DLP-1479: added support for Context Awareness in DLP profiles

Signed-off-by: Matt Davis <mattdavis@cloudflare.com>
cloudflare · Feb 6, 2024 · 36682fd · 36682fd
1 parent 6cf3006
commit 36682fd
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 15 deletions.
diff --git a/.changelog/1497.txt b/.changelog/1497.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: add support for Context Awareness in DLP profiles
+```
diff --git a/dlp_profile.go b/dlp_profile.go
@@ -35,17 +35,30 @@ type DLPEntry struct {
 	UpdatedAt *time.Time  `json:"updated_at,omitempty"`
 }
 
+// Content types to exclude from context analysis and return all matches.
+type DLPContextAwarenessSkip struct {
+	// Return all matches, regardless of context analysis result, if the data is a file.
+	Files *bool `json:"files,omitempty"`
+}
+
+// Scan the context of predefined entries to only return matches surrounded by keywords.
+type DLPContextAwareness struct {
+	Enabled *bool                   `json:"enabled,omitempty"`
+	Skip    DLPContextAwarenessSkip `json:"skip"`
+}
+
 // DLPProfile represents a DLP Profile, which contains a set
 // of entries.
 type DLPProfile struct {
-	ID                string `json:"id,omitempty"`
-	Name              string `json:"name,omitempty"`
-	Type              string `json:"type,omitempty"`
-	Description       string `json:"description,omitempty"`
-	AllowedMatchCount int    `json:"allowed_match_count"`
+	ID                string              `json:"id,omitempty"`
+	Name              string              `json:"name,omitempty"`
+	Type              string              `json:"type,omitempty"`
+	Description       string              `json:"description,omitempty"`
+	AllowedMatchCount int                 `json:"allowed_match_count"`
+	ContextAwareness  DLPContextAwareness `json:"context_awareness,omitempty"`
 
 	// The following fields are omitted for predefined DLP
-	// profiles
+	// profiles.
 	Entries   []DLPEntry `json:"entries,omitempty"`
 	CreatedAt *time.Time `json:"created_at,omitempty"`
 	UpdatedAt *time.Time `json:"updated_at,omitempty"`

diff --git a/dlp_profile_test.go b/dlp_profile_test.go
@@ -45,7 +45,13 @@ func TestDLPProfiles(t *testing.T) {
 						}
 					],
 					"type": "predefined",
-					"allowed_match_count": 0
+					"allowed_match_count": 0,
+					"context_awareness": {
+						"enabled": true,
+						"skip": {
+							"files": true
+						}
+					}
 				},
 				{
 					"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
@@ -69,7 +75,13 @@ func TestDLPProfiles(t *testing.T) {
 					"updated_at": "2022-10-18T08:00:57Z",
 					"type": "custom",
 					"description": "just a custom profile example",
-					"allowed_match_count": 1
+					"allowed_match_count": 1,
+					"context_awareness": {
+						"enabled": false,
+						"skip": {
+							"files": false
+						}
+					}
 				}
 			]
 		}
@@ -86,6 +98,12 @@ func TestDLPProfiles(t *testing.T) {
 			Type:              "predefined",
 			Description:       "",
 			AllowedMatchCount: 0,
+			ContextAwareness: DLPContextAwareness{
+				Enabled: true,
+				Skip: DLPContextAwarenessSkip{
+					Files: true,
+				},
+			},
 			Entries: []DLPEntry{
 				{
 					ID:        "111b9d4b-a5c6-40f0-957d-9d53b25dd84a",
@@ -108,6 +126,12 @@ func TestDLPProfiles(t *testing.T) {
 			Type:              "custom",
 			Description:       "just a custom profile example",
 			AllowedMatchCount: 1,
+			ContextAwareness: DLPContextAwareness{
+				Enabled: false,
+				Skip: DLPContextAwarenessSkip{
+					Files: false,
+				},
+			},
 			Entries: []DLPEntry{
 				{
 					ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
@@ -167,7 +191,13 @@ func TestGetDLPProfile(t *testing.T) {
 				"updated_at": "2022-10-18T08:00:57Z",
 				"type": "custom",
 				"description": "just a custom profile example",
-				"allowed_match_count": 42
+				"allowed_match_count": 42,
+				"context_awareness": {
+					"enabled": false,
+					"skip": {
+						"files": false
+					}
+				}
 			}
 		}`)
 	}
@@ -181,6 +211,12 @@ func TestGetDLPProfile(t *testing.T) {
 		Type:              "custom",
 		Description:       "just a custom profile example",
 		AllowedMatchCount: 42,
+		ContextAwareness: DLPContextAwareness{
+			Enabled: false,
+			Skip: DLPContextAwarenessSkip{
+				Files: false,
+			},
+		},
 		Entries: []DLPEntry{
 			{
 				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
@@ -533,16 +569,29 @@ func TestUpdateDLPPredefinedProfile(t *testing.T) {
 				],
 				"type": "predefined",
 				"description": "example predefined profile",
-				"allowed_match_count": 0
+				"allowed_match_count": 0,
+				"context_awareness": {
+					"enabled": true,
+					"skip": {
+						"files": true
+					}
+				}
 			}
 		}`)
 	}
 
 	want := DLPProfile{
-		ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Name:        "Example predefined profile",
-		Type:        "predefined",
-		Description: "example predefined profile",
+		ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Name:              "Example predefined profile",
+		Type:              "predefined",
+		Description:       "example predefined profile",
+		AllowedMatchCount: 0,
+		ContextAwareness: DLPContextAwareness{
+			Enabled: true,
+			Skip: DLPContextAwarenessSkip{
+				Files: true,
+			},
+		},
 		Entries: []DLPEntry{
 			{
 				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
@@ -552,7 +601,6 @@ func TestUpdateDLPPredefinedProfile(t *testing.T) {
 				Enabled:   BoolPtr(true),
 			},
 		},
-		AllowedMatchCount: 0,
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/predefined/29678c26-a191-428d-9f63-6e20a4a636a4", handler)