From eb57493fdb7c5c457985db52c30228ebbd83f518 Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Thu, 7 Oct 2021 08:56:17 -0700
Subject: [PATCH 1/3] Make PII-in-logs checks a little more strict

---
 spec/services/analytics_spec.rb | 13 +++++++++++++
 spec/support/fake_analytics.rb  |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/spec/services/analytics_spec.rb b/spec/services/analytics_spec.rb
index dd9af8ed352..a64eb1acc57 100644
--- a/spec/services/analytics_spec.rb
+++ b/spec/services/analytics_spec.rb
@@ -195,5 +195,18 @@
         )
       end.to_not raise_error
     end
+
+    it 'does not alert when pii values are inside words' do
+      allow(ahoy).to receive(:track)
+
+      stub_const('DocAuth::Mock::ResultResponseBuilder::DEFAULT_PII_FROM_DOC', zipcode: '12345')
+
+      expect do
+        analytics.track_event(
+          'Trackable Event',
+          some_uuid: "12345678-1234-1234-1234-123456789012"
+        )
+      end.to_not raise_error
+    end
   end
 end
diff --git a/spec/support/fake_analytics.rb b/spec/support/fake_analytics.rb
index 6268cc926d7..7a4a6195afc 100644
--- a/spec/support/fake_analytics.rb
+++ b/spec/support/fake_analytics.rb
@@ -26,7 +26,7 @@ def track_event(event, original_attributes = {})
         :dob,
         :state_id_number,
       ).each do |key, default_pii_value|
-        if string_payload.include?(default_pii_value)
+        if string_payload.match?(Regexp.new('\b' + Regexp.quote(default_pii_value) + '\b', 'i'))
           raise PiiDetected, <<~ERROR
             track_event example PII #{key} (#{default_pii_value}) detected in attributes
             event: #{event} (#{constant_name})

From 5dc386cfb46a1348a5e8a4fac9566a850620d8af Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Thu, 7 Oct 2021 08:57:33 -0700
Subject: [PATCH 2/3] expect

---
 spec/services/analytics_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/services/analytics_spec.rb b/spec/services/analytics_spec.rb
index a64eb1acc57..77912017dbd 100644
--- a/spec/services/analytics_spec.rb
+++ b/spec/services/analytics_spec.rb
@@ -197,7 +197,7 @@
     end
 
     it 'does not alert when pii values are inside words' do
-      allow(ahoy).to receive(:track)
+      expect(ahoy).to receive(:track)
 
       stub_const('DocAuth::Mock::ResultResponseBuilder::DEFAULT_PII_FROM_DOC', zipcode: '12345')
 

From de3362ccc53cf1838a8b346864b56472bcd7e123 Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Thu, 7 Oct 2021 09:03:12 -0700
Subject: [PATCH 3/3] lint

---
 spec/services/analytics_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/services/analytics_spec.rb b/spec/services/analytics_spec.rb
index 77912017dbd..f639cb38480 100644
--- a/spec/services/analytics_spec.rb
+++ b/spec/services/analytics_spec.rb
@@ -204,7 +204,7 @@
       expect do
         analytics.track_event(
           'Trackable Event',
-          some_uuid: "12345678-1234-1234-1234-123456789012"
+          some_uuid: '12345678-1234-1234-1234-123456789012',
         )
       end.to_not raise_error
     end