Improve host.json sanitization on v1.x (#9625)

Author: jviau

src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj

@@ -503,7 +503,6 @@
     <Compile Include="Diagnostics\ExtendedEventSource.cs" />
     <Compile Include="Diagnostics\FunctionsEventSource.cs" />
     <Compile Include="Diagnostics\FunctionsSystemLogsEventSource.cs" />
-    <Compile Include="Diagnostics\Sanitizer.cs" />
     <Compile Include="Extensions\FunctionMetadataExtensions.cs" />
     <Compile Include="Extensions\HttpRouteCollectionExtensions.cs" />
     <Compile Include="Extensions\HttpRouteFactoryExtensions.cs" />

src/WebJobs.Script.WebHost/Diagnostics/Sanitizer.cs renamed to src/WebJobs.Script/Diagnostics/Sanitizer.cs

@@ -11,12 +11,12 @@ namespace Microsoft.Azure.WebJobs.Logging
     // Note: This file is shared between the WebJobs SDK and Script repos. Update both if changes are needed.
     internal static class Sanitizer
     {
-        private const string SecretReplacement = "[Hidden Credential]";
+        public const string SecretReplacement = "[Hidden Credential]";
         private static readonly char[] ValueTerminators = new char[] { '<', '"', '\'' };
 
         // List of keywords that should not be replaced with [Hidden Credential]
         private static readonly string[] AllowedTokens = new string[] { "PublicKeyToken=" };
-        private static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&amp;sig=", "SharedAccessKey=" };
+        private static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&amp;sig=", "&sig=", "?sig=", "SharedAccessKey=" };
 
         /// <summary>
         /// Removes well-known credential strings from strings.

src/WebJobs.Script/Host/ScriptHost.cs

@@ -44,6 +44,9 @@ public class ScriptHost : JobHost
         private const string HostAssemblyName = "ScriptHost";
         private const string GeneratedTypeNamespace = "Host";
         internal const string GeneratedTypeName = "Functions";
+
+        private static readonly string[] CredentialNameFragments = new[] { "password", "pwd", "key", "secret", "token", "sas" };
+
         private readonly IScriptHostEnvironment _scriptHostEnvironment;
         private readonly string _storageConnectionString;
         private readonly IMetricsLogger _metricsLogger;
@@ -308,19 +311,70 @@ public void Initialize()
         internal static string SanitizeHostJson(JObject hostJsonObject)
         {
             JObject sanitizedObject = new JObject();
-
             foreach (var propName in WellKnownHostJsonProperties)
             {
                 var propValue = hostJsonObject[propName];
                 if (propValue != null)
                 {
-                    sanitizedObject[propName] = propValue;
+                    sanitizedObject[propName] = Sanitize(propValue);
                 }
             }
 
             return sanitizedObject.ToString();
         }
 
+        private static JToken Sanitize(JToken token)
+        {
+            if (token is JObject obj)
+            {
+                JObject sanitized = new JObject();
+                foreach (var prop in obj)
+                {
+                    if (IsPotentialCredential(prop.Key))
+                    {
+                        sanitized[prop.Key] = Sanitizer.SecretReplacement;
+                    }
+                    else
+                    {
+                        sanitized[prop.Key] = Sanitize(prop.Value);
+                    }
+                }
+
+                return sanitized;
+            }
+
+            if (token is JArray arr)
+            {
+                JArray sanitized = new JArray();
+                foreach (var value in arr)
+                {
+                    sanitized.Add(Sanitize(value));
+                }
+
+                return sanitized;
+            }
+
+            if (token.Type == JTokenType.String)
+            {
+                return Sanitizer.Sanitize(token.ToString());
+            }
+
+            return token;
+        }
+
+        private static bool IsPotentialCredential(string name)
+        {
+            foreach (string fragment in CredentialNameFragments)
+            {
+                if (name.IndexOf(fragment, StringComparison.OrdinalIgnoreCase) != -1)
+                {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+
         // Validate that for any precompiled assembly, all functions have the same configuration precedence.
         private void VerifyPrecompileStatus(IEnumerable<FunctionDescriptor> functions)
         {

src/WebJobs.Script/WebJobs.Script.csproj

@@ -516,6 +516,7 @@
     <Compile Include="HostInitializationException.cs" />
     <Compile Include="Scale\ApplicationPerformanceCounters.cs" />
     <Compile Include="Diagnostics\CompositeTraceWriter.cs" />
+    <Compile Include="Diagnostics\Sanitizer.cs" />
     <Compile Include="Description\Binding\BindingDirection.cs" />
     <Compile Include="Description\Binding\BindingMetadata.cs" />
     <Compile Include="Description\DotNet\DotNetConstants.cs" />

test/WebJobs.Script.Tests/ScriptHostTests.cs

@@ -1244,18 +1244,32 @@ public void Initialize_Sanitizes_HostJsonLog()
                 Directory.CreateDirectory(rootPath);
             }
 
-            // Turn off all logging. We shouldn't see any output.
             string hostJsonContent = @"
             {
                 'functionTimeout': '00:05:00',
                 'functions': [ 'FunctionA', 'FunctionB' ],
                 'logger': {
                     'categoryFilter': {
                         'defaultLevel': 'Information'
-                    }
+                    },
+                    'prop': 'Hey=AS1$@%#$%W-k2j"";SharedAccessKey=foo,Data Source=barzons,Server=bathouse""testing',
+                    'values': [ 'plain', 10, 'Password=hunter2' ],
+                    'my-password': 'hunter2',
+                    'service_token': 'token',
+                    'StorageSas': 'access',
+                    'aSecret': { 'value1': 'value' }
                 },
                 'Values': {
                     'MyCustomValue': 'abc'
+                },
+                'applicationInsights': {
+                    'prop': 'Hey=AS1$@%#$%W-k2j"";SharedAccessKey=foo,Data Source=barzons,Server=bathouse""testing',
+                    'values': [ 'plain', 10, 'Password=hunter2' ],
+                    'sampleSettings': {
+                        'my-password': 'hunter2',
+                        'service_token': 'token',
+                        'StorageSas': 'access'
+                    }
                 }
             }";
 
@@ -1283,6 +1297,21 @@ public void Initialize_Sanitizes_HostJsonLog()
                 'logger': {
                     'categoryFilter': {
                         'defaultLevel': 'Information'
+                    },
+                    'prop': 'Hey=AS1$@%#$%W-k2j"";[Hidden Credential]""testing',
+                    'values': [ 'plain', 10, '[Hidden Credential]' ],
+                    'my-password': '[Hidden Credential]',
+                    'service_token': '[Hidden Credential]',
+                    'StorageSas': '[Hidden Credential]',
+                    'aSecret': '[Hidden Credential]'
+                },
+                'applicationInsights': {
+                    'prop': 'Hey=AS1$@%#$%W-k2j"";[Hidden Credential]""testing',
+                    'values': [ 'plain', 10, '[Hidden Credential]' ],
+                    'sampleSettings': {
+                        'my-password': '[Hidden Credential]',
+                        'service_token': '[Hidden Credential]',
+                        'StorageSas': '[Hidden Credential]'
                     }
                 }
             }";