sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

fix(security): expand Password PII patterns to catch pass: and natural language forms #60

Merged
sarman merged 1 commits from fix/pii-detection-bypass into master 2026-06-01 01:54:14 +00:00
Conversation 0 Commits 1 Files Changed 2 +99 -2

1 Commits

Author SHA1 Message Date
Shaun Arman
fbd6aab7fe fix(security): expand Password PII patterns; add regression tests
All checks were successful
Test / rust-fmt-check (pull_request) Successful in 1m20s
Details
Test / frontend-typecheck (pull_request) Successful in 1m37s
Details
Test / frontend-tests (pull_request) Successful in 1m35s
Details
Test / rust-clippy (pull_request) Successful in 3m11s
Details
PR Review Automation / review (pull_request) Successful in 4m22s
Details
Test / rust-tests (pull_request) Successful in 4m28s
Details 
Two credential patterns were missing from the PiiDetector, confirmed
by live audit log showing was_pii_redacted: false with plaintext creds:

1. Abbreviated key form (pass: abc123!!): the pattern only matched
   password|passwd|pwd. Added pass, passphrase, secret with a word
   boundary to prevent substring false positives (bypass:, compass:).

2. Natural language form (Is the password password123 good): added a
   second Password sub-pattern for keyword-adjacent values without a
   key separator. Value must contain a digit or special char to avoid
   flagging plain words (password strength, password policy).

5 new regression tests added. 233/233 Rust tests pass.
 2026-05-31 20:47:59 -05:00