Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Do not report leakage policy breaches for unique identifiers #326

Merged
merged 1 commit into from
Jan 5, 2023
Merged

fix: Do not report leakage policy breaches for unique identifiers #326

merged 1 commit into from
Jan 5, 2023

Conversation

spdawson
Copy link
Contributor

@spdawson spdawson commented Jan 4, 2023

Description

The Rails cookies and session custom detectors currently return unique identifiers (author.user_id, for example) as policy breaches.

Related

Closes #318

Checklist

  • I've added test coverage that shows my fix or feature works as expected.
  • I've updated or added documentation if required.
  • I've included usage information in the description if CLI behavior was updated or added.
  • PR title follows Conventional Commits format

@spdawson spdawson force-pushed the fix/do-not-report-unique-identifiers-as-policy-breaches branch from 08de98c to c2f9d8a Compare January 4, 2023 08:47
cfabianski
cfabianski reviewed Jan 4, 2023
View reviewed changes
Copy link
Collaborator

@cfabianski cfabianski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why the snapshots have extra items for Unique Identifier while the gist of this PR is to not have them in the first place. Could you explain please?

@spdawson
Copy link
Contributor Author

spdawson commented Jan 4, 2023

I don't understand why the snapshots have extra items for Unique Identifier while the gist of this PR is to not have them in the first place. Could you explain please?

The new entries are for the detections of the unique identifiers; I thought the idea here was to remove unique identifiers from policy breaches, rather than from the custom detections themselves?

@spdawson spdawson force-pushed the fix/do-not-report-unique-identifiers-as-policy-breaches branch 2 times, most recently from 44ca7bb to 4fa226e Compare January 5, 2023 07:31
@spdawson
fix: Do not report leakage policy breaches for unique identifiers
51cb97b 
The Rails cookies and session custom detectors currently return
unique identifiers (`author.user_id`, for example) as policy breaches.

Closes #318
@spdawson spdawson force-pushed the fix/do-not-report-unique-identifiers-as-policy-breaches branch from 4fa226e to 51cb97b Compare January 5, 2023 09:27
@cfabianski cfabianski merged commit 474e064 into main Jan 5, 2023
@cfabianski cfabianski deleted the fix/do-not-report-unique-identifiers-as-policy-breaches branch January 5, 2023 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfabianski cfabianski cfabianski approved these changes

@vjerci vjerci Awaiting requested review from vjerci

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rails cookies and session custom detections report Unique Identifiers as policy breaches
2 participants
@spdawson @cfabianski