Privado
  • Privado
  • Getting Started With Privado
    • Quick Start
    • Running a Scan
    • Understanding Results
    • Command Reference
    • Understanding privado.json
      • Sources
      • Processing
      • Data Flow
      • Collections
      • Violations
  • Understanding Rules
    • What are Rules?
    • Sources
    • Sinks
      • Understanding Sinks
      • Storages
      • Third Parties
      • Leakages
      • Internal APIs
    • Collections
    • Policies
  • Tutorials
    • How to scan a repository using Privado
  • Customizing Privado
    • Add a new Source
    • Add a new Leakage Sink
    • Add a new Storage Sink
    • Add a new Third Party Sink
    • Add a new Policy
  • ROPA Report
    • Generating ROPA Report
  • Play Store Data Safety Report
    • Generate Play Store Data Safety Report
    • Uploading results to Play Store
  • Extra
    • Configurations
    • Contributing through GitHub
  • About Privado
    • LICENSING
    • Privacy Policy
    • Security
Powered by GitBook
On this page
  • Rule Structure
  • Organization
Edit on GitHub
  1. Understanding Rules

What are Rules?

PreviousViolationsNextSources

Last updated 2 years ago

Privado has rules to answer contextual questions related to personal data. The journey of tracking data starts from "sources". Sources are where data dictionary is defined. Privado identifies the variables, classes and structures matching sources and tracks the flows to third parties, databases and leakages which are called as "sinks". Threats are code or configuration implementation which have direct impact on data security and privacy. Policies allow you to enforce compliance and data governance rules. The rules present a single common language which embed the knowledge of a privacy and data researcher about sources, sinks, data policies, threats to drive the code analysis engine

Rule Structure

All Privado rules are defined in YAML format and generally have the following structure:

The structure of a rule varies a bit based on the types of rules that are defined. For example,

  1. Source rules contains isSensitive as well as sensitivity keys so that, based on the values set, the source data is tagged appropriately

  2. Policy rules contain description that is needed for the issue that gets created when policy is violated. They also contain dataflow as well as repositories on which the policy will be applied.

Organization

Rules directory structure:

|__rules
   |__sources
   |  |__contact_data.yaml
   |  |__account_data.yaml
   |  |__personal_identification.yaml
   |  |__ ...
   |__sinks
   |  |__storages
   |  |  |__mongodb
   |  |     |__java.yaml
   |  |     |__python.yaml
   |  |     |__cpp.yaml
   |  |     |__default.yaml
   |  |  |__mysql
   |  |     |__java.yaml
   |  |     |__python.yaml
   |  |     |__cpp.yaml
   |  |  |__ ...
   |  |__leakages
   |  |  |__logs
   |  |     |__java.yaml
   |  |     |__python.yaml
   |  |     |__cpp.yaml
   |  |__third_parties
   |  |  |__api
   |  |        |_java.yaml
   |  |        |__python.yaml
   |  |        |__cpp.yaml
   |  |        |__default.yaml
   |  |  |__sdk
   |  |     |__slack
   |  |        |__java.yaml
   |  |        |__python.yaml
   |  |        |__cpp.yaml 
   |  |     |__jira
   |  |        |__java.yaml
   |  |        |__python.yaml
   |  |        |__cpp.yaml
   |  |        |__default.yaml
   |__collections
   |  |__annotations
   |  |  |__java.yaml
   |  |  |__python.yaml
   |  |  |__default.yaml
   |__threats
   |  |__collection.yaml
   |  |__configuration.yaml
   |  |__leakage.yaml
   |  |__sharing.yaml
   |  |__storage.yaml
   |__policies
   |  |__restrict_data_elements.yaml
   |  |__allow_data_elements.yaml
   |  |__ai_governance.yaml

To learn more about rules, you can review the directory on Github

Rules are organized in the privado repository under directory. The structure provides a logical way of how rules can be arranged. If you come up with some cool rules, this is where you can drop them in. You may also consider them upstream

rules
🤝
privado/rules
contributing