feat: Add query property to AnalyticEntry with privacy masking #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add GraphQL query string tracking to AnalyticEntry for analyzing query
complexity and structure patterns. Implements secure-by-default literal
masking to protect against accidental data leakage through inline values.
Changes:
- Add `query: String?` property to AnalyticEntry
- Add `maskQueryLiterals: Bool` to AnalyticsConfiguration (default: true)
- Implement query masking algorithm that:
- Masks string literals ("admin" → "***")
- Masks number literals (123 → ***)
- Preserves variable references ($userId)
- Preserves query structure for complexity analysis
- Wire query parameter through FTNetworkTracer
- Add 7 comprehensive tests for query masking functionality
- Update CLAUDE.md documentation
Privacy Levels:
- .none/.private: Query included with optional literal masking
- .sensitive: Query set to nil (most restrictive)
Breaking Changes: None (purely additive)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Collaborator
Author
Generated by 🚫 Danger |
Refactored maskQueryLiteralValues function to address SwiftLint violations: - Extracted state into QueryMaskingState struct - Split complex switch logic into smaller helper methods - Reduced cyclomatic complexity from 20 to acceptable levels - Reduced function body length from 80 to under 50 lines - Fixed conditional returns on newline warning All tests still passing (75/75). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Add comprehensive documentation for the new GraphQL query masking feature: - Added maskQueryLiterals configuration example - Updated privacy levels table to include GraphQL query behavior - Added "What Gets Masked" section for GraphQL query literals - Added visual example showing query masking in action - Updated test coverage to reflect 75 total tests - Added usage example in MyAnalytics class showing query analysis - Updated features list to highlight GraphQL query masking 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds GraphQL query string tracking to AnalyticEntry with privacy-focused literal masking to prevent accidental data leakage. The implementation provides secure-by-default behavior while allowing flexibility for teams that need unmasked queries.
- Added
queryproperty toAnalyticEntrywith automatic privacy masking based on configuration - Implemented literal masking algorithm that masks string and number literals while preserving query structure and variable references
- Added
maskQueryLiteralsconfiguration option (default:true) to allow opt-out of masking - Comprehensive test coverage with 7 new unit tests and 1 integration test
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| Sources/FTNetworkTracer/Analytics/AnalyticEntry.swift | Added query property with masking applied via configuration |
| Sources/FTNetworkTracer/Analytics/AnalyticsConfiguration.swift | Added maskQueryLiterals config option and masking algorithm implementation |
| Sources/FTNetworkTracer/FTNetworkTracer.swift | Wired query parameter through to AnalyticEntry |
| Tests/FTNetworkTracerTests/AnalyticsTests.swift | Added 7 comprehensive unit tests for query masking behavior |
| Tests/FTNetworkTracerTests/IntegrationTests.swift | Added end-to-end integration test for query analytics flow |
| README.md | Updated documentation with query masking examples and privacy table |
| CLAUDE.md | Updated developer documentation with query masking details |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Security Fixes: - Fix unclosed string literal vulnerability - Fix parentheses handling inside string literals - Malformed queries now safely mask content Test Coverage: - Add 5 security tests for GraphQL query masking - Test PII masking, SQL injection, XSS payloads - Test malformed queries with unclosed strings - Total: 80 tests passing Documentation: - Clarify preserved literal types in README - Document booleans, nulls, enums are preserved Addresses Copilot comments and Danger bot request. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Refactors QueryLiteralMasker to take query as init parameter and expose masked result as a property. Design improvements: - Query passed to init, maskedQuery exposed as property - Internal Processor struct handles state and processing - Clean separation between public API and implementation - Fixes SwiftLint type_body_length violation Technical: - All 80 tests passing - SwiftLint: 0 violations - AnalyticsConfiguration: 184 lines 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds GraphQL query string tracking to AnalyticEntry for analyzing query complexity and structure patterns. Implements secure-by-default literal masking to protect against accidental data leakage through inline values.
Changes
Core Implementation
Privacy Behavior
Test Coverage
Documentation
Breaking Changes
None - Purely additive change with backward compatibility
Rationale
🤖 Generated with Claude Code