Skip to content

Data Masking & String Truncation Improvements #866

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jongpie merged 18 commits into from
May 30, 2025
Merged

Data Masking & String Truncation Improvements #866

jongpie merged 18 commits into from
May 30, 2025

Conversation

@jongpie
Copy link
Owner

@jongpie jongpie commented May 13, 2025
edited
Loading

Bundled Data Masking Rules Bugfixes + New American Express (AMEX) Masking Rule

  • Bugfix: Fixed issues in the regular expressions (regexes) used in the 3 existing LogEntryDataMaskRule__mdt records (stored in the field SensitiveDataRegEx__c). The previous regexes were too aggressive, and would sometimes incorrectly mask substrings of non-credit card & non-social security number values.
    • SocialSecurityNumber
    • MastercardCreditCardNumber
    • VisaCreditCardNumber
  • Enhancement: Added a new bundled record in LogEntryDataMaskRule__mdt for American Express (AMEX) credit card numbers - AmericanExpressCreditCardNumber (similar to the existing rules for Visa & Mastercard)

Data Masking Bugfixes + Truncation Bugfixes + New *Truncated__c Boolean Fields

  • Bugfix: Fixed Text truncation does not always properly truncate (especially when combined with data masking rules) #695 by adding another round of string truncation after applying data masking to fix issues where string values could still be too long for the corresponding fields

    • Context: Some data masking rules can (intentionally) cause a text value's length to increase. For example, social security numbers are formatted with - dashes when masked, so values like 123456789 (9 characters) are 2 characters longer when masked as ***-**-6789 (11 characters).
    • In previous versions of Nebula Logger, text was truncated, then masked. With a combination of long text values + matching data to mask, the resulting text value could be too long. This was especially a problem for the Message__c field in several orgs, but the same issue could/did happen with several other text fields.
    • In this release, the text is truncated again after masking to ensure the data will fit into the corresponding field.

  • Optimization: Refactored some duplicated logic in LogEntryEventBuilder for truncating + masking various text values

    • There are several fields being masked + truncated (and more fields will probably be added in the future), and the existing code had a lot of code duplication happening.

  • Enhancement: Added several new *Truncated__c boolean fields on both LogEntryEvent__e & LogEntry__c for some data points where it would be helpful to have the context that data has been truncated. There are 5 sets of new fields included:

    1. LogEntryEvent__e.HttpRequestBodyTruncated__c ➡️ LogEntry__c.HttpRequestBodyTruncated__c
    2. LogEntryEvent__e.HttpResponseBodyTruncated__c ➡️ LogEntry__c.HttpResponseBodyTruncated__c
    3. LogEntryEvent__e.RecordJsonTruncated__c ➡️ LogEntry__c.RecordJsonTruncated__c
    4. LogEntryEvent__e.RestRequestBodyTruncated__c ➡️ LogEntry__c.RestRequestBodyTruncated__c
    5. LogEntryEvent__e.RestResponseBodyTruncated__c ➡️ LogEntry__c.RestResponseBodyTruncated__c

  • Enhancement: Updated the LogEntryRecordPage flexipage to add the new *Truncated__c boolean fields on LogEntry__c (mentioned above, and shown below)

    • These fields are configured to only show on the page when true, similar to the behavior used for the existing *Masked__c fields, like LogEntry__c.MessageMasked__c & LogEntry__c.RecordJsonMasked__c

    image

    image

    image

    image

    image

Pipeline Improvements for extra-tests Directory

  • DevOps/Pipeline Improvement: Added new pipeline-only test classes with integration tests to validate that the custom metadata type (CMDT) records bundled with Nebula Logger work as expected
    • This includes validating records in LogEntryDataMaskRule__mdt, LoggerParameter__mdt, LoggerSObjectHandler__mdt, and LogStatus__mdt
    • Since orgs can choose to modify or delete the bundled CMDT records, this level of testing needs to happen just in the pipeline
  • Re-organized the Apex test classes + metadata in nebula-logger/extra-tests to make it a little more clear what everything is being used for. The number of files has grown a lot over the last few years, so a little cleanup was needed.
    • This directory's metadata is only used by the pipeline to more thoroughly test some features & metadata that's bundled with Nebula Logger - none of it is included when installing Nebula Logger, so these changes should not have any direct impact to people using Nebula Logger.

jongpie added 11 commits May 8, 2025 17:33
@jongpie
[WIP] Added another round of string truncation after applying data ma…
fb8fd00 
…sking to fix issues where string values could still be too long for the corresponding fields
@jongpie
Refactored repetitive logic in LogEntryEventBuilder for truncating + …
8b398fb 
…masking various text values, and added several new *Truncated__c fields on LogEntryEvent__e for some data points where it would be helpful to have the context that data has been truncated
@jongpie
Added integration tests to validate the 3 included data masking rules…
ba88fcf 
… - and fixed issues in the regexes for all 3 of them ^_^
@jongpie
[WIP] Added new *Truncated__c fields on LogEntry__c that correspond t…
5a3b3bc 
…o the new fields on LogEntryEvent__e
@jongpie
Moved some test methods for data masking rules to a new extra-tests c…
68aa492 
…lass so they only run in the pipeline

These tests are intended to validate that the bundled data masking rules work correctly out-of-the-box, but people are free to edit these in their own orgs, so the this level of testing needs to happen in the pipeline only
@jongpie
Added new bundled data mask rule for AMEX credit card numbers
46549ff
@jongpie
Added mappings in LogEntryEventHandler for new *Truncated__c fields
33f6f67
@jongpie
Bumped package version number, name, and description
435b8b0
@jongpie
Added inline help text to the new *Truncated__c fields on LogEntry__c
4b1005a
@jongpie
Added extra Apex script to generate sample records with masked + trun…
6d0d242 
…cated fields
@jongpie
Fixed some PMD scan violations
4bfa097
@jongpie jongpie added Type: Bug Something isn't working Type: Enhancement New feature or request optimization cleanup Salesforce Feature: Reporting Anything related to reports, dashboards, and the underlying data model Logging Source: Apex Items related to using Logger within Apex Logging Source: Flow Items related to using Nebula Logger within Flow Layer: Configuration Items related to the custom hierarchy setting LoggerSettings__c or any included custom metadata type Logging Source: Lightning Components Items related to using Nebula Logger using JavaScript within lightning components (lwc & aura) Layer: Log Management Items related to the custom objects & Logger Console app Layer: Logger Engine Items related to the core logging engine Salesforce Feature: Platform Events Items related to how platform events are leveraged by Nebula Logger Feature: Data Masking Logging Source: OmniStudio Items related to using Nebula Logger within OmniStudio labels May 13, 2025
@jongpie jongpie had a problem deploying to Event Monitoring Scratch Org May 13, 2025 21:37 — with GitHub Actions Failure
@jongpie jongpie had a problem deploying to Advanced Scratch Org May 13, 2025 21:37 — with GitHub Actions Failure
@jongpie jongpie had a problem deploying to Base Scratch Org May 13, 2025 21:37 — with GitHub Actions Failure
jongpie added 3 commits May 20, 2025 18:13
@jongpie
Added more pipeline-only tests for validating the CMDT records bundle…
6017dad 
…d with Nebula Logger have the expected values
@jongpie
Scope creep: restructured extra-tests directory to add some organizat…
d58c5a5 
…ion, things were getting a bit messy
@jongpie
Reverted data mask rule for social security numbers to use X instead …
7b28450 
…of * as replacement values

I had unintentionally switched to using * when rewriting the regex
@jongpie jongpie temporarily deployed to Event Monitoring Scratch Org May 21, 2025 14:08 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Advanced Scratch Org May 21, 2025 14:08 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Base Scratch Org May 21, 2025 14:08 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Platform Cache Scratch Org May 21, 2025 14:20 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to OmniStudio Scratch Org May 21, 2025 14:22 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Experience Cloud Scratch Org May 21, 2025 14:28 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Base Scratch Org May 21, 2025 14:50 — with GitHub Actions Inactive
@jongpie jongpie temporarily deployed to Base Scratch Org May 21, 2025 15:01 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented May 21, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.49%. Comparing base (323fa77) to head (7b28450).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #866      +/-   ##
==========================================
+ Coverage   86.19%   91.49%   +5.30%     
==========================================
  Files          17       58      +41     
  Lines        1318     6314    +4996     
  Branches      199      199              
==========================================
+ Hits         1136     5777    +4641     
- Misses        162      517     +355     
  Partials       20       20
Flag Coverage Δ
Apex 92.89% <100.00%> (?)
LWC 86.19% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jongpie jongpie merged commit 0642147 into main May 30, 2025
1 check passed
@jongpie jongpie deleted the bugfix/improved-data-masking-and-truncation branch May 30, 2025 15:52
@jongpie jongpie added the devops Items related to tooling, automation, and guidelines used for developing Nebula Logger label May 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cleanup devops Items related to tooling, automation, and guidelines used for developing Nebula Logger Feature: Data Masking Layer: Configuration Items related to the custom hierarchy setting LoggerSettings__c or any included custom metadata type Layer: Log Management Items related to the custom objects & Logger Console app Layer: Logger Engine Items related to the core logging engine Logging Source: Apex Items related to using Logger within Apex Logging Source: Flow Items related to using Nebula Logger within Flow Logging Source: Lightning Components Items related to using Nebula Logger using JavaScript within lightning components (lwc & aura) Logging Source: OmniStudio Items related to using Nebula Logger within OmniStudio optimization Salesforce Feature: Platform Events Items related to how platform events are leveraged by Nebula Logger Salesforce Feature: Reporting Anything related to reports, dashboards, and the underlying data model Type: Bug Something isn't working Type: Enhancement New feature or request

Projects

None yet

Milestone

Version 4.17.0: Summer '25 Release

Development

Successfully merging this pull request may close these issues.

Text truncation does not always properly truncate (especially when combined with data masking rules)

3 participants

@jongpie @actions-user