Make it easier to add a SanitizingFunction to mask properties with specific names #39243

philwebb · 2024-01-19T03:09:14Z

We removed default sanitization in #33448 but didn't offer an easy way for those that were happy with that approach to apply it again. This means that a lot users will be copying similar code.

A couple of options that come to mind are:

A property that contains property names that should be sanitized
A factory method on SanitizingFunction that makes it easier to create a @Bean

The text was updated successfully, but these errors were encountered:

philwebb · 2024-02-14T16:33:48Z

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

guai · 2024-05-21T10:43:23Z

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

datagitlies · 2024-05-21T13:20:06Z

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

@guai you can implement your own SanitizingFunction - see the comment here: #32156 (comment)

That said, I'm still hoping for a spring provided solution that makes it easier to create a @Bean so that I don't have to copy all that code from 2.7

datagitlies · 2024-05-21T13:31:50Z

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

@philwebb is there any update on this? If there is a branch I could look at or contribute to I'd be happy to pitch in for functionality that improves my codebase(s).

philwebb · 2024-05-21T20:18:30Z

@datagitlies We haven't had the chance to look at this one in any detail yet. I'm afraid we're currently heads down on the 3.3 release. If you have a proposal, feel free to submit a pull-request.

…ith spring boot upgrade to 3.x While upgrading the spring boot to 3.0.13 and spring cloud 2022.0.5, encountered the below errors during build process of kork-actuator module: ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:26: error: cannot find symbol import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; ^ symbol: class WebSecurityConfigurerAdapter location: package org.springframework.security.config.annotation.web.configuration /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:30: error: cannot find symbol public class ActuatorEndpointsConfiguration extends WebSecurityConfigurerAdapter { ^ symbol: class WebSecurityConfigurerAdapter 2 errors ``` With spring boot upgrade, spring security also upgrades from 5.x to 6.x. As per the migration [steps](https://www.baeldung.com/spring-security-migrate-5-to-6), `WebSecurityConfigurerAdapter` has been removed. So, it is not required to be extended, instead bean can be registered. ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:45: error: invalid method reference .ifPresent(sanitizer::setKeysToSanitize); ^ cannot find symbol symbol: method setKeysToSanitize(T) location: class Sanitizer where T is a type-variable: T extends Object declared in class Optional /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:56: error: incompatible types: String cannot be converted to SanitizableData return sanitizer.sanitize(property, environment.getProperty(property)); ^ Note: Some messages have been simplified; recompile with -Xdiags:verbose to get full output 2 errors ``` In spring boot 3, changes are introduced in sanitization of actuator [endpoints](https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#actuator-endpoints-sanitization). Default `Sanitizer` implementation has been removed and replaced with `SanitizingFunction`. spring-projects/spring-boot#33448 spring-projects/spring-boot#39243 spring-projects/spring-boot#32156 So, added the `ActuatorSanitizingFunction` class to provide the default implementation of `SanitizingFunction`.

GrahamHannington · 2025-02-09T04:11:59Z

property names that should be sanitized

With apologies for not yet having tested this myself: in 2.7.x, what did keys-to-sanitize do to non-string properties, such as boolean properties? e.g.

management.endpoints.web.cors.allow-credentials
spring.graphql.cors.allow-credentials

(How) did it sanitize true or false? I've briefly looked at the code, but I can't see any special handling. I suspect the answer is: same as any other property: ******.

One reason I'm asking: in general, I'm cautious about any processing that might break downstream validation, such as validation of values allowed by data types. Such validation might allow ****** for a password (depending on how specific the "data type" is: e.g. string versus a bespoke password data type). But ****** as the value of a boolean property is certain to cause a validation error.

"Don't even attempt to validate sanitized data"? "You're the only person on the planet who wants to view—say, in Visual Studio Code editor, validated using a JSON schema—a set of configuration properties that have been consolidated by Spring Boot from multiple input .yaml and/or .properties files, sanitized'n'dumped, and then converted into a single, monolothic .yaml file."? Yeah, okay. 🙂

datagitlies · 2025-02-10T15:06:54Z

@GrahamHannington what you suspected ("same as any other property ******") was true if you utilized the default sanitizing function provided in spring-boot 2.7. In the latest version of spring-boot it's completely up to you to provide the SanitizingFunction as there is no longer a default. Hence the reason for the original issue. So, you can certainly sanitize any way you'd like.

That said, I'm still hoping for a spring provided solution that makes it easier to create a @Bean so that you or I wouldn't have to copy all the code from spring-boot 2.7

philwebb · 2025-02-12T03:14:09Z

I've added some method to the interface that should make it easier to recreate something similar to the rules we had in Spring Boot 2.7. The exception being URL user info parts which we don't want to support.

Here's a one-liner to sanitize values that are likely sensitive:

@Bean
SanitizingFunction sanitizingFunction() {
	return SanitizingFunction.sanitizeValue().ifLikelySenstive();
}

You can also build more complex functions. For example, the following will sanitize sun.java.command and spring.application.json system properties, keys that contain "password" or "secret" and anything that looks like a GitHub token.

@Bean
SanitizingFunction sanitizingFunction() {
	return SanitizingFunction.sanitizeValue()
		.ifLikelySenstiveProperty()
		.ifKeyContains("password", "secret")
		.ifValueStringMatches("^gh._[a-zA-Z0-9]{36}$");;
}

See gh-39243

…ith spring boot upgrade to 3.x While upgrading the spring boot to 3.0.13 and spring cloud 2022.0.5, encountered the below errors during build process of kork-actuator module: ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:26: error: cannot find symbol import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; ^ symbol: class WebSecurityConfigurerAdapter location: package org.springframework.security.config.annotation.web.configuration /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:30: error: cannot find symbol public class ActuatorEndpointsConfiguration extends WebSecurityConfigurerAdapter { ^ symbol: class WebSecurityConfigurerAdapter 2 errors ``` With spring boot upgrade, spring security also upgrades from 5.x to 6.x. As per the migration [steps](https://www.baeldung.com/spring-security-migrate-5-to-6), `WebSecurityConfigurerAdapter` has been removed. So, it is not required to be extended, instead bean can be registered. ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:45: error: invalid method reference .ifPresent(sanitizer::setKeysToSanitize); ^ cannot find symbol symbol: method setKeysToSanitize(T) location: class Sanitizer where T is a type-variable: T extends Object declared in class Optional /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:56: error: incompatible types: String cannot be converted to SanitizableData return sanitizer.sanitize(property, environment.getProperty(property)); ^ Note: Some messages have been simplified; recompile with -Xdiags:verbose to get full output 2 errors ``` In spring boot 3, changes are introduced in sanitization of actuator [endpoints](https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#actuator-endpoints-sanitization). Default `Sanitizer` implementation has been removed and replaced with `SanitizingFunction`. spring-projects/spring-boot#33448 spring-projects/spring-boot#39243 spring-projects/spring-boot#32156 So, added the `ActuatorSanitizingFunction` class to provide the default implementation of `SanitizingFunction`.

philwebb added the type: enhancement A general enhancement label Jan 19, 2024

philwebb added this to the General Backlog milestone Jan 19, 2024

philwebb added the for: team-meeting An issue we'd like to discuss as a team to make progress label Jan 19, 2024

philwebb mentioned this issue Jan 19, 2024

Improve "Sanitize Sensitive Values" section in reference documentation #39094

Closed

philwebb removed the for: team-meeting An issue we'd like to discuss as a team to make progress label Feb 14, 2024

j-sandy mentioned this issue Dec 19, 2024

chore(dependency): upgrade spring boot from 2.7.x to 3.0.x and spring cloud from 2021.0.x to 2022.0.x spinnaker/kork#1216

Draft

philwebb self-assigned this Feb 12, 2025

philwebb modified the milestones: General Backlog, 3.5.0-M2 Feb 12, 2025

philwebb closed this as completed in 3eee1f1 Feb 12, 2025

philwebb added a commit that referenced this issue Feb 12, 2025

Polish SanitizingFunction

28495d7

See gh-39243

GrahamHannington mentioned this issue Feb 15, 2025

Configuration property to export environment configuration properties to .properties or .yaml file #44289

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

philwebb commented Jan 19, 2024

philwebb commented Feb 14, 2024 •

edited

Loading

guai commented May 21, 2024

datagitlies commented May 21, 2024

datagitlies commented May 21, 2024

philwebb commented May 21, 2024

GrahamHannington commented Feb 9, 2025 •

edited

Loading

datagitlies commented Feb 10, 2025

philwebb commented Feb 12, 2025 •

edited

Loading

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Comments

philwebb commented Jan 19, 2024

philwebb commented Feb 14, 2024 • edited Loading

guai commented May 21, 2024

datagitlies commented May 21, 2024

datagitlies commented May 21, 2024

philwebb commented May 21, 2024

GrahamHannington commented Feb 9, 2025 • edited Loading

datagitlies commented Feb 10, 2025

philwebb commented Feb 12, 2025 • edited Loading

philwebb commented Feb 14, 2024 •

edited

Loading

GrahamHannington commented Feb 9, 2025 •

edited

Loading

philwebb commented Feb 12, 2025 •

edited

Loading