Skip to content

feat: Add privacy specific taxonomy #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Nov 17, 2025
Merged

feat: Add privacy specific taxonomy #84

merged 12 commits into from
Nov 17, 2025

Conversation

@jajanet
Copy link
Contributor

@jajanet jajanet commented Oct 13, 2025
edited
Loading

As part of #47, this PR helps ensure P0 CUJ-1 (log data leak ID and removal) and P0 CUJ-2 (ID sensitive flow to 3P) is addressed in the security:analyze command

This also helps cover more privacy specific features via outputting a simple datamap with source and sinks that the end of the analysis

Pending more test cases, this is an example of what a run would look like with a small set of tests: https://screenshot.googleplex.com/8nuFzxWcS5V2X6b (computer settings won't let me paste or upload an image to GH for some reason)

In short, this mainly adds:

  • privacy taint analysis skill to make sure those issues are flagged (similar to security ones)
  • edits the following analysis fields:
    • Location --> Source Location, to make the privacy datamap more clear
  • the following fields to the analysis:
    • vulnerability type (to differentiate between privacy and security issues)
    • sink (only for privacy issues, to complete the datamap)
    • data type (only for privacy issues, to flag the specific PII)

@google-cla
Copy link

google-cla bot commented Oct 13, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@capachino capachino changed the title Add privacy specific taxonomy feat: Add privacy specific taxonomy Oct 13, 2025
heltonduarte
heltonduarte reviewed Oct 14, 2025
View reviewed changes
heltonduarte
heltonduarte approved these changes Oct 20, 2025
View reviewed changes
shrishabh
shrishabh reviewed Oct 23, 2025
View reviewed changes
capachino
capachino reviewed Nov 5, 2025
View reviewed changes
capachino
capachino reviewed Nov 12, 2025
View reviewed changes
Copy link
Collaborator

@capachino capachino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall, a few more things before merging:

  • I believe you'll also need to update commands/security/analyze-github-pr.toml so maybe after everyone LGTM the changes to analyze.toml
  • Should update the repo README.md to reflect these new capabilities.

@capachino capachino merged commit 46b3eb0 into gemini-cli-extensions:main Nov 17, 2025
2 checks passed
@release-please release-please bot mentioned this pull request Nov 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shrishabh shrishabh shrishabh left review comments

@heltonduarte heltonduarte heltonduarte approved these changes

@capachino capachino capachino approved these changes

@evanotero evanotero Awaiting requested review from evanotero evanotero is a code owner

@pedrour pedrour Awaiting requested review from pedrour pedrour is a code owner

@QuanZhang-William QuanZhang-William Awaiting requested review from QuanZhang-William QuanZhang-William is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jajanet @heltonduarte @shrishabh @capachino