Add a new Leakage Sink
Leakage sinks are the places where personal data should not go in the plain text format. Privado currently supports log sinks. There may be a use case for adding support for file types, sockets, IO streams, caches, etc. You can review existing leakage sinks under rules/sinks/leakages
List of fields for defining a leakage:
id
It is unique identifier for the data leakage. It has format “Leakages“ + leakage type name ( without spaces and special characters ) Example: For file system, you will have “Leakages.FileSystem”
name
It is name of the data leakage. Example: File System
patterns
It is an array of regex patterns for the data leakage. This regex will be used to search method names and to further check if data elements are going to the identified methods. Matching methods with data flows will be tagged for this data leakage.
Example: Mark specific method from a known class
class name: com.privado.MySinkClass
method name: mySinkMethod()
pattern: com.privado.MySinkClass.mySinkMethod
Example: Mark all methods from a known class
class name: com.privado.MySinkClass
method one: mySinkMethod1()
method two: mySinkMethod2()
pattern: com.privado.MySinkClass.*
Example: Mark a specific method across the classes
class name: com.privado.MySinkClass
method one: mySinkMethod()
class name: com.privado.MySinkClass2
method one: mySinkMethod()
pattern: .*mySinkMethod
tags
It’s an object of key-value pairs. This is useful to group and filter data leakages.
Example: you can tag applicable laws for the data leakages.
tags:
laws: GDPR, HIPAA
High level key is sinks which is an array of leakages. Once the leakage object is defined, we can add it to the array of sinks.
For a new type of leakage, you can create a new file with the leakage name ( all small case, replace space with _ ) in directory rules/sinks/leakages and add the details to it.
Once the new leakage is added, Privado will detect and track data flows to this leakage sinks.
Last updated