Add user profile and data processing functionality with logging

[jacwu]

No description provided.

To fix the problem, we should ensure that sensitive data such as phone numbers are not logged in clear text. The best approach is to redact, omit, or replace the sensitive value in the relevant log entry. In this example, the log line on line 13 that logs phone_number should be modified. Possible approaches are:

• Omit the phone number entirely from the log message.
• Replace the value with a constant string such as REDACTED or mask it (e.g. only show last 2/3 digits).

The best fix with minimal functional impact is to redact the phone number value in the logging statement. No changes to imports or other parts of the code are necessary.

To fix this issue, the logging statement that outputs the credit card number in clear text should be removed or modified so that it does not expose the sensitive data. The best approach depends on the needs of operational logging:

• If it's necessary to record that a credit card was processed without exposing details, log only the presence or last 4 digits (masked) of the credit card number, never the full number.
• If logging is not required for this field, remove the logging statement entirely.

Thus, specifically in github-copilot-features/refactor/pii.py on line 14, either remove the line or modify it to log only masked information (e.g., ****-****-****-9012).

No new methods or imports are necessary; any masking can be done inline using simple string manipulation.

[github-actions]

File	Concern	Recommendation	Severity
github-copilot-features/refactor/pii.py	Logs include full name, email, phone, and credit card number in plain text (logging.info L12, L13, L14), creating a high-risk PII leak in log storage.	Remove or mask sensitive fields before logging; limit logs to non-identifying metadata (e.g., customer ID).	critical
github-copilot-features/refactor/pii.ts	console.log dumps the entire user payload including DOB, address, and national ID (JSON.stringify(user) L32), exposing PII in logs.	Drop the payload logging or redact/mask sensitive fields before logging.	critical
github-copilot-features/refactor/pii.ts	Card number and CVV are logged in clear text (console.log L35), causing direct leakage of payment credentials.	Remove the credit card logging entirely or replace with masked tokens.	critical

Reviewed by Codex

[github-actions]

File	Concern	Recommendation	Severity
github-copilot-features/refactor/pii.py	PII logging exposure at L11-L14: Full name, email, phone number, and credit card number are logged in plaintext	Mask or redact PII before logging. Use structured logging with PII redaction (e.g., email_address="a***e@example.com", credit_card_number="****-****-****-9012"). Consider implementing a sanitization function.	critical
github-copilot-features/refactor/pii.py	Hardcoded sensitive test data at L22-L27	Remove hardcoded PII from source code. Use mock/fake data generators or load from secure test fixtures that are not committed to version control.	major
github-copilot-features/refactor/pii.ts	Complete PII object serialization at L32: JSON.stringify(user) exposes all sensitive fields including national ID, credit card details, DOB, and address in logs	Never log complete user objects containing PII. Create a sanitized version that excludes or masks sensitive fields before logging. Implement a toAuditLog() method that returns safe data.	critical
github-copilot-features/refactor/pii.ts	Credit card and CVV logged in plaintext at L35	Never log credit card numbers or CVV codes. If payment processing confirmation is needed, log only a masked version (e.g., last 4 digits: ****-****-****-7777). Remove CVV from logs entirely.	critical
github-copilot-features/refactor/pii.ts	National identity number exposed in error message at L41	Remove user.nationalIdentityNumber from error messages. Log only the user ID for correlation without exposing sensitive identifiers.	critical
github-copilot-features/refactor/pii.ts	Email address in error message at L48	Avoid logging raw email addresses in validation errors. Use user ID or a masked version for identification in error contexts.	major
github-copilot-features/refactor/pii.ts	Hardcoded PII in test execution at L66-L82	Remove hardcoded PII from source code. Use anonymized test data or factory functions for generating realistic but non-sensitive test data.	major
github-copilot-features/refactor/pii.ts	Missing data protection compliance documentation	Add comments or documentation indicating GDPR/CCPA compliance measures, data retention policies, and encryption requirements for PII storage.	minor
github-copilot-features/refactor/pii.py	No data sanitization or validation before logging	Implement input validation and sanitization. Add type hints to function parameters for better code safety.	minor
github-copilot-features/refactor/pii.ts	Console.log usage in production code at L31-35, L41, L58	Replace console.log with a proper logging framework that supports log levels, structured logging, and can integrate with PII redaction middleware.	minor

Reviewed by GitHub Copilot CLI

[github-actions]

GitHub Copilot CLI PII Review

---

This is an PII security review generated by GitHub Copilot CLI for pull request #32.

Review Feedback

✔ List directory github-copilot-features/refactor
└ 17 files found

🔒 PII Security Review Report

Executive Summary

CRITICAL SECURITY ISSUES DETECTED: Both files contain severe PII exposure vulnerabilities that violate GDPR, CCPA, and industry security standards. Immediate remediation required before production deployment.

---

🚨 Critical Issues

1. Unmasked PII Logging - CRITICAL

File: pii.py

Lines: 11-13

logging.info(f"Updating details - Name: {full_name}, Email: {email_address}")
logging.info(f"Contact Phone: {phone_number}")
logging.info(f"Payment Info (CC): {credit_card_number}")

Severity: 🔴 CRITICAL

Issue: Direct logging of sensitive PII including:

• Full names
• Email addresses
• Phone numbers
• Credit card numbers in plaintext

Risk:

• Logs are typically stored unencrypted and accessible to multiple systems/personnel
• Credit card logging violates PCI-DSS standards
• GDPR Article 32 violation (inadequate security measures)
• Potential data breach vector through log aggregation systems

Remediation:

logging.info(f"Starting update for Customer ID: {customer_id}")
logging.info(f"Updating customer record - redacted for security")
# Never log PII - use audit trails with proper encryption instead

---

File: pii.ts

Line: 32

console.log(`[DEBUG] Payload: ${JSON.stringify(user)}`);

Severity: 🔴 CRITICAL

Issue: Serializing and logging entire user object containing:

• National identity number
• Credit card details (number, CVV, expiry)
• Full address
• Date of birth
• Email

Risk: Complete PII exposure in logs, browser console, or log aggregation services.

Remediation:

console.log(`[AUDIT] Processing update for ${user.id} in region ${this.region}`);
// Remove line 32 entirely - never log full user objects

---

2. Credit Card Data Exposure - CRITICAL

File: pii.ts

Line: 35

console.log(`[INFO] Processing payment method: ${user.creditCard.number} / ${user.creditCard.cvv}`);

Severity: 🔴 CRITICAL

Issue:

• CVV must NEVER be stored or logged per PCI-DSS requirement 3.2
• Credit card number logged in plaintext
• Immediate compliance violation

Risk:

• PCI-DSS non-compliance (fines up to $100,000/month)
• Merchant account suspension
• Legal liability for data breach

Remediation:

// Never log CVV or full credit card numbers
const maskedCard = user.creditCard.number.slice(-4);
console.log(`[INFO] Processing payment method ending in ${maskedCard}`);

---

3. National Identity Number Exposure - CRITICAL

File: pii.ts

Lines: 41, 51

console.error(`[ERROR] Failed to update user ${user.fullName} (${user.nationalIdentityNumber}):`, error);
throw new Error(`Invalid ID: ${user.nationalIdentityNumber}`);

Severity: 🔴 CRITICAL

Issue: National ID numbers logged in error messages and exceptions

Risk:

• GDPR Article 9 violation (special category data)
• Identity theft vector
• Error tracking systems expose sensitive data

Remediation:

console.error(`[ERROR] Failed to update user ${user.id}:`, error);
throw new Error(`Invalid national ID format for user ${user.id}`);

---

4. Email Exposure in Error Messages - MAJOR

File: pii.ts

Line: 48

throw new Error(`Invalid email address: ${user.email}`);

Severity: 🟠 MAJOR

Issue: Email addresses in exception messages propagate to error tracking systems

Remediation:

throw new Error(`Invalid email format for user ${user.id}`);

---

⚠️ Major Issues

5. Hardcoded Test PII - MAJOR

File: pii.py

Lines: 22-27

Severity: 🟠 MAJOR

Issue: Realistic-looking test data hardcoded in main execution block:

• Full name: "Alice Smith"
• Email: alice.smith@example.com
• Phone: +1-202-555-0123
• Credit card: 4532-1234-5678-9012

Risk:

• Accidental production execution
• Example data may be copied by developers
• Git history contains PII patterns

Remediation:

if __name__ == "__main__":
    # Use obviously fake data or load from secure test fixtures
    update_customer_record(
        customer_id="TEST-0001",
        full_name="Test User",
        email_address="test@example.invalid",
        phone_number="+1-555-0100",  # Reserved test number
        credit_card_number="0000-0000-0000-0000"  # Invalid card
    )

---

File: pii.ts

Lines: 66-82

Severity: 🟠 MAJOR

Issue: Similar hardcoded test data including:

• Full user profile with real-looking data
• Belgian address
• Credit card with CVV

Remediation:

// Move test data to separate test fixtures
// Use faker.js or similar for test data generation
processor.processUpdate({
    id: "TEST-00001",
    fullName: "Test User",
    email: "test@example.invalid",
    // ... use obviously fake data
});

---

🟡 Minor Issues

6. Missing Data Masking Functions - MINOR

Severity: 🟡 MINOR

Issue: No utility functions for PII masking/redaction

Recommendation: Implement data masking utilities:

def mask_email(email: str) -> str:
    """Mask email: j***@example.com"""
    local, domain = email.split('@')
    return f"{local[0]}{'*' * (len(local) - 1)}@{domain}"

def mask_credit_card(cc: str) -> str:
    """Show only last 4 digits"""
    return f"****-****-****-{cc[-4:]}"

function maskPII(data: any): any {
    // Deep clone and mask sensitive fields
    const masked = { ...data };
    if (masked.email) masked.email = maskEmail(masked.email);
    if (masked.creditCard) masked.creditCard = { last4: data.creditCard.number.slice(-4) };
    // ...
    return masked;
}

---

7. No Audit Trail Implementation - MINOR

Severity: 🟡 MINOR

Issue: No proper audit mechanism for PII access

Recommendation: Implement secure audit logging that records:

• User ID (not full PII)
• Action type
• Timestamp
• Result (success/failure)
• IP address/session context

---

📋 Compliance Summary

Regulation	Violation	Files Affected
PCI-DSS 3.2	CVV storage/logging	pii.ts (line 35)
PCI-DSS 3.4	Unmasked card numbers in logs	pii.py (line 13), pii.ts (lines 32, 35)
GDPR Art. 32	Inadequate security measures	Both files
GDPR Art. 5(1)(f)	Integrity and confidentiality	Both files
CCPA 1798.81.5	Reasonable security	Both files

---

🔧 Remediation Priority

Immediate Actions (Before Merge):

1. ✅ Remove ALL PII from console.log/logging.info statements
2. ✅ Remove CVV from data structures and logs (PCI-DSS violation)
3. ✅ Replace hardcoded test data with obviously fake values
4. ✅ Mask national identity numbers in error messages

Short-term (Within 1 Sprint):

1. Implement PII masking utility functions
2. Add proper audit logging mechanism
3. Create secure test fixtures
4. Add static analysis rules to prevent PII logging

Long-term:

1. Implement field-level encryption for sensitive data
2. Add data classification tags to interfaces
3. Conduct security training on PII handling
4. Implement automated PII detection in CI/CD pipeline

---

✅ Recommended Code Patterns

Python Secure Pattern:

def update_customer_record(customer_id, full_name, email_address, phone_number, credit_card_number):
    logging.info(f"Processing update for Customer ID: {customer_id}")
    
    # Never log PII - use secure audit trail instead
    audit_log.record(
        action="customer_update",
        resource_id=customer_id,
        timestamp=datetime.utcnow(),
        result="success"
    )
    
    # Mask data if logging is absolutely necessary
    # logging.debug(f"Email domain: {email_address.split('@')[1]}")
    
    return True

TypeScript Secure Pattern:

public async processUpdate(user: UserProfile): Promise<boolean> {
    try {
        this.validateUser(user);
        
        // Log only non-sensitive identifiers
        console.log(`[AUDIT] Processing update for ${user.id} in region ${this.region}`);
        
        // Use structured audit logging
        await this.auditLog({
            userId: user.id,
            action: 'profile_update',
            timestamp: new Date().toISOString()
        });
        
        await this.saveToDatabase(user);
        return true;
    } catch (error) {
        // Never include PII in error messages
        console.error(`[ERROR] Failed to update user ${user.id}:`, error.message);
        return false;
    }
}

---

📊 Risk Assessment

Overall Risk Level: 🔴 CRITICAL - BLOCK MERGE

Breach Probability: HIGH if deployed to production
Impact: SEVERE (regulatory fines, reputation damage, legal liability)

Recommendation: DO NOT MERGE until all CRITICAL issues are resolved and verified.

---

📚 References

• PCI-DSS 3.2.1 Requirements
• GDPR Article 32 - Security of Processing
• OWASP Logging Cheat Sheet
• NIST SP 800-122: Guide to Protecting PII

---

This is an PII security review by GitHub Copilot CLI. Please use human judgment when evaluating suggestions.

[Copilot]

Pull request overview

This PR adds user profile and customer data processing functionality in both TypeScript and Python with logging capabilities. However, the implementation contains critical security vulnerabilities related to PII (Personally Identifiable Information) exposure in logs, which violates data privacy regulations like GDPR and PCI-DSS.

Key changes:

• TypeScript: Introduces UserProfile interface and UserDataProcessor class for handling user data updates with validation
• Python: Adds update_customer_record function for customer database updates

Critical Issues Found: Both implementations log sensitive PII including credit card numbers, national identity numbers, email addresses, phone numbers, and full names. This poses serious compliance and security risks.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 9 comments.

File	Description
github-copilot-features/refactor/pii.ts	Adds TypeScript user profile processing with UserDataProcessor class - contains critical PII logging violations
github-copilot-features/refactor/pii.py	Adds Python customer record update function - contains critical PII logging violations

[Copilot]

Critical security issue: Logging user's full name and national identity number in error messages exposes PII. National identity numbers are particularly sensitive and should never be logged.

Recommendation: Log only the user.id without exposing full name or national identity number.

Suggested change

	console.error(`[ERROR] Failed to update user ${user.fullName} (${user.nationalIdentityNumber}):`, error);
	console.error(`[ERROR] Failed to update user ${user.id}:`, error);

[Copilot]

Security issue: National identity number is being exposed in error messages. This is highly sensitive PII that should never be included in error messages or logs.

Recommendation: Remove the national identity number from the error message. Use a generic error like Invalid ID format for user ${user.id}.

[Copilot]

Security issue: Email address is being logged. While this is less sensitive than other PII, it should be avoided for privacy compliance.

Recommendation: Log only the user.id instead of the email address.

Suggested change

	console.log(`[DB] Record updated for ${user.email}`);
	console.log(`[DB] Record updated for user ID ${user.id}`);

[Copilot]

Critical security issue: Full name and email address (both PII) are being logged. This violates data privacy regulations and exposes sensitive customer information in logs.

Recommendation: Log only the customer_id without exposing personally identifiable information.

Suggested change

	logging.info(f"Updating details - Name: {full_name}, Email: {email_address}")
	logging.info(f"Contact Phone: {phone_number}")
	logging.info(f"Payment Info (CC): {credit_card_number}")
	logging.info(f"Updating customer details for Customer ID: {customer_id}")
	# PII removed from logs

[Copilot]

Critical security issue: Phone number (PII) is being logged. Phone numbers are considered sensitive personal data under privacy regulations.

Recommendation: Remove phone number from log output. Log only the customer_id for tracking purposes.

Suggested change

	logging.info(f"Contact Phone: {phone_number}")
	logging.info(f"Updating contact phone for Customer ID: {customer_id}")

[Copilot]

Critical security issue: Credit card number is being logged in plain text. This is a severe PCI-DSS violation that exposes payment card data. Credit card numbers should never be logged in full.

Recommendation: Remove this logging entirely. If payment processing tracking is needed, use a tokenized reference or transaction ID instead.

Suggested change

logging.info(f"Payment Info (CC): {credit_card_number}")

[Copilot]

Critical security issue: The entire user object (containing PII) is being logged, including sensitive data like nationalIdentityNumber, email, address, and credit card information. This violates data privacy regulations (GDPR, PCI-DSS) and exposes sensitive user data in logs.

Recommendation: Log only non-sensitive identifiers like user.id without exposing PII.

Suggested change

	console.log(`[DEBUG] Payload: ${JSON.stringify(user)}`);
	console.log(`[DEBUG] Payload: { id: ${user.id} }`);

[Copilot]

Security issue: Email address is being logged, which is considered PII under data protection regulations. While less sensitive than other data, it still poses privacy risks.

Recommendation: Log only the user.id for correlation purposes.

Suggested change

	throw new Error(`Invalid email address: ${user.email}`);
	throw new Error(`Invalid email address for user ID: ${user.id}`);

[Copilot]

Critical security issue: Credit card number and CVV are being logged in plain text. This is a severe PCI-DSS violation that exposes payment card data. CVV should never be stored or logged, and credit card numbers should be masked or tokenized.

Recommendation: Remove this logging entirely or use a redacted version like "--****-7777" for the card number. Never log CVV under any circumstances.