Skip to content

Default to encrypted IP regex handling, add explicit trusted-server plaintext override#248

Closed
Copilot wants to merge 2 commits into
mainfrom
copilot/always-use-encryption-for-ips
Closed

Default to encrypted IP regex handling, add explicit trusted-server plaintext override#248
Copilot wants to merge 2 commits into
mainfrom
copilot/always-use-encryption-for-ips

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 27, 2026
edited
Loading

The issue called for package defaults that maximize security for IP-related handling, while still allowing trusted processing servers to skip encryption for performance. This change makes encrypted regex handling the default and introduces an explicit opt-out path for trusted environments.

  • Behavior change: secure default for IP regex loading

    • ExtractionHeuristicPreValidator now resolves Drogon IP regex via a helper that:
      • defaults to encrypted/decrypted regex (S3_LOG_EXTRACTION_ENCRYPT_IP_REGEX default: enabled),
      • supports explicit plaintext override only when encryption is disabled.

  • Trusted-server override path

    • Added plaintext-mode contract:
      • S3_LOG_EXTRACTION_ENCRYPT_IP_REGEX=false
      • S3_LOG_EXTRACTION_DROGON_IP_REGEX=<plaintext regex>
    • If plaintext mode is enabled without a provided regex, initialization raises a clear EnvironmentError.

  • Focused coverage + docs alignment

    • Added targeted tests for:
      • default encrypted mode,
      • plaintext override mode,
      • required env var enforcement in plaintext mode.
    • Updated README environment-variable docs to reflect default-secure behavior and trusted-server opt-out configuration.
# default (secure): encrypted regex path
export S3_LOG_EXTRACTION_PASSWORD="your_encryption_password"

# trusted server opt-out
export S3_LOG_EXTRACTION_ENCRYPT_IP_REGEX="false"
export S3_LOG_EXTRACTION_DROGON_IP_REGEX="<plaintext regex>"

Copilot AI linked an issue May 27, 2026 that may be closed by this pull request
Always use encryption when dealing with IPs #241
Closed
Copilot AI changed the title [WIP] Update package to enforce encryption for IP handling Default to encrypted IP regex handling, add explicit trusted-server plaintext override May 27, 2026
Copilot AI requested a review from CodyCBakerPhD May 27, 2026 18:58
@CodyCBakerPhD CodyCBakerPhD marked this pull request as ready for review May 27, 2026 19:00
@codecov
Copy link
Copy Markdown

codecov Bot commented May 27, 2026

Codecov Report

❌ Patch coverage is 18.18182% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.42%. Comparing base (5130621) to head (ab38345).
⚠️ Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
...on/validate/_extraction_heuristic_pre_validator.py 18.18% 9 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #248      +/-   ##
==========================================
- Coverage   73.43%   71.42%   -2.01%     
==========================================
  Files          41       40       -1     
  Lines        1547     1512      -35     
==========================================
- Hits         1136     1080      -56     
- Misses        411      432      +21
Flag Coverage Δ
unittests 71.42% <18.18%> (-2.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...on/validate/_extraction_heuristic_pre_validator.py 36.11% <18.18%> (-6.20%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@CodyCBakerPhD
Copy link
Copy Markdown
Collaborator

CodyCBakerPhD commented May 27, 2026

Accidentally set this one to use GPT mini lol XD

@CodyCBakerPhD CodyCBakerPhD deleted the copilot/always-use-encryption-for-ips branch May 27, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CodyCBakerPhD CodyCBakerPhD Awaiting requested review from CodyCBakerPhD

Assignees

@CodyCBakerPhD CodyCBakerPhD

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Always use encryption when dealing with IPs

2 participants

@CodyCBakerPhD