Privado
  • Privado
  • Getting Started With Privado
    • Quick Start
    • Running a Scan
    • Understanding Results
    • Command Reference
    • Understanding privado.json
      • Sources
      • Processing
      • Data Flow
      • Collections
      • Violations
  • Understanding Rules
    • What are Rules?
    • Sources
    • Sinks
      • Understanding Sinks
      • Storages
      • Third Parties
      • Leakages
      • Internal APIs
    • Collections
    • Policies
  • Tutorials
    • How to scan a repository using Privado
  • Customizing Privado
    • Add a new Source
    • Add a new Leakage Sink
    • Add a new Storage Sink
    • Add a new Third Party Sink
    • Add a new Policy
  • ROPA Report
    • Generating ROPA Report
  • Play Store Data Safety Report
    • Generate Play Store Data Safety Report
    • Uploading results to Play Store
  • Extra
    • Configurations
    • Contributing through GitHub
  • About Privado
    • LICENSING
    • Privacy Policy
    • Security
Powered by GitBook
On this page
Edit on GitHub
  1. Customizing Privado

Add a new Third Party Sink

PreviousAdd a new Storage SinkNextAdd a new Policy

Last updated 2 years ago

Applications are built by assembling third party libraries. Privado helps you track data flows to third parties. You can review existing rules for third party sinks at

List of fields for defining a third party sink:

Field
Description

id

It is unique identifier for the third party sink. It has format ThirdParties.SDK. + Vendor Name ( without spaces and special characters )

name

It is name of the third party

patterns

It is an array of regex patterns for the third party sink. This regex will be used to search method names and to further check if data elements are going to the identified methods. Matching methods with data flows will be tagged for this third party sink. Example: Mark specific method from a known class class name: com.privado.MySinkClass method name: mySinkMethod() pattern: com.privado.MySinkClass.mySinkMethod Example: Mark all methods from a known class class name: com.privado.MySinkClass method one: mySinkMethod1() method two: mySinkMethod2() pattern: com.privado.MySinkClass.* Example: Mark a specific method across the classes class name: com.privado.MySinkClass method one: mySinkMethod() class name: com.privado.MySinkClass2 method one: mySinkMethod() pattern: .*mySinkMethod

tags

It’s an object of key-value pairs. This is useful to group and filter third party sinks. Example: you can tag applicable laws for the third party sinks. tags: laws: GDPR, HIPAA

High level key is sinks which is an array of storages. Once the third party sink object is defined, we can add it to the array of sinks.

For a new vendor, you can create sub-directory with the vendor name under directory . You can create a language specific file - java.yaml and add the third party sink definition to it.

Once the new third party sink is added, Privado will detect and track data flows to this third party sink.

rules/sinks/third_parties
rules/sinks/third_parties/sdk