Skip to content

Add configurable DLP controls with optional Presidio endpoint support #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zarg-dev wants to merge 20 commits into
base: Development
Choose a base branch
from
Open

Add configurable DLP controls with optional Presidio endpoint support #917

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
17e2568
feat: add configurable dlp control plane
zarg-dev Jun 10, 2026
0f7e17b
fix: adapt dlp control plane to current development
zarg-dev Jun 18, 2026
ec38c96
fix: close dlp egress bypasses
zarg-dev Jun 18, 2026
62550e2
docs: align dlp mvp version metadata
zarg-dev Jun 18, 2026
9092b04
fix: keep dlp mvp regex only
zarg-dev Jun 18, 2026
34a776b
fix: use app logging for dlp document events
zarg-dev Jun 18, 2026
a03c9ee
feat: add presidio endpoint dlp engine
zarg-dev Jun 10, 2026
7fca8a1
fix: suppress presidio endpoint exception chains
zarg-dev Jun 10, 2026
6863881
feat: persist presidio endpoint dlp settings
zarg-dev Jun 11, 2026
8f4803d
feat: expose presidio endpoint dlp controls
zarg-dev Jun 11, 2026
b873866
docs: document external presidio dlp deployment
zarg-dev Jun 11, 2026
e88baa2
docs: release note presidio endpoint dlp
zarg-dev Jun 11, 2026
ab303bc
fix: adapt presidio endpoint dlp to current development
zarg-dev Jun 18, 2026
5a26778
fix: harden presidio endpoint configuration
zarg-dev Jun 18, 2026
5530a96
fix: reject credential-like presidio endpoint query params
zarg-dev Jun 18, 2026
48ba419
fix: harden presidio endpoint safety checks
zarg-dev Jun 18, 2026
e47a78b
fix: prevent presidio endpoint dns rebinding
zarg-dev Jun 18, 2026
0b1d29a
docs: align presidio dlp version headers
zarg-dev Jun 18, 2026
02360d6
fix: require auth for nonlocal presidio endpoints
zarg-dev Jun 18, 2026
6258690
test: add presidio functional test runners
zarg-dev Jun 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion application/single_app/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@
EXECUTOR_TYPE = 'thread'
EXECUTOR_MAX_WORKERS = 30
SESSION_TYPE = 'filesystem'
VERSION = "0.242.072"
VERSION = "0.242.075"

SESSION_COOKIE_SAMESITE = os.getenv('SESSION_COOKIE_SAMESITE', 'Lax')
SESSION_COOKIE_HTTPONLY = os.getenv('SESSION_COOKIE_HTTPONLY', 'true').lower() != 'false'
Expand Down
36 changes: 29 additions & 7 deletions application/single_app/functions_authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,14 @@

import base64
import json
import re

from config import *
from functions_appinsights import log_event
try:
from functions_appinsights import log_event
except Exception:
def log_event(message, extra=None, level=None, exceptionTraceback=False):
return None
Comment on lines +8 to +12

@Bionic711 Bionic711 Jun 19, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was there an issue trying to import log_event? Why wrap it in the try block?

from functions_settings import *
from functions_debug import debug_print

Expand Down Expand Up @@ -331,7 +336,23 @@ def get_valid_access_token_for_plugins(scopes=None):
"error_code": error_code,
"error_description": error_desc
}



def _sanitize_video_indexer_auth_log_value(value):
text = str(value)
text = re.sub(
r'([?&]accessToken=)[^&\s\'"<>]+',
r'\1[REDACTED]',
text,
flags=re.IGNORECASE,
)
return re.sub(
r'([\'"]?accessToken[\'"]?\s*[:=]\s*[\'"]?)[^,\'"\s}&]+',
r'\1[REDACTED]',
text,
flags=re.IGNORECASE,
)

def get_video_indexer_account_token(settings, video_id=None):
"""
Get Video Indexer access token using managed identity authentication.
Expand Down Expand Up @@ -435,28 +456,29 @@ def get_video_indexer_managed_identity_token(settings, video_id=None):
debug_print(f"[VIDEO INDEXER AUTH] ARM API response status: {resp.status_code}")

if resp.status_code != 200:
debug_print(f"[VIDEO INDEXER AUTH] ARM API response text: {resp.text}")
debug_print(f"[VIDEO INDEXER AUTH] ARM API response text: {_sanitize_video_indexer_auth_log_value(resp.text)}")

resp.raise_for_status()
response_data = resp.json()
debug_print(f"[VIDEO INDEXER AUTH] ARM API response keys: {list(response_data.keys())}")

ai = response_data.get("accessToken")
if not ai:
debug_print(f"[VIDEO INDEXER AUTH] ERROR: No accessToken in response: {response_data}")
debug_print(f"[VIDEO INDEXER AUTH] ERROR: No accessToken in response; response keys: {list(response_data.keys())}")
raise ValueError("No accessToken found in ARM API response")

debug_print(f"[VIDEO INDEXER AUTH] Account token acquired successfully (length: {len(ai)})")
debug_print(f"[VIDEO] Account token acquired (len={len(ai)})", flush=True)
return ai
except requests.exceptions.RequestException as e:
debug_print(f"[VIDEO INDEXER AUTH] ERROR in ARM API request: {str(e)}")
sanitized_error = _sanitize_video_indexer_auth_log_value(e)
debug_print(f"[VIDEO INDEXER AUTH] ERROR in ARM API request: {sanitized_error}")
if hasattr(e, 'response') and e.response is not None:
debug_print(f"[VIDEO INDEXER AUTH] Error response status: {e.response.status_code}")
debug_print(f"[VIDEO INDEXER AUTH] Error response text: {e.response.text}")
debug_print(f"[VIDEO INDEXER AUTH] Error response text: {_sanitize_video_indexer_auth_log_value(e.response.text)}")
raise
except Exception as e:
debug_print(f"[VIDEO INDEXER AUTH] Unexpected error: {str(e)}")
debug_print(f"[VIDEO INDEXER AUTH] Unexpected error: {_sanitize_video_indexer_auth_log_value(e)}")
raise


Expand Down
Loading
Loading