Risk of PII (personally identifiable information) data being added to logs

Hi all!

I use the UiPath.MicrosoftOffice365.Activities.Mail.SendMail activity in one of my processes.

Today I received an error because my script had sent a badly formed email address. Fair enough - I should have better checks for this.

The error message is as follows:
Send Mail Receipt: Code: ErrorInvalidRecipients Message: At least one recipient is not valid., Recipient ‘test@abc.com’ is not resolved. All recipients must be resolved before a message can be submitted. ClientRequestId:

Because the email address appears in the error message, it is likely to be written to logs which is not ideal.

Ideally, this data would not be included in the error message.

Hi @JohnMac,

I second your thought on this. There needs to be a easier way to ensure a string is encrypted or substring is encrypted when a system exception occurs.

Our workaround

  1. We use try-catch on workflow level and catch such unknown exception messages. A link to the approach. The catch blocks consumes such system generated error messages and does not allow it to publish this to logs.
  2. In the catch block we use regex to check if the pattern matches with a PII,
  3. If it does, we perform string manipulation (similar to this thread How to mask credit card Number?) and / or encrypt string activity to avoid logging this information in our database/splunk index/log files.

The caveat is that, if you are using invoke worfklow, you will have to fetch the underlying error messages from the invoked workflow to the parent workflow, but this is easily done by using out_arguments.

1 Like

Thank you for pointing it out. I’ll let our team know.

1 Like

There is actually a way to prevent the values of an activity from being entered into logs even if logging is set to debug or verbose. You should be able to enable the Private flag to avoid logging that data.

1 Like