Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize exception logs #10443

Merged
merged 5 commits into from
Sep 10, 2024
Merged

Sanitize exception logs #10443

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a7cf634
Sanitize rpc exception
surgupta-msft Aug 28, 2024
b7f38a4
Added test
surgupta-msft Aug 30, 2024
507e8fc
Adding key token
surgupta-msft Sep 4, 2024
0c68221
Merge branch 'dev' into surgupta/sanitize-rpc
surgupta-msft Sep 10, 2024
32147d4
Release notes update
surgupta-msft Sep 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/WebJobs.Script/Sanitizer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ internal static class Sanitizer

// List of keywords that should not be replaced with [Hidden Credential]
private static readonly string[] AllowedTokens = new string[] { "PublicKeyToken=" };
internal static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&sig=", "&sig=", "?sig=", "SharedAccessKey=", "&code=", "&code=", "?code=" };
internal static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&sig=", "&sig=", "?sig=", "SharedAccessKey=", "&code=", "&code=", "?code=", "key=" };
private static readonly string[] CredentialNameFragments = new[] { "password", "pwd", "key", "secret", "token", "sas" };

// Pattern of format : "<protocol>://<username>:<password>@<address>:<port>"
Expand Down
5 changes: 3 additions & 2 deletions src/WebJobs.Script/Workers/Rpc/RpcException.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,17 @@
// Licensed under the MIT License. See License.txt in the project root for license information.

using System;
using Microsoft.Azure.WebJobs.Logging;

namespace Microsoft.Azure.WebJobs.Script.Workers.Rpc
{
public class RpcException : Exception
{
public RpcException(string result, string message, string stack, string typeName = "", bool isUserException = false)
: base($"Result: {result}\nException: {message}\nStack: {stack}")
: base($"Result: {result}\nException: {Sanitizer.Sanitize(message)}\nStack: {stack}")
{
RemoteStackTrace = stack;
RemoteMessage = message;
RemoteMessage = Sanitizer.Sanitize(message);
if (!string.IsNullOrEmpty(typeName))
{
RemoteTypeName = typeName;
Expand Down
17 changes: 17 additions & 0 deletions test/WebJobs.Script.Tests/Workers/Rpc/GrpcWorkerChannelTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -939,6 +939,23 @@ public async Task ReceivesInboundEvent_FunctionLoadResponse()
Assert.True(traces.Any(m => string.Equals(m.FormattedMessage, "Received FunctionLoadResponse for function: 'js1' with functionId: 'TestFunctionId1'.")), "FunctionLoadResponse TestFunctionId1");
}

[Fact]
public async Task ReceivesInboundEvent_Error_FunctionLoadResponse()
{
await CreateDefaultWorkerChannel();
var functionMetadatas = GetTestFunctionsList("node");
_workerChannel.SetupFunctionInvocationBuffers(functionMetadatas);
_testFunctionRpcService.OnMessage(StreamingMessage.ContentOneofCase.FunctionLoadRequest,
_ => _testFunctionRpcService.PublishSystemErrorFunctionLoadResponseEvent("TestFunctionId1", "abc AccountKey== "));
surgupta-msft marked this conversation as resolved.
Show resolved Hide resolved
_workerChannel.SendFunctionLoadRequests(null, TimeSpan.FromMinutes(5));

await Task.Delay(500);
var traces = _logger.GetLogMessages();
ShowOutput(traces);

Assert.True(traces.Any(m => m.Exception != null && m.Exception.Message.Contains("abc [Hidden Credential]")));
}

[Fact]
public async Task Receives_Individual_FunctionLoadResponses_Parallel()
{
Expand Down
32 changes: 32 additions & 0 deletions test/WebJobs.Script.Tests/Workers/Rpc/TestFunctionRpcService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
using Microsoft.Azure.WebJobs.Script.Grpc.Eventing;
using Microsoft.Azure.WebJobs.Script.Grpc.Messages;
using Microsoft.Extensions.Logging;
using static Microsoft.Azure.WebJobs.Script.Grpc.Messages.RpcLog.Types;

namespace Microsoft.Azure.WebJobs.Script.Tests.Workers.Rpc
{
Expand Down Expand Up @@ -153,6 +154,37 @@ public void PublishFunctionLoadResponseEvent(string functionId)
Write(responseMessage);
}

public void PublishSystemErrorFunctionLoadResponseEvent(string functionId, string exceptionMessage)
{
StatusResult statusResult = new StatusResult()
{
Status = StatusResult.Types.Status.Failure
};
FunctionLoadResponse functionLoadResponse = new FunctionLoadResponse()
{
FunctionId = functionId,
Result = statusResult
};

RpcLog rpcLog = new RpcLog()
{
LogCategory = RpcLogCategory.System,
Level = Level.Error,
Exception = new RpcException()
{
Message = exceptionMessage
}
};

StreamingMessage responseMessage = new StreamingMessage()
{
FunctionLoadResponse = functionLoadResponse,
RpcLog = rpcLog
};

Write(responseMessage);
}

public void PublishFunctionLoadResponsesEvent(List<string> functionIds, StatusResult statusResult)
{
FunctionLoadResponseCollection functionLoadResponseCollection = new FunctionLoadResponseCollection();
Expand Down
Loading