Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BFD-3666: removing SAMHSA sensitive information based on security tags in the response #2530

Merged
merged 12 commits into from
Feb 6, 2025
Merged

BFD-3666: removing SAMHSA sensitive information based on security tags in the response #2530

merged 12 commits into from
Feb 6, 2025

Conversation

MahiFentaye
Copy link
Contributor

@MahiFentaye MahiFentaye commented Jan 24, 2025
edited
Loading

JIRA Ticket:
BFD-3666

What Does This PR Do?

We’re using ConsentInterceptor to filter SAMHSA-related sensitive information based on security tags in the response. Both v1 and v2 SAMHSA consent interceptors scan every response and scrub resources that contain the 42CFRPart2 security tag. If these tags are detected, the interceptor will redact sensitive data from the response. Additionally, registering the ConsentInterceptor removes the total field from the response by default.

This feature is disabled by default and will be applied to responses once the SSM_PATH_SAMHSA_V2_ENABLED flag is enabled

What Should Reviewers Watch For?

If you're reviewing this PR, please check for these things in particular:

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

  • Adds any new software dependencies

  • Modifies any security controls

  • Adds new transmission or storage of data

  • Any other changes that could possibly affect security?

  • I have considered the above security implications as it relates to this PR. (If one or more of the above apply, it cannot be merged without the ISSO or team security engineer's (@sb-benohe) approval.)

Validation

Have you fully verified and tested these changes? Is the acceptance criteria met? Please provide reproducible testing instructions, code snippets, or screenshots as applicable.

Tested Claim, ClaimResponse and Eob v1 and v2 endpoints with both excludeSAMHSA true and false

@MahiFentaye
Create SAMHSAConsentInterceptor.java
5b27a7c 
BFD-3666 SAMHSAConsentInterceptor
@MahiFentaye
BFD-3666 SAMHSAConsentInterceptor functions
d4bd0cc 
BFD-3666  SAMHSAConsentInterceptor functions
@MahiFentaye
BFD-3666 SAMHSA 2.0 v1 and v2 ConsentInterceptor functions
55b2038 
BFD-3666  SAMHSA 2.0 v1 and v2 ConsentInterceptor functions
@MahiFentaye
BFD-6666 getting the booleanValue of the future flag using springCont…
22a9a70 
…ext bean

BFD-6666 getting the booleanValue of the future flag using springContext bean
@MahiFentaye
BFD-6666 redacting sensitive data based on security tags
c579a25 
BFD-6666 redacting sensitive data based on security tags
@MahiFentaye
BFD-3666 fixing testes, removing total from the tests
e56cc12 
BFD-3666 fixing testes, removing total from the tests because the interceptor will remove it
@MahiFentaye MahiFentaye changed the title Create SAMHSAConsentInterceptor.java BFD-3666: SAMHSA sensitive information based on security tags in the response Feb 4, 2025
@MahiFentaye MahiFentaye changed the title BFD-3666: SAMHSA sensitive information based on security tags in the response BFD-3666: removing SAMHSA sensitive information based on security tags in the response Feb 4, 2025
@MahiFentaye MahiFentaye marked this pull request as ready for review February 4, 2025 20:19
@MahiFentaye MahiFentaye force-pushed the BFD-3666 branch 2 times, most recently from 507c852 to 5b9d4cf Compare February 5, 2025 14:35
@MahiFentaye MahiFentaye force-pushed the BFD-3666 branch 2 times, most recently from 3805918 to c61cb67 Compare February 5, 2025 18:24
@MahiFentaye
BFD-3666
968657e 
BFD-3666 stringutil method to get a boolean value
include  the certificate check
@MahiFentaye
BFD-3666
19e7ab7 
BFD-3666 some refactor
@MahiFentaye @aschey-forpeople
Update apps/bfd-server/bfd-server-war/src/main/java/gov/cms/bfd/serve…
ca12dbb 
…r/war/V2SamhsaConsentInterceptor.java

Update StringUtils.java

BFD-3666 simpler method

Update apps/bfd-server/bfd-server-war/src/main/java/gov/cms/bfd/server/war/V1SamhsaConsentInterceptor.java

Co-Authored-By: aschey-forpeople <[email protected]>
@MahiFentaye MahiFentaye merged commit 6ab85fc into feature/samhsa2.0 Feb 6, 2025
7 checks passed
@MahiFentaye MahiFentaye deleted the BFD-3666 branch February 6, 2025 21:29
dondevun pushed a commit that referenced this pull request Feb 18, 2025
@MahiFentaye @aschey-forpeople @dondevun
BFD-3666: removing SAMHSA sensitive information based on security tag…
e4e6240 
…s in the response (#2530)

Co-authored-by: aschey-forpeople <[email protected]>
aschey-forpeople added a commit that referenced this pull request Mar 4, 2025
@MahiFentaye @aschey-forpeople
BFD-3666: removing SAMHSA sensitive information based on security tag…
8c6b23a 
…s in the response (#2530)

Co-authored-by: aschey-forpeople <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dondevun dondevun dondevun approved these changes

@aschey-forpeople aschey-forpeople aschey-forpeople approved these changes

@mjburling mjburling Awaiting requested review from mjburling

@malessi malessi Awaiting requested review from malessi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MahiFentaye @dondevun @aschey-forpeople