Initial skills documentation — 25 categories, all SKILL.md + references + scripts
This commit is contained in:
@@ -0,0 +1,27 @@
|
||||
---
|
||||
name: document-redaction
|
||||
description: Workflows for safely redacting sensitive data (IPs, credentials, domains) from IT documents, logs, and plans.
|
||||
---
|
||||
# Document Redaction & Data Sanitization
|
||||
|
||||
## Trigger
|
||||
When asked to make a document "public-safe", "redact", or "sanitize" logs, configs, or architectural plans.
|
||||
|
||||
## Workflow
|
||||
1. **Analyze the Source:** Read the document to identify classes of sensitive information (Vendor names, server names, internal IPs, domains, names/emails, passwords/keys).
|
||||
2. **Scripted Redaction (Python):** Write a Python script using the `re` module for robust multi-pass regex replacements. This is far less error-prone than chained `sed` commands for complex files.
|
||||
3. **Target Categories:**
|
||||
- **Entities/People:** Map explicit names (e.g., `John Doe` -> `[Lead Developer]`).
|
||||
- **Vendors:** Map third parties (e.g., `AWS`, `Hetzner` -> `[CLOUD-PROVIDER]`).
|
||||
- **Servers:** Map hostnames (e.g., `app1-bu` -> `[STANDBY-HOST]`).
|
||||
- **Emails:** `re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b', '[EMAIL-REDACTED]', text)`
|
||||
- **IPs:** `re.sub(r'\b(?:\d{1,3}\.){3}\d{1,3}\b', '[IP-REDACTED]', text)`
|
||||
4. **Mandatory Verification:** You MUST run `grep -iE "original_term1|original_term2|ip_regex"` on the generated output file to guarantee zero leakage before delivering the final artifact. Repeat the script generation/running until the `grep` commands return zero hits.
|
||||
|
||||
## Pitfalls
|
||||
- **Domain/Subdomain overlap:** Redacting `example.com` might miss or corrupt `sub.example.com`. Map full known URLs to generic placeholders (e.g., `[OPS-PORTAL-DOMAIN]`).
|
||||
- **Blind spots:** Regex won't catch specific executive names or custom server hostnames. Explicitly map known internal names first.
|
||||
- **Over-redaction:** Don't redact standard public URLs (like `get.docker.com` or `github.com`) that provide technical value and pose no security risk.
|
||||
|
||||
## Support Files
|
||||
- `scripts/redact_template.py` - Starter script for Python-based document redaction.
|
||||
@@ -0,0 +1,30 @@
|
||||
import re
|
||||
import sys
|
||||
|
||||
def redact_document(input_path, output_path):
|
||||
with open(input_path, 'r') as f:
|
||||
text = f.read()
|
||||
|
||||
# 1. Names and Entities
|
||||
text = re.sub(r"SpecificName", "[ROLE/TITLE]", text)
|
||||
|
||||
# 2. Vendors and Infrastructure
|
||||
text = re.sub(r"(?i)\bVendorName\b", "[VENDOR-TYPE]", text)
|
||||
text = re.sub(r"\bserver-hostname\b", "[SERVER-ROLE]", text)
|
||||
|
||||
# 3. Domains and URLs
|
||||
text = re.sub(r'\bapp\.example\.com\b', 'app.[DOMAIN-REDACTED]', text)
|
||||
|
||||
# 4. Standard Patterns (Emails, IPs)
|
||||
text = re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b', '[EMAIL-REDACTED]', text)
|
||||
text = re.sub(r'\b(?:\d{1,3}\.){3}\d{1,3}\b', '[IP-REDACTED]', text)
|
||||
|
||||
with open(output_path, 'w') as f:
|
||||
f.write(text)
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 3:
|
||||
print("Usage: python redact_template.py <input> <output>")
|
||||
sys.exit(1)
|
||||
redact_document(sys.argv[1], sys.argv[2])
|
||||
print(f"Redacted document saved to {sys.argv[2]}")
|
||||
Reference in New Issue
Block a user