Merge pull request #421 from Microsoft/dhdoshi/sanitizeJSON

Merge Dhdoshi/sanitize json into master

Author: dhaval24

CHANGELOG.md

@@ -1,6 +1,9 @@
 # CHANGELOG
 
 ## Version 1.0.10
+- Fixed issue #403 (Exceeding property length invalidates custom event)
+- Fixed issue #401 (Custom key and property sanitized)
+- Fixed Request Telemetry Sending bug with new schema.
 - Fixed reliability issue with Jedis client dependency collector
 - Fixed Request Telemetry Sending bug with new schema
 - Schema updated to the latest version. Changes in internal namespace `core/src/main/java/com/microsoft/applicationinsights/internal/schemav2`.

core/src/main/java/com/microsoft/applicationinsights/telemetry/JsonTelemetryDataSerializer.java

@@ -21,17 +21,16 @@
 
 package com.microsoft.applicationinsights.telemetry;
 
+import com.google.common.base.Strings;
+import com.microsoft.applicationinsights.internal.schemav2.DataPointType;
+import com.microsoft.applicationinsights.internal.util.LocalStringsUtils;
+
 import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.StringWriter;
 import java.io.Writer;
 import java.util.*;
 
-import com.google.common.base.Strings;
-
-import com.microsoft.applicationinsights.internal.schemav2.*;
-import com.microsoft.applicationinsights.internal.util.LocalStringsUtils;
-
 /**
  * This class knows how to transform data that is relevant to {@link Telemetry} instances into JSON.
  */
@@ -273,8 +272,10 @@ private <T> void write(T item) throws IOException {
             {
                 out.write(String.valueOf(item));
             } else {
+                String truncatedName = truncate(String.valueOf(item), 8192);
+                String sanitizedItem = SanitizationUtils.sanitizeStringForJSON(truncatedName, false);
                 out.write(JSON_COMMA);
-                out.write(String.valueOf(item));
+                out.write(sanitizedItem);
                 out.write(JSON_COMMA);
             }
         }
@@ -295,9 +296,11 @@ private <T extends JsonSerializable> String createJsonFor(T value) throws IOExce
     }
 
     private void writeName(String name) throws IOException {
+        String truncatedString = truncate(name, 150);
+        String sanitizedName = SanitizationUtils.sanitizeStringForJSON(truncatedString, true);
         out.write(separator);
         out.write(JSON_COMMA);
-        out.write(name);
+        out.write(sanitizedName);
         out.write(JSON_COMMA);
         out.write(JSON_NAME_VALUE_SEPARATOR);
     }
@@ -347,4 +350,12 @@ protected void writeEscapedString(String value) throws IOException {
             }
         }
     }
+
+    private String truncate(String value, int len) {
+        if (value.length() > len) {
+            return value.substring(0, len);
+        }
+        return value;
+    }
+
 }

core/src/main/java/com/microsoft/applicationinsights/telemetry/SanitizationUtils.java

@@ -0,0 +1,69 @@
+package com.microsoft.applicationinsights.telemetry;
+
+import java.text.StringCharacterIterator;
+
+/**
+ * Created by dhdoshi on 09/10/2017
+ *
+ * This class provides utility functions to sanitize strings
+ * for various formats. Currently it supports JSON sanitization
+ */
+ final class SanitizationUtils {
+
+    /**
+     * This method appends escape characters to input String to prevent
+     * JSON Sanitization failure
+     * @param text
+     * @return Sanitized String suitable for JSON
+     */
+     static String sanitizeStringForJSON(String text, boolean isKey) {
+
+        final StringBuilder result = new StringBuilder();
+        StringCharacterIterator iterator = new StringCharacterIterator(text);
+
+        // allowing delta for the characters to be appended
+        int maxAllowedLength = isKey ? 148 : 8190;
+        for (char curr = iterator.current(); curr != iterator.DONE && result.length() < maxAllowedLength; curr = iterator.next()) {
+            if( curr == '\"' ){
+                result.append("\\\"");
+            }
+            else if (curr == '\'') {
+                result.append("\\\'");
+            }
+            else if(curr == '\\'){
+                result.append("\\\\");
+            }
+            else if(curr == '/'){
+                result.append("\\/");
+            }
+            else if(curr == '\b'){
+                result.append("\\b");
+            }
+            else if(curr == '\f'){
+                result.append("\\f");
+            }
+            else if(curr == '\n'){
+                result.append("\\n");
+            }
+            else if(curr == '\r'){
+                result.append("\\r");
+            }
+            else if(curr == '\t'){
+                result.append("\\t");
+            }
+            else if (!Character.isISOControl(curr)){
+                result.append(curr);
+            }
+            else {
+                if (result.length() + 7 < 8192) { // needs 7 more character space to be appended
+                    result.append("\\u");
+                    result.append((String.format( "%04x", Integer.valueOf(curr))));
+                }
+                else {
+                    break;
+                }
+            }
+        }
+        return result.toString();
+    }
+}

core/src/test/java/com/microsoft/applicationinsights/telemetry/SanitizationUtilsTests.java

@@ -0,0 +1,18 @@
+package com.microsoft.applicationinsights.telemetry;
+
+import com.microsoft.applicationinsights.telemetry.SanitizationUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class SanitizationUtilsTests {
+
+    @Test
+    public void testSanitizeStringForJSON() {
+
+        String result1 = SanitizationUtils.sanitizeStringForJSON("\\'\\f\\b\\f\\n\\r\\t/\\", false);
+        Assert.assertEquals(result1, "\\\\\\'\\\\f\\\\b\\\\f\\\\n\\\\r\\\\t\\/\\\\");
+
+        String resultControlCharVer = SanitizationUtils.sanitizeStringForJSON("\u0000", true);
+        Assert.assertEquals(resultControlCharVer, "\\u0000");
+    }
+}