Use case
Regression probe for the custom PresidioPatternRecognizer registered
for US_SSN. Presidio’s built-in SSN recognizer scores bare dashed
format (123-45-6789) well below the default threshold, so Declaw
ships a custom recognizer that fires at a lower confidence. This
example uses httpbin.org/post as an echo mirror to verify that SSN
patterns are caught and redacted before reaching the upstream.
What you’ll learn
- Configuring
PIIConfigwithrehydrate_response=Falseso the echo response shows exactly what the upstream received - Using httpbin.org/post as a zero-dependency mirror for redaction tests
- Verifying that SSN, email, and person-name PII types are all redacted
Prerequisites
Code walkthrough
Create a security policy with PII redaction enabled and rehydration disabled. Rehydration must be off so the echoed response shows the raw redacted tokens:Expected output
[REDACTED_*] tokens before
the request reaches httpbin. If the SSN passes through unredacted,
the probe exits with a non-zero code.
Full source
Seecookbook/examples/pii-ssn-redaction/main.py in the repo.