From 94de36dc5b81c883f2794dc0c423d83e787a1607 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Wed, 10 Jan 2024 09:22:14 -0500 Subject: [PATCH] build: Fix `make test-all` by implementing pii_check (#527) Copied code from cookiecutter-django-app. --- .annotation_safe_list.yml | 41 +++++++++++++++++++++++++++++++++++++++ .gitignore | 1 + .pii_annotations.yml | 35 +++++++++++++++++++++++++++++++++ tox.ini | 8 ++++++++ 4 files changed, 85 insertions(+) create mode 100644 .annotation_safe_list.yml create mode 100644 .pii_annotations.yml diff --git a/.annotation_safe_list.yml b/.annotation_safe_list.yml new file mode 100644 index 0000000..62eaaa7 --- /dev/null +++ b/.annotation_safe_list.yml @@ -0,0 +1,41 @@ +# This is a Code Annotations automatically-generated Django model safelist file. +# These models must be annotated as follows in order to be counted in the coverage report. +# See https://code-annotations.readthedocs.io/en/latest/safelist.html for more information. +# +# fake_app_1.FakeModelName: +# ".. no_pii:": "This model has no PII" +# fake_app_2.FakeModel2: +# ".. choice_annotation:": foo, bar, baz + +admin.LogEntry: + ".. no_pii:": "This model has no PII" +auth.Group: + ".. no_pii:": "This model has no PII" +auth.Permission: + ".. no_pii:": "This model has no PII" +auth.User: + ".. pii": "This model minimally contains a username, password, and email" + ".. pii_types": "username, email_address, password" + ".. pii_retirement": "consumer_api" +contenttypes.ContentType: + ".. no_pii:": "This model has no PII" +sessions.Session: + ".. no_pii:": "This model has no PII" +social_django.Association: + ".. no_pii:": "This model has no PII" +social_django.Code: + ".. pii:": "Email address" + ".. pii_types:": other + ".. pii_retirement:": local_api +social_django.Nonce: + ".. no_pii:": "This model has no PII" +social_django.Partial: + ".. no_pii:": "This model has no PII" +social_django.UserSocialAuth: + ".. no_pii:": "This model has no PII" +waffle.Flag: + ".. no_pii:": "This model has no PII" +waffle.Sample: + ".. no_pii:": "This model has no PII" +waffle.Switch: + ".. no_pii:": "This model has no PII" diff --git a/.gitignore b/.gitignore index a088fa4..93e7105 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ build/ **/private.py .coverage dist/ +/pii_report/*.yaml diff --git a/.pii_annotations.yml b/.pii_annotations.yml new file mode 100644 index 0000000..7da8f3c --- /dev/null +++ b/.pii_annotations.yml @@ -0,0 +1,35 @@ +source_path: ./ +report_path: pii_report +safelist_path: .annotation_safe_list.yml +coverage_target: 100.0 +annotations: + ".. no_pii:": + "pii_group": + - ".. pii:": + - ".. pii_types:": + choices: + - id # Unique identifier for the user which is shared across systems + - name # Used for any part of the user's name + - username + - password + - location # Used for any part of any type address or country stored + - phone_number # Used for phone or fax numbers + - email_address + - birth_date # Used for any part of a stored birth date + - ip # IP address + - external_service # Used for external service ids or links such as social media links or usernames, website links, etc. + - biography # Any type of free-form biography field + - gender + - sex + - image + - video + - other + - ".. pii_retirement:": + choices: + - retained # Intentionally kept for legal reasons + - local_api # An API exists in this repository for retiring this information + - consumer_api # The data's consumer must implement an API for retiring this information + - third_party # A third party API exists to retire this data +extensions: + python: + - py diff --git a/tox.ini b/tox.ini index 4cfdabb..b418095 100644 --- a/tox.ini +++ b/tox.ini @@ -73,6 +73,14 @@ commands = isort --check-only --diff edx_arch_experiments manage.py setup.py test_settings.py make selfcheck +[testenv:pii_check] +setenv = + DJANGO_SETTINGS_MODULE = test_settings +deps = + -r{toxinidir}/requirements/test.txt +commands = + code_annotations django_find_annotations --config_file .pii_annotations.yml --lint --report --coverage + [testenv:scripts] setenv = DJANGO_SETTINGS_MODULE = edx_arch_experiments.settings.scripts