Open patricebender opened 2 weeks ago
hi @patricebender
you'd need to annotate such calculated properties (and their carrying entities) explicitly
Okay, do you think it would make sense to document this somewhere? I was not aware of this and had expected it to work out of the box.
Also, the annotation is propagated to the calculated element, why not leverage this?
entity Authors {
key ID : Integer;
books : Association to many Books
on books.author = $self;
creditCard : Int16 @PersonalData.IsPotentiallySensitive;
}
entity Books {
key ID : Integer;
author : Association to Authors;
title : String;
authorCreditCardNumber = author.creditCard;
}
❯ bin/cdsc.js e.cds
Debugger attached.
{
"definitions": {
"Authors": {
"kind": "entity",
"elements": {
…
"creditCard": {
"@PersonalData.IsPotentiallySensitive": true,
"type": "cds.Int16"
}
}
},
"Books": {
"kind": "entity",
"elements": {
…
"authorCreditCardNumber": {
"@PersonalData.IsPotentiallySensitive": true, // ⬅️
"type": "cds.Int16",
"value": {
"ref": [
"author",
"creditCard"
]
}
}
}
}
},
"meta": {
"creator": "CDS Compiler v5.0.1"
},
"$version": "2.0"
}
it is possible to circumvent
audit-logging
of sensitive data, if the data is read via a calculated element.I have created a sample which illustrates the problem. In the incidents-app, the credit card number of the customer is exposed in
Incidents
via calculated element.. In the sample,audit-logging
has been added as well as the data-privacy annotations.Steps to reproduce
git clone https://github.com/cap-js/incidents-app.git && cd incidents-app
git checkout patrice/calc
npm i
cds watch
→ Logs for direct read
[odata] - GET /odata/v4/processor/Customers
:→ No logs for indirect read
[odata] - GET /odata/v4/processor/Incidents
, which exposes the credit card number of the customer: