Bugfix: overzealous data masking rule for US social security numbers #751
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s.apex to validate the regex values in LogEntryDataMaskRule__mdt work as expected
…ityNumber' to be stricter to avoid incorrectly masking credit card numbers as social security numbers
…e field maps for LogEntryEvent__e Previously, it would re-call the describe method for every component log entry that was setting 1 or more custom fields
jongpie
added
Type: Bug
jongpie
temporarily deployed
to
Event Monitoring Scratch Org
GitHub Actions
Inactive
jongpie
temporarily deployed
to
Base Scratch Org
GitHub Actions
Inactive
jongpie
temporarily deployed
to
Platform Cache Scratch Org
GitHub Actions
Inactive
jongpie
temporarily deployed
to
Experience Cloud Scratch Org
GitHub Actions
Inactive
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #751 +/- ##
=======================================
Coverage 93.16% 93.16%
=======================================
Files 67 67
Lines 6950 6953 +3
Branches 199 199
=======================================
+ Hits 6475 6478 +3
Misses 447 447
Partials 28 28
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Core Unlocked Package Changes
🐞 Fixed #542 (almost exactly 1 year after it was opened😅) to use a more targeted regular expression for identifying US social security numbers (SSN) to mask. Previously, the rule was not restrictive enough in the regular expression used in
SensitiveDataRegEx__c, which resulted in the rule masking some values that it should have ignored.For example, logging a message containing a (fake) credit card number like
Here is a value 5000-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule...Here is a value XXX-XX-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking ruleHere is a value ****-****-****-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule🤏 And a little bit of scope creep included:
ComponentLoggerto cache the field map forLogEntryEvent__eonce per transactionv4.14.6ComponentLoggerwould re-call the describe method forLogEntryEvent__eevery time there was a component log entry that was setting 1 or more custom fieldsPipeline Changes
scripts/build/validate-custom-metadata-records.apexto validate that the regex values inLogEntryDataMaskRule__mdtwork as expected