Skip to content

fix: stop PII redaction from matching look-alike keys#11

Open
ymeloch wants to merge 1 commit into
CiscoDevNet:mainfrom
ymeloch:fix/pii-redaction-overmatch
Open

fix: stop PII redaction from matching look-alike keys#11
ymeloch wants to merge 1 commit into
CiscoDevNet:mainfrom
ymeloch:fix/pii-redaction-overmatch

Conversation

@ymeloch

@ymeloch ymeloch commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Fixes #3

When SECURE_ACCESS_REDACT_PII=true, _redact_pii matched key names by substring against hints that included "ip" and "user". That redacts fields that merely contain those letters:

"ip" matches description, recipient, zip, relationship
"user" matches userAgent

So report/activity output gets mangled in non-obvious ways.

This PR replaces the substring check with matching on normalized whole key names plus split tokens (camelCase / snake_case aware). Real PII keys (identity, ip, internalIp, email, user, device, …) still redact; look-alikes like description and userAgent no longer do. "ip" and "email" are still matched as standalone tokens so compound keys like sourceIp are caught, while "user" is matched only as a whole key so userAgent is left alone.

Adds tests/test_pii_redaction.py covering both the true positives and the regression cases. Verified the new test fails against the old substring logic and passes with this change.

Substring matching on the key name meant fields like description,
recipient, zip, and userAgent were redacted because they contain
'ip' or 'user'. Match on normalized whole key names and split tokens
instead. Adds regression tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

PII redaction matches too many fields

1 participant