Skip to content

Commit

Permalink
Feedback from Java Integration (#8272)
Browse files Browse the repository at this point in the history 
* ensure we get the exact same version of the list. this is probably paranoia but nothing telling we can't do it
* make it so that a crashing body key sanitizer is logged, but doesn't kill the sanitization session
* handle when the targeted path actually exists before attempting to secret scan it
* remove duplicate sanitizer
  • Loading branch information
@scbedd
scbedd authored May 15, 2024
1 parent 74f5758 commit 34521cc
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 31 deletions.
10 changes: 8 additions & 2 deletions tools/test-proxy/Azure.Sdk.Tools.TestProxy/Common/ModifiableRecordSession.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,20 @@ public class ModifiableRecordSession

public ModifiableRecordSession(SanitizerDictionary sanitizerRegistry, string sessionId)
{
this.AppliedSanitizers = sanitizerRegistry.SessionSanitizers.ToList();
lock(sanitizerRegistry.SessionSanitizerLock)
{
this.AppliedSanitizers = sanitizerRegistry.SessionSanitizers.ToList();
}
this.SessionId = sessionId;
}

public ModifiableRecordSession(RecordSession session, SanitizerDictionary sanitizerRegistry, string sessionId)
{
Session = session;
this.AppliedSanitizers = sanitizerRegistry.SessionSanitizers.ToList();
lock (sanitizerRegistry.SessionSanitizerLock)
{
this.AppliedSanitizers = sanitizerRegistry.SessionSanitizers.ToList();
}
this.SessionId = sessionId;
}

Expand Down
4 changes: 0 additions & 4 deletions tools/test-proxy/Azure.Sdk.Tools.TestProxy/Common/SanitizerDictionary.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -607,10 +607,6 @@ public SanitizerDictionary() {
new BodyKeySanitizer("$..apiKey"),
"AZSDK3480"
),
new RegisteredSanitizer(
new BodyKeySanitizer("$..connectionString"),
"AZSDK3481"
),
new RegisteredSanitizer(
new BodyKeySanitizer("$..password"),
"AZSDK3482"
Expand Down
21 changes: 13 additions & 8 deletions tools/test-proxy/Azure.Sdk.Tools.TestProxy/Common/SecretScanner.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,20 +38,25 @@ public List<Tuple<string, Detection>> DiscoverSecrets(string assetRepoRoot, IEnu

Parallel.ForEach(relativePaths, options, (filePath) =>
{
var content = File.ReadAllText(Path.Combine(assetRepoRoot, filePath));
var fileDetections = DetectSecrets(content);
var path = Path.Combine(assetRepoRoot, filePath);

if (fileDetections != null && fileDetections.Count > 0)
if (File.Exists(path))
{
foreach (Detection detection in fileDetections)
var content = File.ReadAllText(path);
var fileDetections = DetectSecrets(content);

if (fileDetections != null && fileDetections.Count > 0)
{
detectedSecrets.Add(Tuple.Create(filePath, detection));
foreach (Detection detection in fileDetections)
{
detectedSecrets.Add(Tuple.Create(filePath, detection));
}
}
}

Interlocked.Increment(ref seen);
Interlocked.Increment(ref seen);

Console.Write($"\r\u001b[2KScanned {seen}/{total}.");
Console.Write($"\r\u001b[2KScanned {seen}/{total}.");
}
});

Console.WriteLine(string.Empty);
Expand Down
41 changes: 24 additions & 17 deletions tools/test-proxy/Azure.Sdk.Tools.TestProxy/Sanitizers/BodyKeySanitizer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,33 +64,40 @@ public override string SanitizeTextBody(string contentType, string body)
return body;
}


if (jsonO != null)
{
foreach (JToken token in jsonO.SelectTokens(_jsonPath))
try
{
// HasValues is false for tokens with children. We will not apply sanitization if that is the case.
if (!token.HasValues)
foreach (JToken token in jsonO.SelectTokens(_jsonPath))
{
var originalValue = token.Value<string>();

// regex replacement does not support null
if (originalValue == null)
// HasValues is false for tokens with children. We will not apply sanitization if that is the case.
if (!token.HasValues)
{
continue;
}
var originalValue = token.Value<string>();

var replacement = StringSanitizer.SanitizeValue(originalValue, _newValue, _regexValue, _groupForReplace);
// regex replacement does not support null
if (originalValue == null)
{
continue;
}

// this sanitizer should only apply to actual values
// if we attempt to apply a regex update to a jtoken that has a more complex type, throw
token.Replace(JToken.FromObject(replacement));
var replacement = StringSanitizer.SanitizeValue(originalValue, _newValue, _regexValue, _groupForReplace);

if (originalValue != replacement)
{
sanitized = true;
// this sanitizer should only apply to actual values
// if we attempt to apply a regex update to a jtoken that has a more complex type, throw
token.Replace(JToken.FromObject(replacement));

if (originalValue != replacement)
{
sanitized = true;
}
}
}
}
catch(Exception e)
{
DebugLogger.LogError($"Ran into exception \"{e.Message}\" while attempting to run regex \"{_regexValue}\" against body value \"{body}\"");
return body;
}
}

Expand Down

0 comments on commit 34521cc

Please sign in to comment.