Merge branch 'dev' into jviau/eng/packages-props

Author: jviau

NuGet.config

@@ -8,5 +8,6 @@
     <add key="AzureFunctionsRelease" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsRelease/nuget/v3/index.json" />
     <add key="AzureFunctionsPreRelease" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsPreRelease/nuget/v3/index.json" />
     <add key="AzureFunctionsTempStaging" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsTempStaging/nuget/v3/index.json" />
+    <add key="AzureFunctionsInfra" value="https://pkgs.dev.azure.com/azfunc/public/_packaging/infra/nuget/v3/index.json" />
   </packageSources>
 </configuration>

eng/ci/templates/official/jobs/process-coldstart.yml

@@ -37,7 +37,6 @@ jobs:
       artifact: $(artifactName)
 
   steps:
-  - checkout: none
   - pwsh: |
         $sampleSize = $env:SAMPLE_SIZE
         $values = @()
@@ -98,15 +97,8 @@ jobs:
       scriptType: 'pscore'
       scriptLocation: 'inlineScript'
       inlineScript: |
-        $json = Get-Content -Path $(resultsJsonPath) -Raw
-        $dateTimeUtc = [datetimeoffset]::UtcNow
-
-        $query = @"
-        INSERT INTO ColdStart (DateTimeUtc, OS, Description, Document)
-        VALUES ('$dateTimeUtc', '${{ parameters.os }}', '${{ parameters.description }}', '$json')
-        "@
-
-        Invoke-Sqlcmd -ConnectionString "$(ColdStartResultsSqlConnectionString)" -Query $query
-
+        $env:PATH = [System.IO.Path]::Combine($env:USERPROFILE, ".dotnet", "tools") + ";$env:PATH"
+        dotnet tool install -g Microsoft.Azure.Functions.ColdStartDataWriter --prerelease
+        func-cold-start-data-writer --os '${{ parameters.os }}' --description '${{ parameters.description }}' --sql-connection '$(ColdStartResultsSqlConnectionString)' --document-file-path '$(resultsJsonPath)'
     displayName: Persist results
     condition: eq(variables['Build.Reason'], 'Schedule')

release_notes.md

@@ -8,4 +8,6 @@
 - Fix startup deadlock on transient exceptions (#11142)
 - Add warning log for end of support bundle version, any bundle version < 4 (#11075), (#11160)
 - Handles loading extensions.json with empty extensions(#11174)
-- Update HttpWorkerOptions to implement IOptionsFormatter (#11175)
+- Update HttpWorkerOptions to implement IOptionsFormatter (#11175)
+- Improved metadata binding validation (#11101)
+- Skip logging errors on gRPC client disconnect (#10572)

src/WebJobs.Script.Grpc/Server/FunctionRpcService.cs

@@ -2,16 +2,17 @@
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
+using System.IO;
 using System.Reactive.Linq;
 using System.Threading;
 using System.Threading.Channels;
 using System.Threading.Tasks;
 using Grpc.Core;
+using Microsoft.AspNetCore.Connections;
 using Microsoft.Azure.WebJobs.Script.Eventing;
 using Microsoft.Azure.WebJobs.Script.Grpc.Eventing;
 using Microsoft.Azure.WebJobs.Script.Grpc.Messages;
 using Microsoft.Extensions.Logging;
-
 using MsgType = Microsoft.Azure.WebJobs.Script.Grpc.Messages.StreamingMessage.ContentOneofCase;
 
 namespace Microsoft.Azure.WebJobs.Script.Grpc
@@ -75,6 +76,14 @@ static Task<Task<bool>> MoveNextAsync(IAsyncStreamReader<StreamingMessage> reque
                     }
                 }
             }
+            catch (IOException ex) when (ex.InnerException is ConnectionAbortedException && context.CancellationToken.IsCancellationRequested)
+            {
+                // Expected when the client disconnects.
+                // Client side stream termination (e.g., process exit or network interruption)
+                // can cause MoveNext() to throw an IOException with a ConnectionAbortedException as the inner exception.
+                // If ServerCallContext's cancellation token is also canceled at this point, the exception can be safely ignored.
+                return;
+            }
             catch (Exception rpcException)
             {
                 // We catch the exception, just to report it, then re-throw it

src/WebJobs.Script/Host/MetadataJsonHelper.cs

@@ -0,0 +1,99 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Immutable;
+using System.IO;
+using System.Linq;
+using Microsoft.Azure.WebJobs.Logging;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.Azure.WebJobs.Script
+{
+    internal static class MetadataJsonHelper
+    {
+        /// <summary>
+        /// Sanitizes the values of top-level properties in the specified <see cref="JObject"/>
+        /// whose names match any in the provided collection, using case-insensitive comparison.
+        /// The original property casing is preserved.
+        /// <strong>Note:</strong> This method mutates the input <see cref="JObject"/> only if one or more property values are sanitized.
+        /// </summary>
+        /// <param name="jsonObject">The <see cref="JObject"/> to sanitize. This object may be modified in place.</param>
+        /// <param name="propertyNames">A collection of top-level property names to sanitize.</param>
+        /// <returns>
+        /// The modified <see cref="JObject"/> with the specified properties' values sanitized if found.
+        /// </returns>
+        /// <exception cref="ArgumentNullException">
+        /// Thrown if <paramref name="jsonObject"/> or <paramref name="propertyNames"/> is <c>null</c>.
+        /// </exception>
+        public static JObject SanitizeProperties(JObject jsonObject, ImmutableHashSet<string> propertyNames)
+        {
+            ArgumentNullException.ThrowIfNull(jsonObject, nameof(jsonObject));
+            ArgumentNullException.ThrowIfNull(propertyNames, nameof(propertyNames));
+
+            if (propertyNames.Count == 0)
+            {
+                return jsonObject;
+            }
+
+            foreach (var prop in jsonObject.Properties())
+            {
+                if (propertyNames.Contains(prop.Name, StringComparer.OrdinalIgnoreCase))
+                {
+                    if (prop.Value.Type == JTokenType.Null)
+                    {
+                        continue;
+                    }
+
+                    var valueToSanitize = prop.Value.Type == JTokenType.String ? (string)prop.Value : prop.Value.ToString();
+                    jsonObject[prop.Name] = Sanitizer.Sanitize(valueToSanitize);
+                }
+            }
+
+            return jsonObject;
+        }
+
+        /// <summary>
+        /// Parses the input JSON string into a <see cref="JObject"/> and sanitizes the values of top-level properties
+        /// whose names match any in the provided collection, using case-insensitive comparison.
+        /// The original property casing is preserved. Allows customization of JSON date parsing behavior.
+        /// </summary>
+        /// <param name="json">The JSON string to parse and sanitize.</param>
+        /// <param name="propertyNames">A collection of top-level property names to sanitize. Case-insensitive matching is used.</param>
+        /// <param name="dateParseHandling">
+        /// Specifies how date strings should be parsed. Defaults to <see cref="DateParseHandling.None"/> to avoid automatic date conversion.
+        /// </param>
+        /// <returns>
+        /// A <see cref="JObject"/> representing the parsed JSON, with the specified properties' values sanitized if found.
+        /// </returns>
+        /// <exception cref="ArgumentException">
+        /// Thrown if <paramref name="json"/> is <c>null</c>, empty, or whitespace.
+        /// </exception>
+        /// <exception cref="ArgumentNullException">
+        /// Thrown if <paramref name="propertyNames"/> is <c>null</c>.
+        /// </exception>
+        /// <exception cref="JsonReaderException">
+        /// Thrown if <paramref name="json"/> is not a valid JSON string.
+        /// </exception>
+        public static JObject CreateJObjectWithSanitizedPropertyValue(string json, ImmutableHashSet<string> propertyNames, DateParseHandling dateParseHandling = DateParseHandling.None)
+        {
+            if (string.IsNullOrWhiteSpace(json))
+            {
+                throw new ArgumentException("Input JSON cannot be null or empty.", nameof(json));
+            }
+
+            ArgumentNullException.ThrowIfNull(propertyNames, nameof(propertyNames));
+
+            using var stringReader = new StringReader(json);
+            using var jsonReader = new JsonTextReader(stringReader)
+            {
+                DateParseHandling = dateParseHandling
+            };
+
+            var jsonObject = JObject.Load(jsonReader);
+
+            return SanitizeProperties(jsonObject, propertyNames);
+        }
+    }
+}

test/WebJobs.Script.Tests/MetadataJsonHelperTests.cs

@@ -0,0 +1,129 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Immutable;
+using Newtonsoft.Json.Linq;
+using Xunit;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests
+{
+    public sealed class MetadataJsonHelperTests
+    {
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_NullJsonObject_ThrowsArgumentNullException()
+        {
+            JObject jsonObject = null;
+            ImmutableHashSet<string> propertyNames = ["sensitiveProperty"];
+
+            Assert.Throws<ArgumentNullException>(() => MetadataJsonHelper.SanitizeProperties(jsonObject, propertyNames));
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_NullPropertyNames_ThrowsArgumentNullException()
+        {
+            var jsonObject = new JObject();
+            ImmutableHashSet<string> propertyNames = null;
+
+            Assert.Throws<ArgumentNullException>(() => MetadataJsonHelper.SanitizeProperties(jsonObject, propertyNames));
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_ValidInput_SanitizesMatchingProperties()
+        {
+            var jsonObject = new JObject
+            {
+                { "sensitiveProperty1", "AccountKey=foo" },
+                { "sensitiveProperty2", "MyConnection" },
+                { "SENSITIVEPROPERTY3", "AccountKey=bar" },
+                { "otherProperty", "value2" }
+            };
+            var sensitiveBindingPropertyNames = ImmutableHashSet.Create("sensitiveProperty1", "sensitiveproperty2", "sensitiveproperty3");
+
+            var result = MetadataJsonHelper.SanitizeProperties(jsonObject, sensitiveBindingPropertyNames);
+
+            Assert.Equal("[Hidden Credential]", result["sensitiveProperty1"].ToString());
+            Assert.Equal("MyConnection", result["sensitiveProperty2"].ToString());
+            Assert.Equal("[Hidden Credential]", result["SENSITIVEPROPERTY3"].ToString());
+            Assert.Equal("value2", result["otherProperty"].ToString());
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_NoMatchingProperties_DoesNotSanitize()
+        {
+            var jsonObject = new JObject
+            {
+                { "otherProperty1", "value1" },
+                { "otherProperty2", "value2" },
+                { "otherProperty3", "AccountKey=foo" }
+            };
+            var sensitiveBindingPropertyNames = ImmutableHashSet.Create("sensitiveProperty");
+
+            var result = MetadataJsonHelper.SanitizeProperties(jsonObject, sensitiveBindingPropertyNames);
+
+            Assert.Equal("value1", result["otherProperty1"].ToString());
+            Assert.Equal("value2", result["otherProperty2"].ToString());
+            Assert.Equal("AccountKey=foo", result["otherProperty3"].ToString());
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_StringInput_NullOrEmptyJson_ThrowsArgumentException()
+        {
+            string json = null;
+            var propertyNames = ImmutableHashSet.Create("sensitiveProperty");
+
+            Assert.Throws<ArgumentException>(() => MetadataJsonHelper.CreateJObjectWithSanitizedPropertyValue(json, propertyNames));
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_StringInput_InvalidJson_ThrowsJsonReaderException()
+        {
+            var json = "invalid json";
+            var propertyNames = ImmutableHashSet.Create("sensitiveProperty");
+
+            Assert.Throws<Newtonsoft.Json.JsonReaderException>(() => MetadataJsonHelper.CreateJObjectWithSanitizedPropertyValue(json, propertyNames));
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_StringInput_ValidJson_SanitizesMatchingProperties()
+        {
+            var json = """{ "SensitiveProperty": "pwd=12345", "otherProperty": "value2" }""";
+            var propertyNames = ImmutableHashSet.Create("sensitiveproperty");
+
+            var result = MetadataJsonHelper.CreateJObjectWithSanitizedPropertyValue(json, propertyNames);
+
+            Assert.Equal("[Hidden Credential]", result["SensitiveProperty"].ToString());
+            Assert.Equal("value2", result["otherProperty"].ToString());
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_NullSensitiveProperty_DoesNotThrow()
+        {
+            var jsonObject = new JObject
+            {
+                { "connection", null },
+                { "otherProperty1", "value1" },
+                { "otherProperty2", string.Empty }
+            };
+            var propertyNames = ImmutableHashSet.Create("connection", "otherProperty2");
+
+            var result = MetadataJsonHelper.SanitizeProperties(jsonObject, propertyNames);
+
+            Assert.Equal(JTokenType.Null, result["connection"].Type); // Ensure null remains null
+            Assert.Equal("value1", result["otherProperty1"].ToString());
+            Assert.Equal(string.Empty, result["otherProperty2"].ToString()); // Ensure empty string remains empty
+        }
+
+        [Fact]
+        public void CreateJObjectWithSanitizedPropertyValue_StringInput_DateTimeWithTimezoneOffset_RemainsUnchanged()
+        {
+            var json = """{ "timestamp": "2025-07-03T12:30:45+02:00", "otherProperty": "value2" }""";
+            var propertyNames = ImmutableHashSet.Create("sensitiveProperty");
+
+            var result = MetadataJsonHelper.CreateJObjectWithSanitizedPropertyValue(json, propertyNames);
+
+            Assert.Equal("2025-07-03T12:30:45+02:00", result["timestamp"].ToObject<string>());  // ensure the value remains unchanged(not parsed as DateTime)
+            Assert.Equal("value2", result["otherProperty"].ToString());
+        }
+    }
+}