Sanitize worker arguments before logging (#10260)

surgupta-msft · web-flow · commit 633e2c05d31a · 2024-07-02T12:04:19.000-07:00
diff --git a/src/WebJobs.Script/Workers/ProcessManagement/WorkerProcess.cs b/src/WebJobs.Script/Workers/ProcessManagement/WorkerProcess.cs
@@ -81,8 +81,9 @@ public Task StartProcessAsync()
                     Process.OutputDataReceived += (sender, e) => OnOutputDataReceived(sender, e);
                     Process.Exited += (sender, e) => OnProcessExited(sender, e);
                     Process.EnableRaisingEvents = true;
+                    string sanitizedArguments = Sanitizer.Sanitize(Process.StartInfo.Arguments);
 
-                    _workerProcessLogger?.LogDebug($"Starting worker process with FileName:{Process.StartInfo.FileName} WorkingDirectory:{Process.StartInfo.WorkingDirectory} Arguments:{Process.StartInfo.Arguments}");
+                    _workerProcessLogger?.LogDebug($"Starting worker process with FileName:{Process.StartInfo.FileName} WorkingDirectory:{Process.StartInfo.WorkingDirectory} Arguments:{sanitizedArguments}");
                     Process.Start();
                     _workerProcessLogger?.LogDebug($"{Process.StartInfo.FileName} process with Id={Process.Id} started");
 
diff --git a/test/WebJobs.Script.Tests/Workers/Http/HttpWorkerProcessTests.cs b/test/WebJobs.Script.Tests/Workers/Http/HttpWorkerProcessTests.cs
@@ -119,5 +119,47 @@ public async Task StartProcess_LinuxConsumption_TriesToAssignExecutePermissions_
             var testLogs = _testLogger.GetLogMessages();
             Assert.Contains("File path does not exist, not assigning permissions", testLogs[0].FormattedMessage);
         }
+
+        [Theory]
+        [InlineData("AccountKey=abcde==", true)]
+        [InlineData("teststring", false)]
+        public async Task StartProcess_VerifySanitizedCredentialLogging(string input, bool isSecret)
+        {
+            try
+            {
+                _httpWorkerOptions.Arguments.WorkerArguments.Add(input);
+
+                File.Create(_executablePath).Dispose();
+                TestEnvironment testEnvironment = new TestEnvironment();
+                testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerName, "TestContainer");
+                var mockHttpWorkerProcess = new HttpWorkerProcess(_testWorkerId, _rootScriptPath, _httpWorkerOptions, _mockEventManager.Object, _defaultWorkerProcessFactory, _processRegistry, _testLogger, _languageWorkerConsoleLogSource.Object, testEnvironment, new TestMetricsLogger(), _serviceProviderMock.Object, new LoggerFactory());
+
+                try
+                {
+                    await mockHttpWorkerProcess.StartProcessAsync();
+                }
+                catch
+                {
+                    // expected to throw. Just verifying a log statement occurred before then.
+                }
+
+                // Verify
+                var testLogs = _testLogger.GetLogMessages();
+
+                if (isSecret)
+                {
+                    Assert.DoesNotContain(input, testLogs[1].FormattedMessage);
+                    Assert.Contains($"Arguments: [Hidden Credential]", testLogs[1].FormattedMessage);
+                }
+                else
+                {
+                    Assert.Contains($"Arguments: {input}", testLogs[1].FormattedMessage);
+                }
+            }
+            finally
+            {
+                File.Delete(_executablePath);
+            }
+        }
     }
 }
