RpcException Handling (#11347)

Author: RohitRanjanMS

release_notes.md

@@ -20,3 +20,4 @@
 - Update Node.js Worker Version to [3.12.0](https://github.com/Azure/azure-functions-nodejs-worker/releases/tag/v3.12.0)
 - Added support for MCP custom handler. (#11355)
 - Update Python Worker Version to [4.40.0](https://github.com/Azure/azure-functions-python-worker/releases/tag/4.40.0)
+- RpcException Handling (#11347)

src/WebJobs.Script.WebHost/Diagnostics/SystemLogger.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
@@ -173,9 +173,7 @@ public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Except
                     functionName = string.IsNullOrEmpty(fex.MethodName) ? string.Empty : fex.MethodName.Replace("Host.Functions.", string.Empty);
                 }
 
-                (innerExceptionType, innerExceptionMessage, details) = exception.GetExceptionDetails();
-                formattedMessage = Sanitizer.Sanitize(formattedMessage);
-                innerExceptionMessage = innerExceptionMessage ?? string.Empty;
+                (innerExceptionType, innerExceptionMessage, details, formattedMessage) = exception.GetSanitizedExceptionDetails(formattedMessage);
             }
 
             _eventGenerator.LogFunctionTraceEvent(logLevel, subscriptionId, appName, functionName, eventName, source, details, formattedMessage, innerExceptionType, innerExceptionMessage, invocationId, _hostInstanceId, activityId, runtimeSiteName, slotName, DateTime.UtcNow);

src/WebJobs.Script.WebHost/Extensions/ExceptionExtensions.cs

@@ -1,12 +1,18 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
+using System.Text;
+using Microsoft.Azure.WebJobs.Host;
 using Microsoft.Azure.WebJobs.Logging;
+using Microsoft.Azure.WebJobs.Script.WebHost.Security;
+using Microsoft.Azure.WebJobs.Script.Workers.Rpc;
 
 namespace System
 {
     internal static class ExceptionExtensions
     {
+        private const string RedactedMessage = "[Redacted]- Customers using AppInsights or OTel can view full details.";
+
         public static (string ExceptionType, string ExceptionMessage, string ExceptionDetails) GetExceptionDetails(this Exception exception)
         {
             if (exception == null)
@@ -27,5 +33,58 @@ public static (string ExceptionType, string ExceptionMessage, string ExceptionDe
 
             return (exceptionType, exceptionMessage, exceptionDetails);
         }
+
+        /// <summary>
+        /// For FunctionInvocationException with innermost exception as RpcException, the remote message segment is replaced with a redacted
+        /// placeholder containing a stable hash so that occurrences can still be correlated without exposing the original content.
+        /// </summary>
+        /// <param name="exception">
+        /// The exception instance to inspect. Must not be null.
+        /// </param>
+        /// <param name="formattedMessage">
+        /// A pre-formatted message.
+        /// </param>
+        /// <returns>
+        /// A tuple containing:
+        /// (InnerExceptionType) The full CLR type name of the base exception.
+        /// (InnerExceptionMessage) The sanitized and safe base exception message.
+        /// (Details) The sanitized and safe formatted exception string.
+        /// (FormattedMessage) The sanitized version of the provided formattedMessage parameter.
+        /// </returns>
+        public static (string InnerExceptionType, string InnerExceptionMessage, string Details, string FormattedMessage)
+            GetSanitizedExceptionDetails(this Exception exception, string formattedMessage)
+        {
+            ArgumentNullException.ThrowIfNull(exception);
+            formattedMessage = Sanitizer.Sanitize(formattedMessage);
+
+            var baseException = exception.GetBaseException();
+            var innerType = baseException.GetType().ToString();
+            var originalMessage = baseException.Message;
+            var formattedDetails = exception.ToFormattedString();
+
+            if (exception is FunctionInvocationException && baseException is RpcException { RemoteMessage: var remoteMsg }
+                && remoteMsg is not null)
+            {
+                var redacted = GetRedactedExceptionMessage(remoteMsg);
+
+                var innerExceptionMessage = Sanitizer.Sanitize(
+                    originalMessage.Replace(remoteMsg, redacted, StringComparison.Ordinal));
+
+                var detailsSanitized = Sanitizer.Sanitize(
+                    formattedDetails.Replace(remoteMsg, redacted, StringComparison.Ordinal));
+
+                return (innerType, innerExceptionMessage, detailsSanitized, formattedMessage);
+            }
+
+            var defaultInnerExceptionMessage = Sanitizer.Sanitize(originalMessage);
+            var defaultDetails = Sanitizer.Sanitize(formattedDetails);
+
+            return (innerType, defaultInnerExceptionMessage, defaultDetails, formattedMessage);
+        }
+
+        private static string GetRedactedExceptionMessage(string msg)
+        {
+            return $"{RedactedMessage} (Hash: {EncryptionHelper.GetSHA256Base64String(Encoding.UTF8.GetBytes(msg))})";
+        }
     }
 }

src/WebJobs.Script.WebHost/Security/EncryptionHelper.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
@@ -94,7 +94,7 @@ public static string Decrypt(string value, IEnvironment environment = null)
             return Decrypt(key, value);
         }
 
-        private static string GetSHA256Base64String(byte[] key)
+        internal static string GetSHA256Base64String(byte[] key)
         {
             using (var sha256 = SHA256.Create())
             {

src/WebJobs.Script/Workers/Rpc/RpcException.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
@@ -9,7 +9,7 @@ namespace Microsoft.Azure.WebJobs.Script.Workers.Rpc
     public class RpcException : Exception
     {
         public RpcException(string result, string message, string stack, string typeName = "", bool isUserException = false)
-            : base($"Result: {result}\nException: {Sanitizer.Sanitize(message)}\nStack: {stack}")
+            : base($"Result: {result}\nType: {typeName}\nException: {Sanitizer.Sanitize(message)}\nStack: {stack}")
         {
             RemoteStackTrace = stack;
             RemoteMessage = Sanitizer.Sanitize(message);

test/WebJobs.Script.Tests/Eventing/SystemLoggerTests.cs

@@ -1,16 +1,18 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Threading.Tasks;
+using System.Text;
 using Microsoft.Azure.WebJobs.Host;
 using Microsoft.Azure.WebJobs.Host.Listeners;
 using Microsoft.Azure.WebJobs.Logging;
 using Microsoft.Azure.WebJobs.Script.Configuration;
 using Microsoft.Azure.WebJobs.Script.WebHost;
 using Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics;
+using Microsoft.Azure.WebJobs.Script.WebHost.Security;
+using Microsoft.Azure.WebJobs.Script.Workers.Rpc;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
@@ -310,6 +312,50 @@ public void AppEnvironment_Reset_OnSpecialization()
             Assert.Equal("updatedruntimesitename", evt.RuntimeSiteName);
         }
 
+        [Fact]
+        public void Log_RpcException()
+        {
+            string secretString = "{ \"AzureWebJobsStorage\": \"DefaultEndpointsProtocol=https;AccountName=testAccount1;AccountKey=mykey1;EndpointSuffix=core.windows.net\", \"AnotherKey\": \"AnotherValue\" }";
+            var innerException = new RpcException("result", secretString, "stack", "type");
+            var functionInvocationException = new FunctionInvocationException("Invocation failed", Guid.Empty, "Functions.TestFunction", innerException);
+            var formattedMessage = "Test log";
+            var hash = EncryptionHelper.GetSHA256Base64String(Encoding.UTF8.GetBytes(innerException.RemoteMessage));
+            var innerExceptionType = innerException.GetType().ToString();
+            var eventName = string.Empty;
+            var functionInvocationId = string.Empty;
+            var activityId = string.Empty;
+
+            _mockEventGenerator.Setup(p => p.LogFunctionTraceEvent(LogLevel.Error, _subscriptionId, _websiteName, _functionName, eventName, _category, It.Is<string>(s => s.Contains(hash)),
+                formattedMessage, innerExceptionType, It.Is<string>(s => s.Contains(hash)), functionInvocationId, _hostInstanceId, activityId, _runtimeSiteName, _slotName, It.IsAny<DateTime>()));
+
+            _logger.LogError(functionInvocationException, formattedMessage);
+
+            _mockEventGenerator.VerifyAll();
+        }
+
+        [Fact]
+        public void Log_NonRpcException()
+        {
+            var secretReplacement = "[Hidden Credential]";
+            var secretString = "{ \"AzureWebJobsStorage\": \"DefaultEndpointsProtocol=https;AccountName=testAccount1;AccountKey=mykey1;EndpointSuffix=core.windows.net\", \"AnotherKey\": \"AnotherValue\" }";
+            var sanitizedString = $"{{ \"AzureWebJobsStorage\": \"{secretReplacement}\", \"AnotherKey\": \"AnotherValue\" }}";
+
+            var sanitizedDetails = "System.ArgumentNullException : Value cannot be null. (Parameter 'result')";
+            var sanitizedExceptionMessage = "Value cannot be null. (Parameter 'result')";
+
+            var eventName = string.Empty;
+            var functionInvocationId = string.Empty;
+            var activityId = string.Empty;
+
+            var ex = new ArgumentNullException("result");
+
+            _mockEventGenerator.Setup(p => p.LogFunctionTraceEvent(LogLevel.Error, _subscriptionId, _websiteName, _functionName, eventName, _category, sanitizedDetails, sanitizedString, ex.GetType().ToString(), sanitizedExceptionMessage, functionInvocationId, _hostInstanceId, activityId, _runtimeSiteName, _slotName, It.IsAny<DateTime>()));
+
+            _logger.LogError(ex, Sanitizer.Sanitize(secretString));
+
+            _mockEventGenerator.VerifyAll();
+        }
+
         public class FunctionExceptionDataProvider
         {
             public static IEnumerable<object[]> TestCases