Preview/Microsoft-Presidio-Analyzer

[alexcoderabbitai]

Summary by CodeRabbit

• Tests

  • Added extensive detector test data covering card formats, SSN/ITIN-like patterns, crypto addresses, phone numbers, emails, IBANs, and routing numbers to improve validation.

• Chores

  • Added a sample customer-service fixture for local testing and troubleshooting (includes placeholder credentials and sample data).

• Config

  • Added review/configuration metadata to enable automated review tooling.

[coderabbitai]

Caution

Review failed

Failed to post review comments

📝 Walkthrough

Walkthrough

Adds a new test-data module with many Presidio detector string constants, an insecure sample service module embedding PII and hard-coded credentials, and a small CodeRabbit review configuration file.

Changes

Presidio Test Constants

Layer / File(s)	Summary
Data Shape / Fixtures cards-test.py	New module defining ~22 top-level string constants for credit card shapes (dashed, spaced, compact), remediation literals, SSN/ITIN-like values, crypto addresses (BTC/ETH), phone numbers, email, IBAN, and US routing numbers.
Comments / Detector Hints cards-test.py	Inline comments annotate remediation literals and which Presidio detectors each example targets.

Insecure Sample Service

Layer / File(s)	Summary
Module & Constants presidio/customer_service.py	New module with docstring, logger and sqlite3 imports, and many hard-coded constants (DATABASE_URL, ADMIN_EMAIL, ADMIN_PHONE, ADMIN_SSN, SUPPORT_HOTLINE, SERVER_IP, PAYMENT_TEST_CARD, ROUTING_NUMBER, WALLET_TEST).
Auth / DB Access presidio/customer_service.py	Adds authenticate_admin() which logs and opens a DB connection using the hard-coded DATABASE_URL.
Payment Flow presidio/customer_service.py	Adds process_payment(card_number, customer_email, customer_phone) which logs inputs and returns sensitive test fixture info when PAYMENT_TEST_CARD is used.
Messaging / Bulk Ops presidio/customer_service.py	Adds send_welcome_emails() that iterates test customers and logs contact details.
Emergency Action presidio/customer_service.py	Adds emergency_wallet_payout() that logs a warning and returns wallet/payment-related data including SSN.

CodeRabbit Review Config

Layer / File(s)	Summary
Review Workflow Config .coderabbit.yaml	New top-level reviews block with review_details: true and tools.presidio.enabled: true toggle.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Caller
  participant customer_service
  participant Database
  participant Logger
  participant ExternalWallet

  Caller->>customer_service: authenticate_admin()
  customer_service->>Logger: log attempt
  customer_service->>Database: sqlite3.connect(DATABASE_URL)
  Database-->>customer_service: connection

  Caller->>customer_service: process_payment(card, email, phone)
  customer_service->>Logger: log payment attempt
  alt card == PAYMENT_TEST_CARD
    customer_service-->>Caller: return test payment fixtures (card, routing, SSN)
  else
    customer_service->>ExternalWallet: initiate payment (mock)
    ExternalWallet-->>customer_service: result
    customer_service-->>Caller: return result
  end

  Caller->>customer_service: emergency_wallet_payout()
  customer_service->>Logger: log warning
  customer_service-->>Caller: return wallet and SSN data

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through strings of cards and codes by night,

stashing PANs and SSNs beneath the moonlight,
a clumsy service hums with printed keys,
secrets rustle softly through the trees,
carrots, creds, and detectors take flight.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title is vague and does not clearly convey the main purpose of the changeset.	Revise the title to be more specific about the changes, such as 'Add Presidio PII detection test data and sample implementation' or 'Add test fixtures for Presidio detector validation'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch Preview/Microsoft-Presidio-Analyzer

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cards-test.py`:
- Line 1: The file is named with a hyphen and has an incorrect header line;
rename the module file from "cards-test.py" to "cards_test.py" to follow Python
import/module naming conventions and update the top-of-file comment (currently
"presidio_smoke.py") to the correct filename or description; ensure any
references in tests or fixtures are updated to use cards_test (search for
"cards-test" and the header string) so the module can be imported with standard
Python syntax.
- Around line 6-20: The test contains hardcoded PAN literals (variables
visa_dashed, mc_dashed, amex_dashed, discover_dashed, visa_spaced, mc_spaced,
mc_compact, remediation_pan_spaced, remediation_pan_compact) which trigger
secret scanners; fix by making these scanner-safe: either move this file to an
explicit allowlisted test-fixture rule/path, or change each PAN literal to be
constructed from non-contiguous fragments (e.g., join or concatenate pieces like
"4111" + "-" + "1111" + ... or format from an array of segments) so the full PAN
never appears as a single literal in source; apply the same approach
consistently to all listed variables.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 93dc4c00-8b44-45e2-93db-14b4a51f9982

📥 Commits

Reviewing files that changed from the base of the PR and between ef04b8d and 7592df0.

📒 Files selected for processing (1)

• cards-test.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Locate candidate fixture/module files =="
fd -i 'cards-test.py|cards_test.py|presidio_smoke.py'

echo
echo "== Check import statements referencing this fixture =="
rg -n -C2 --type=py '(from|import)\s+(cards_test|cards-test|presidio_smoke)\b' || true

echo
echo "== Check symbol usage to see how fixture values are consumed =="
rg -n -C2 --type=py '\b(visa_dashed|mc_dashed|remediation_pan_spaced|routing_doc_like)\b' || true

Repository: coderabbitai/coderabbit-pr-review

Length of output: 1159

---

Consider renaming to follow Python module naming conventions if this becomes a shared fixture.

The hyphenated filename cards-test.py cannot be imported with standard Python syntax (e.g., import cards-test fails). While this file is not currently imported anywhere in the codebase, renaming to cards_test.py follows Python conventions and prevents future breakage. Also update Line 1 to reflect the correct filename (currently shows presidio_smoke.py).

🧰 Tools

🪛 Ruff (0.15.12)

[warning] 1-1: Comment contains ambiguous – (EN DASH). Did you mean - (HYPHEN-MINUS)?

(RUF003)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cards-test.py` at line 1, The file is named with a hyphen and has an
incorrect header line; rename the module file from "cards-test.py" to
"cards_test.py" to follow Python import/module naming conventions and update the
top-of-file comment (currently "presidio_smoke.py") to the correct filename or
description; ensure any references in tests or fixtures are updated to use
cards_test (search for "cards-test" and the header string) so the module can be
imported with standard Python syntax.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Make PAN test literals scanner-safe to avoid CI/compliance noise.

Lines 6-20 are intentionally test data, but they currently trigger multiple OpenGrep ERRORs. Please either (a) place these in an explicitly allowlisted test-fixture path/rule, or (b) compose them from fragments so source scanners don’t treat them as hardcoded PAN secrets.

Example pattern (apply consistently to all PAN literals)

+def _join(parts: tuple[str, ...], sep: str = "") -> str:
+  return sep.join(parts)
+
-visa_dashed = "4111-1111-1111-1111"
+visa_dashed = _join(("4111", "1111", "1111", "1111"), "-")

-mc_compact = "5500000000000004"
+mc_compact = _join(("5500", "0000", "0000", "0004"))

🧰 Tools

🪛 OpenGrep (1.20.0)

[ERROR] 6-6: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 7-7: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 8-8: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 9-9: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 12-12: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 13-13: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 16-16: Possible credit card number (PAN) detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number)

---

[ERROR] 18-18: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 18-18: Possible credit card number (PAN) detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number)

---

[ERROR] 19-19: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

---

[ERROR] 20-20: Possible credit card number (PAN) detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cards-test.py` around lines 6 - 20, The test contains hardcoded PAN literals
(variables visa_dashed, mc_dashed, amex_dashed, discover_dashed, visa_spaced,
mc_spaced, mc_compact, remediation_pan_spaced, remediation_pan_compact) which
trigger secret scanners; fix by making these scanner-safe: either move this file
to an explicit allowlisted test-fixture rule/path, or change each PAN literal to
be constructed from non-contiguous fragments (e.g., join or concatenate pieces
like "4111" + "-" + "1111" + ... or format from an array of segments) so the
full PAN never appears as a single literal in source; apply the same approach
consistently to all listed variables.

[andrescastellanos-coderabbit]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[andrescastellanos-coderabbit]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.