d04a).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #751   +/-   ##
=======================================
  Coverage   93.16%   93.16%           
=======================================
  Files          67       67           
  Lines        6950     6953    +3     
  Branches      199      199           
=======================================
+ Hits         6475     6478    +3     
  Misses        447      447           
  Partials       28       28
Flag Coverage Δ
Apex 95.46% <100.00%> (+<0.01%) ⬆️
LWC 83.26% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jongpie jongpie merged commit a99f380 into main Aug 28, 2024
@jongpie jongpie deleted the bugfix/us-social-security-number-data-mask-rule branch August 28, 2024 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Feature: Data Masking Layer: Configuration Items related to the custom hierarchy setting LoggerSettings__c or any included custom metadata type Type: Bug Something isn't working

Projects

None yet

Milestone

Version 4.15.0: Winter '25 Release

Development

Successfully merging this pull request may close these issues.

The provided data mask rules sometimes mask incorrect data

2 participants

@jongpie @actions-user