Skip to content

PII Masking regex policy does not mask sensitive information as expected #1213

@IsuruGunarathne

Description

@IsuruGunarathne

Please select the area the issue is related to

Area/Policies (Policies, Policy Hub, Policy Engine etc)

Please select the aspect the issue is related to

Aspect/API (API backends, definitions, contracts, interfaces, OpenAPI)

Description

The PII Masking regex policy doesn't work as expected, information that is supposed to be masked is sent to the upstream.

Steps to Reproduce

  1. Deploy a self-hosted gateway and a sample backend to log request details in the same network
  2. Deploy and API proxy pointed to the backend
  3. Add PII Masking regex policy with the following configuration
    (piiEntity: EMAIL, piiRegex: ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,}$)
  4. Send a request with an email in the body (e.g. tom@gmail.com)
  5. notice the logs in the backend, the email will be present in the logs
  6. Same issue is present when a regex for phone numbers is configured.
    (piiEntity: PHONE, piiRegex: ^07[0-9]{8}$)
    e.g.: 0776666666

Severity Level of the Issue

Severity/Major (Important functionality is broken. Should be prioritized. Doesn't need immediate attention)

Environment Details (with versions)

Stage

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area/AIPoliciesIssues related to policies,guardrails in AI GatewayArea/PoliciesIssues related to any policy, policy hub, policy engine etcAspect/APIAPI definitions, contracts, OpenAPI, interfacesSeverity/MajorType/Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions