Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added support for truncating crypto-hashed values to a max length #207

Merged
merged 2 commits into from
Oct 15, 2024
Merged

feat: added support for truncating crypto-hashed values to a max length #207

merged 2 commits into from
Oct 15, 2024

Conversation

chgl
Copy link
Contributor

@chgl chgl commented Oct 14, 2024

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 14, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 5 0 0.14s
✅ BASH bash-exec 1 0 0.03s
✅ BASH shellcheck 1 0 0.03s
✅ BASH shfmt 1 0 0.04s
✅ CSHARP csharpier 95 0 7.0s
⚠️ CSHARP roslynator 3 2 48.26s
✅ DOCKERFILE hadolint 1 0 0.24s
✅ EDITORCONFIG editorconfig-checker 184 0 2.55s
✅ JSON jsonlint 29 0 0.64s
✅ JSON prettier 29 0 3.84s
✅ JSON v8r 29 0 16.42s
✅ MARKDOWN markdownlint 4 0 1.39s
✅ PROTOBUF protolint 4 0 4.31s
✅ REPOSITORY checkov yes no 14.4s
✅ REPOSITORY dustilock yes no 0.01s
✅ REPOSITORY gitleaks yes no 0.35s
✅ REPOSITORY git_diff yes no 0.07s
✅ REPOSITORY grype yes no 14.75s
✅ REPOSITORY kics yes no 21.74s
✅ REPOSITORY secretlint yes no 1.42s
✅ REPOSITORY syft yes no 0.34s
✅ REPOSITORY trivy yes no 10.3s
✅ REPOSITORY trivy-sbom yes no 0.64s
✅ REPOSITORY trufflehog yes no 6.13s
✅ XML xmllint 2 0 0.01s
✅ YAML prettier 30 0 1.58s
✅ YAML v8r 30 0 43.13s
✅ YAML yamllint 30 0 1.13s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@github-actions GitHub Actions
Copy link

Trivy image scan report

ghcr.io/miracum/fhir-pseudonymizer:pr-207 (ubuntu 24.04)

No Vulnerabilities found

No Misconfigurations found

opt/fhir-pseudonymizer/FhirPseudonymizer.deps.json

No Vulnerabilities found

No Misconfigurations found

opt/fhir-pseudonymizer/packages.lock.json

No Vulnerabilities found

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.AspNetCore.App/8.0.8/Microsoft.AspNetCore.App.deps.json

1 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 0 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
Microsoft.AspNetCore.App.Runtime.linux-x64 CVE-2024-38229 HIGH 8.0.8 9.0.0-rc.2.24474.3, 8.0.10

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.8/Microsoft.NETCore.App.deps.json

No Vulnerabilities found

No Misconfigurations found

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 14, 2024
edited
Loading

Code Coverage

Package Line Rate Branch Rate Health
FhirPseudonymizer 74% 65%
FhirPseudonymizer.Tests 100% 100%
Summary 81% (826 / 1018) 69% (95 / 138)

Minimum allowed line rate is 50%

iter8 report

Experiment summary:
*******************

  Experiment completed: true
  No task failures: true
  Total number of tasks: 7
  Number of completed tasks: 7
  Number of completed loops: 1

Whether or not service level objectives (SLOs) are satisfied:
*************************************************************

  SLO Conditions                 | Satisfied
  --------------                 | ---------
  http/error-count <= 0          | true
  http/latency-mean (msec) <= 25 | true
  http/latency-p99 (msec) <= 85  | true
  

Latest observed values for metrics:
***********************************

  Metric                     | value
  -------                    | -----
  http/error-count           | 0.00
  http/error-rate            | 0.00
  http/latency-max (msec)    | 979.73
  http/latency-mean (msec)   | 15.32
  http/latency-min (msec)    | 2.16
  http/latency-p50 (msec)    | 8.39
  http/latency-p75 (msec)    | 19.62
  http/latency-p90 (msec)    | 40.54
  http/latency-p95 (msec)    | 48.46
  http/latency-p99 (msec)    | 72.87
  http/latency-p99.9 (msec)  | 112.80
  http/latency-stddev (msec) | 20.32
  http/request-count         | 25000.00

@chgl chgl requested a review from makampf October 14, 2024 19:20
@chgl chgl self-assigned this Oct 15, 2024
makampf
makampf approved these changes Oct 15, 2024
View reviewed changes
Copy link
Member

@makampf makampf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ich bin leider in C# noch wesentlich weniger fit, als ich selbst dachte. Daher ist mein Approval vielleicht nicht ganz so viel wert. Auf den ersten oberflächlichen Blick sieht es gut aus. Musste CRYTOHASH googeln, weil es wie ein Tippfehler aussieht ;)
Die einzige Frage, die bei mir bleibt ist, ob die bereits durch die Stream Processors gehashten IDs/Referenzen durch den Pseudonymizer NOCHMAL gehasht werden, und ob das nötig und gewollt ist?

...Pseudonymizer/Microsoft.Health.Fhir.Anonymizer.Shared.Core/Processors/CryptoHashProcessor.cs
input,
_cryptoHashFunction
);
var newReference = ReferenceUtility.TransformReferenceId(input, cryptoHashFunction);
Copy link
Member

@makampf makampf Oct 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heißt das, die Hashes, die aus dem Streamprozessor kommen, werden nochmal gehasht?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ja genau, die angegbenen Werte werden - egal ob hash oder nicht - wie strings behandelt. genau genommen werden die werte dann sogar 2x gehasht: https://en.wikipedia.org/wiki/HMAC. An sich würde verschlüsselung für uns auch funktionieren, aber AES und co erzeugen für gleiche inputs unterschiedliche outputs - was wir für die IDs nicht wollen.

@chgl chgl merged commit 54dae1e into master Oct 15, 2024
15 checks passed
miracum-bot pushed a commit that referenced this pull request Oct 15, 2024
@semantic-release-bot
chore(release): 2.22.0 [skip ci]
786bb5b 
## [2.22.0](v2.21.16...v2.22.0) (2024-10-15)

### Features

* added support for truncating crypto-hashed values to a max length ([#207](#207)) ([54dae1e](54dae1e))

### Miscellaneous Chores

* **deps:** update all non-major dependencies ([#202](#202)) ([e5c3b47](e5c3b47))
* **deps:** update docker.io/library/postgres docker tag to v17 ([#206](#206)) ([a4fb8cb](a4fb8cb))
* **deps:** update dotnet monorepo ([#201](#201)) ([38971e1](38971e1))
@miracum-bot
Copy link

🎉 This PR is included in version 2.22.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@makampf makampf makampf approved these changes

Assignees

@chgl chgl

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chgl @miracum-bot @makampf