Skip to content

Bugfix: overzealous data masking rule for US social security numbers
Compare
Choose a tag to compare
@jongpie jongpie released this 28 Aug 18:52
· 14 commits to main since this release
v4.14.7
a99f380
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Core Unlocked Package Changes

🐞 Fixed #542 (almost exactly 1 year after it was opened😅) to use a more targeted regular expression for identifying US social security numbers (SSN) to mask. Previously, the rule was not restrictive enough in the regular expression used in SensitiveDataRegEx__c, which resulted in the rule masking some values that it should have ignored.

For example, logging a message containing a (fake) credit card number like Here is a value 5000-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule...

  • Previously, this would unintentionally have applied the SSN rule instead, resulting in the value being masked as...
    • Here is a value XXX-XX-1111-2222-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule
  • Now, the US SSN has been corrected, and false-positive matches like credit card numbers will either be correctly masked (using their own matching credit card rule), or ignored (if not a valid SSN or credit card)
    • Here is a value ****-****-****-0005 and it looks like a Mastercard number, so apply the Mastercard masking rule

🤏 And a little bit of scope creep included:

  • Made a small optimization in the Apex class ComponentLogger to cache the field map for LogEntryEvent__e once per transaction
    • This map is used internally to validate & set custom fields in JavaScript, which was added in release v4.14.6
    • Previously, ComponentLogger would re-call the describe method for LogEntryEvent__e every time there was a component log entry that was setting 1 or more custom fields

Pipeline Changes

  • Updated pipeline script scripts/build/validate-custom-metadata-records.apex to validate that the regex values in LogEntryDataMaskRule__mdt work as expected

Installation Info

Core Unlocked Package - no namespace

Full Changelog: v4.14.6...v4.14.7

Assets 2
Loading
0 Join discussion