From 7592df045500ff31448430109f87fcd925c6c613 Mon Sep 17 00:00:00 2001 From: alex Date: Wed, 6 May 2026 10:21:54 -0400 Subject: [PATCH 1/3] Preview/Microsoft-Presidio-Analyzer --- cards-test.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 cards-test.py diff --git a/cards-test.py b/cards-test.py new file mode 100644 index 0000000..07bc69b --- /dev/null +++ b/cards-test.py @@ -0,0 +1,46 @@ +# presidio_smoke.py — noisy samples to exercise Microsoft Presidio–style detectors. +# Default CodeRabbit Presidio pass: CREDIT_CARD, US_SSN, CRYPTO, PHONE_NUMBER only. + +# --- Credit cards (CREDIT_CARD): common test PAN shapes --- +# Dashed +visa_dashed = "4111-1111-1111-1111" +mc_dashed = "5500-0000-0000-0004" +amex_dashed = "3400-000000-00009" +discover_dashed = "6011-0000-0000-0004" + +# Spaced +visa_spaced = "4111 1111 1111 1111" +mc_spaced = "5500 0000 0000 0004" + +# Same digits, compact (extra shape) +mc_compact = "5500000000000004" + +# Remediation example PAN (dashed + spaced + compact — filter hits only exact `4242 4242 4242 4242` / `4242424242424242` at Presidio column) +remediation_pan_spaced = "4242 4242 4242 4242" +remediation_pan_compact = "4242424242424242" + +# --- US SSN / ITIN-shaped (US_SSN / sometimes ITIN recognizers) --- +ssn_like = "078-05-1120" +ssn_invalid_example = "000-00-0000" # exact remediation literal (skipped only if entity+col match) +itin_like = "900-70-0000" # exact remediation literal for US_ITIN when that entity is enabled +odd_dashed_15 = "856-45-6790" # short dashed number — may or may not fire; kept from your file + +# --- Crypto (CRYPTO) --- +btc_testnet = "tb1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4" # exact remediation literal +eth_zero = "0x0000000000000000000000000000000000000000" # exact remediation literal +eth_nonzero = "0x742d35Cc6634C0532925a3b844Bc9e7595f213b" # extra shape + +# --- Phone (PHONE_NUMBER) --- +phone_fictional = "+1-555-0100" # exact remediation literal +phone_fictional_template = "555-01XX" # exact remediation literal (unusual in real code) +phone_plain = "5550100199" + +# --- Email (EMAIL_ADDRESS) — only if entity enabled in Presidio config --- +email_example = "user@example.com" # exact remediation literal + +# --- IBAN (IBAN_CODE) — only if entity enabled --- +iban_example = "DE89370400440532013000" # exact remediation literal + +# --- US bank routing (US_BANK_NUMBER) — only if entity enabled --- +routing_nines = "000000000" # exact remediation literal +routing_doc_like = "021000021" # realistic-shaped 9 digits; may fire if recognizer exists \ No newline at end of file From b60b1bc8c008bcfca400ae1d98b6b5ffb5c79793 Mon Sep 17 00:00:00 2001 From: andrescastellanos-coderabbit Date: Wed, 6 May 2026 12:42:59 -0400 Subject: [PATCH 2/3] Preview/Microsoft-Presidio-Analyzer --- .coderabbit.yaml | 9 ++++++ presidio/customer_service.py | 55 ++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .coderabbit.yaml create mode 100644 presidio/customer_service.py diff --git a/.coderabbit.yaml b/.coderabbit.yaml new file mode 100644 index 0000000..3ce053c --- /dev/null +++ b/.coderabbit.yaml @@ -0,0 +1,9 @@ +reviews: + review_details: true + tools: + presidio: + enabled: true + opengrep: + enabled: false + ruff: + enabled: false diff --git a/presidio/customer_service.py b/presidio/customer_service.py new file mode 100644 index 0000000..359e826 --- /dev/null +++ b/presidio/customer_service.py @@ -0,0 +1,55 @@ +"""Customer-service handler — sample with PII embedded in security antipatterns. + +Each PII value is placed on a line that is independently security-relevant +(hardcoded credential, logged PII, hardcoded test fixture in production code) +to maximize the chance the LLM reviewer will comment on the same line and +trigger the inline tool-tag render path despite the upstream render-suppression +bug in successful tool runs. +""" + +import logging +import sqlite3 + +logger = logging.getLogger(__name__) + +DATABASE_URL = "postgres://admin:Sup3rS3cret123@db.internal.example.com:5432/users" +ADMIN_EMAIL = "alice.thompson@demoapp.example.com" +ADMIN_PHONE = "+1-555-0100" +ADMIN_SSN = "000-00-0000" +SUPPORT_HOTLINE = "555-0100" +SERVER_IP = "192.168.1.100" +PAYMENT_TEST_CARD = "4111-1111-1111-1111" +ROUTING_NUMBER = "021000021" +WALLET_TEST = "tb1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4" + + +def authenticate_admin(): + logger.info("Authenticating admin %s from %s", ADMIN_EMAIL, SERVER_IP) + conn = sqlite3.connect(DATABASE_URL) + return conn + + +def process_payment(card_number, customer_email, customer_phone): + logger.info( + "Payment attempt: card=%s email=%s phone=%s", + card_number, + customer_email, + customer_phone, + ) + if card_number == PAYMENT_TEST_CARD: + return {"status": "test", "ssn": ADMIN_SSN, "routing": ROUTING_NUMBER} + return {"status": "approved"} + + +def send_welcome_emails(): + test_customers = [ + {"name": "Bob Smith", "email": "bob.smith@example.com", "phone": "555-0100"}, + {"name": "Carol Jones", "email": "carol.jones@example.com", "phone": "555-0101"}, + ] + for c in test_customers: + logger.info("Welcome %s, contact %s / %s", c["name"], c["email"], c["phone"]) + + +def emergency_wallet_payout(): + logger.warning("Emergency payout to wallet %s for admin %s", WALLET_TEST, ADMIN_EMAIL) + return {"wallet": WALLET_TEST, "approver": ADMIN_EMAIL, "ssn": ADMIN_SSN} From b01ded5be4ac610262f450824cd86e974e65cee2 Mon Sep 17 00:00:00 2001 From: andrescastellanos-coderabbit Date: Wed, 6 May 2026 13:15:11 -0400 Subject: [PATCH 3/3] Trigger --- .coderabbit.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.coderabbit.yaml b/.coderabbit.yaml index 3ce053c..75e167c 100644 --- a/.coderabbit.yaml +++ b/.coderabbit.yaml @@ -3,7 +3,3 @@ reviews: tools: presidio: enabled: true - opengrep: - enabled: false - ruff: - enabled: false