stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/contracts/redaction-defaults-decision.md
StellaOps Bot e53a282fbe
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
feat: Add native binary analyzer test utilities and implement SM2 signing tests 
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions.
- Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation.
- Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks.
- Developed console export service and store with comprehensive unit tests for export status management.
2025-12-07 13:12:41 +02:00

1.6 KiB
Raw Permalink Blame History

Redaction Defaults Decision

Decision ID: DECISION-SECURITY-001 Status: DEFAULT-APPROVED Effective Date: 2025-12-06 48h Window Started: 2025-12-06T00:00:00Z

Decision

Notification and export pipelines use restrictive redaction defaults that redact PII, secrets, and cryptographic keys.

Rationale

  1. Security-first approach minimizes data exposure risk
  2. Users can opt-in to less restrictive settings via configuration
  3. Aligns with GDPR and data minimization principles
  4. Consistent with existing Evidence Locker redaction patterns

Default Redaction Rules

Always Redacted (HIGH)

  • Private keys (RSA, ECDSA, Ed25519)
  • API keys and tokens
  • Passwords and secrets
  • Database connection strings
  • JWT tokens

Redacted by Default (MEDIUM) - Opt-out available

  • Email addresses
  • IP addresses (external)
  • File paths containing usernames
  • Environment variable values (not names)

Not Redacted (LOW)

  • Package names and versions
  • CVE identifiers
  • Severity scores
  • Public key fingerprints

Configuration

# etc/notify.yaml
redaction:
  level: restrictive  # Options: permissive, standard, restrictive
  custom_patterns:
    - pattern: "INTERNAL_.*"
      action: redact

Impact

  • Tasks unblocked: ~5
  • Sprint files affected: SPRINT_0170, SPRINT_0171

Reversibility

To change redaction defaults:

  1. Update docs/security/redaction-and-privacy.md
  2. Get Security Guild sign-off
  3. Update configuration schemas
  4. Ensure backward compatibility

References