Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add expected IsIdentifiable rules to service config #1245

Open
rkm opened this issue Aug 1, 2022 · 2 comments
Open

Add expected IsIdentifiable rules to service config #1245

rkm opened this issue Aug 1, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@rkm
Copy link
Member

rkm commented Aug 1, 2022

This improvement relates to version control and safety of our PII scan during file extraction.

The service config currently specifies a target directory for which to find rules files in. If this option is mis-configured, or a rules file has been moved, modified, or deleted, then it will not be loaded and the expected scan rules will silently be skipped.

We could add a new list to the config in which to specify each expected rule file and its checksum, in order to verify that the expected rules are being applied. This would achieve some level of change management over our scan rules, which are currently not captured in any version control system.

@rkm rkm added the enhancement New feature or request label Aug 1, 2022
@tznind
Copy link
Contributor

tznind commented Aug 1, 2022

This new issue will address there not being any rules files in the provided dir SMI/IsIdentifiable#132

That should go some way to helping. I think that if there is a system level expectation of certain rules files then this might be better handled with a startup bash script e.g.

if not contains <path.to.config> "expected rules dir"
  exit 1 

if ls "expected rules dir" not contains bob.yaml
  exit 2

if ls "expected rules dir" not contains sockets.yaml
  exit 3

start microservice

@tznind
Copy link
Contributor

tznind commented Aug 2, 2022

Or what about using git to version the rules? can we install standalone git server. The reviewer already has a rules base manager/browser so all we really need is version control.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants