Class: Moku6::Rules::PiiFieldNameHeuristicRule

Inherits:

BaseRule

Object
BaseRule
Moku6::Rules::PiiFieldNameHeuristicRule

show all

Defined in:: lib/moku6/rules/pii_field_name_heuristic_rule.rb

Overview

Warns when a field name looks like PII (email/phone/ssn, …) but is not covered by privacy.masked_fields (design section 10.1, v0.2).

Constant Summary collapse

PII_PATTERN =

/
  email | phone | tel | mobile | fax |
  ssn | mynumber | my_number | passport | license |
  credit_?card | card_?number | cvv |
  address | postal | zip |
  birth | dob | password | secret
/xi

Instance Method Summary collapse

#check(event) ⇒ Object

: (Event event) -> Array.

Methods inherited from BaseRule

#initialize

Constructor Details

This class inherits a constructor from Moku6::Rules::BaseRule

Instance Method Details

#check(event) ⇒ `Object`

: (Event event) -> Array

# File 'lib/moku6/rules/pii_field_name_heuristic_rule.rb', line 18

def check(event)
  return [] unless @config.warn_pii_field_names?

  masked = masked_field_tokens(event)
  event.fields.filter_map do |name, _f|
    next unless name.to_s.match?(PII_PATTERN)
    next if masked.include?(name.to_s)

    offense(event, :warning,
      "field '#{name}' looks like personal data but is not listed in privacy.masked_fields.",
      rule: "pii_field_name_heuristic")
  end
end