feat(data-masking): add custom mask functionalities

[anafalcao]

Issue number:
#5826

Summary

This PR enhances the data masking tool by introducing flexible masking options. These new features allow for dynamic, pattern-based, and regex-based masking, providing users with greater control over how sensitive data is obscured in using the erase method.

Changes

New flags for erase():

• dynamic_mask (bool): Enables dynamic masking behavior when set to True, by maintaining the original length and structure of the text replacing with *.
  Example: dynamic_mask = True for 'Avenue St' is '****** **'
• custom_mask (str): Specifies a simple pattern for masking data. This pattern is applied directly to the input string, replacing all the original characters.
  For example, with a mask_pattern of "XX-XX" applied to "12345", the result would be "XX-XX".
• regex_pattern (str): Defines a regular expression pattern used to identify parts of the input string that should be masked. This allows for more complex and flexible masking rules. It's used in conjunction with mask_format.
• mask_format (str): Specifies the format to use when replacing parts of the string matched by regex_pattern. It can include placeholders (like \1, \2) to refer to captured groups in the regex pattern, allowing some parts of the original string to be preserved.
  For example: 'example@email.com' could become 'e*****@email.com'
• masking_rules (dict): Apply different rules (formats) for each data field.

User experience

Previously, users had limited options for masking sensitive data. The erase() function provided basic masking capabilities, typically replacing entire fields or values with a fixed mask (e.g., '*****').
With the new masking options, users now have much more control over how their sensitive data is obscured. The enhanced erase() function offers a range of flexible masking techniques to suit various use cases, including different techniques for each field:

from __future__ import annotations

from aws_lambda_powertools.utilities.data_masking import DataMasking
from aws_lambda_powertools.utilities.typing import LambdaContext

masker = DataMasking()

masking_rules = {
    "credit_card": {"custom_mask": "XX"},
    "street": {"dynamic_mask": True},
    "email": {"regex_pattern": r"(\w)[\w.-]+@([\w.-]+)", "mask_format": r"\1****@\2"}
}
masked_data = masker.erase(
    data={"credit_card": "1234-5678-9012-3456", "street": "Avenue St", "email": "user@example.com"},
    masking_rules=masking_rules
)
# Result: {"credit_card": "XX", "street": "****** **" , "email": "u****@example.com"}

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[anafalcao]

Hi @leandrodamascena ! Can I have your help here with mypy? Thanks!

[anafalcao]

Hi @leandrodamascena!
I just converted to Ready for review. I've been having issues regarding Incompatible types in assignment with mypy. Can you take a look?
I also created some tests for the new functionalities, but I also may need to implement some more after fixing this types issues

[leandrodamascena]

Hey @anafalcao! Another round of review. This is a nice work, we just need to fix some things. 🚀

[github-actions]

⚠️Large PR detected⚠️

Please consider breaking into smaller PRs to avoid significant review delays. Ignore if this PR has naturally grown to this size after reviews.

[github-actions]

⚠️Large PR detected⚠️

Please consider breaking into smaller PRs to avoid significant review delays. Ignore if this PR has naturally grown to this size after reviews.

[github-actions]

⚠️Large PR detected⚠️

Please consider breaking into smaller PRs to avoid significant review delays. Ignore if this PR has naturally grown to this size after reviews.

[github-actions]

⚠️Large PR detected⚠️

Please consider breaking into smaller PRs to avoid significant review delays. Ignore if this PR has naturally grown to this size after reviews.

[leandrodamascena]

APPROVING it @anafalcao! THANK YOU SO MUCH!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
2 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud