From 508b8c0602e9937c70b7d9b31b07185a758ce7c8 Mon Sep 17 00:00:00 2001 From: Vincent Dai <23257217+vidai-msft@users.noreply.github.com> Date: Wed, 24 Jul 2024 23:43:44 -0700 Subject: [PATCH] Implement new interface properties IgnoredModules and IgnoredCmdlets to bypass unnecessary secrets detection (#25594) --- .../Accounts/CommonModule/AzModule.cs | 11 +++--- .../Sanitizer/OutputSanitizer.cs | 10 ++++++ .../Providers/DefaultProviderResolver.cs | 9 +---- .../Services/DefaultSanitizerService.cs | 8 +++-- .../Sanitizer/Services/ISanitizerService.cs | 2 +- tools/Common.Netcore.Dependencies.targets | 34 +++++++++---------- 6 files changed, 40 insertions(+), 34 deletions(-) diff --git a/src/Accounts/Accounts/CommonModule/AzModule.cs b/src/Accounts/Accounts/CommonModule/AzModule.cs index 94f82e152487..086b0d89831c 100644 --- a/src/Accounts/Accounts/CommonModule/AzModule.cs +++ b/src/Accounts/Accounts/CommonModule/AzModule.cs @@ -368,13 +368,14 @@ public void SanitizerHandler(object sanitizingObject, string telemetryId) { if (AzureSession.Instance.TryGetComponent(nameof(IOutputSanitizer), out var outputSanitizer)) { - if (outputSanitizer?.RequireSecretsDetection == true) + _telemetry.TryGetValue(telemetryId, out var qos); + if (outputSanitizer != null + && outputSanitizer.RequireSecretsDetection + && !outputSanitizer.IgnoredModules.Contains(qos?.ModuleName) + && !outputSanitizer.IgnoredCmdlets.Contains(qos?.CommandName)) { outputSanitizer.Sanitize(sanitizingObject, out var telemetry); - if (_telemetry.TryGetValue(telemetryId, out var qos)) - { - qos?.SanitizerInfo?.Combine(telemetry); - } + qos?.SanitizerInfo?.Combine(telemetry); } } } diff --git a/src/Accounts/Authentication/Sanitizer/OutputSanitizer.cs b/src/Accounts/Authentication/Sanitizer/OutputSanitizer.cs index 1cf08ab74c53..bd63e9032e5e 100644 --- a/src/Accounts/Authentication/Sanitizer/OutputSanitizer.cs +++ b/src/Accounts/Authentication/Sanitizer/OutputSanitizer.cs @@ -19,6 +19,7 @@ using System; using Microsoft.Azure.Commands.Shared.Config; using Microsoft.Azure.Commands.Common.Authentication.Sanitizer.Providers; +using System.Linq; namespace Microsoft.Azure.Commands.Common.Authentication.Sanitizer { @@ -37,6 +38,15 @@ public bool RequireSecretsDetection } } + public IEnumerable IgnoredModules => Enumerable.Empty(); + + public IEnumerable IgnoredCmdlets => new[] + { + "Get-AzActivityLog", + "Get-AzComputeResourceSku", + "Get-AzConsumptionUsageDetail", + }; + public void Sanitize(object sanitizingObject, out SanitizerTelemetry telemetry) { var watch = Stopwatch.StartNew(); diff --git a/src/Accounts/Authentication/Sanitizer/Providers/DefaultProviderResolver.cs b/src/Accounts/Authentication/Sanitizer/Providers/DefaultProviderResolver.cs index 2fe8ca66c3f2..546c4e41316d 100644 --- a/src/Accounts/Authentication/Sanitizer/Providers/DefaultProviderResolver.cs +++ b/src/Accounts/Authentication/Sanitizer/Providers/DefaultProviderResolver.cs @@ -184,14 +184,7 @@ private bool IsOfTypeCustomObject(Type type) private bool IsIgnoredProperty(string typeName, string propertyName) { - bool ignored = false; - - if (Service.IgnoredProperties.ContainsKey(typeName)) - { - ignored = Service.IgnoredProperties[typeName].Contains(propertyName); - } - - return ignored; + return Service.IgnoredProperties.TryGetValue(typeName, out var propertyNames) && propertyNames.Contains(propertyName); } private SanitizerProviderBase CreateCustomObjectProvider(Type objType) diff --git a/src/Accounts/Authentication/Sanitizer/Services/DefaultSanitizerService.cs b/src/Accounts/Authentication/Sanitizer/Services/DefaultSanitizerService.cs index c8f595eac2d9..fd8c67488cbf 100644 --- a/src/Accounts/Authentication/Sanitizer/Services/DefaultSanitizerService.cs +++ b/src/Accounts/Authentication/Sanitizer/Services/DefaultSanitizerService.cs @@ -19,7 +19,7 @@ namespace Microsoft.Azure.Commands.Common.Authentication.Sanitizer.Services { internal class DefaultSanitizerService : ISanitizerService { - public Dictionary> IgnoredProperties => new Dictionary>() + public IReadOnlyDictionary> IgnoredProperties => new Dictionary>() { /* * This dictionary is used to store the properties that should be ignored during sanitization. @@ -35,9 +35,11 @@ internal class DefaultSanitizerService : ISanitizerService { "Microsoft.WindowsAzure.Commands.Common.Storage.ResourceModel.AzureStorageFileShare", new[] { "ShareProperties" } }, { "Microsoft.WindowsAzure.Commands.Common.Storage.ResourceModel.AzureStorageFileDirectory", new[] { "ShareDirectoryProperties" } }, - // Skip infinite recursion properties that cause performance concern + // Skip large properties + { "Microsoft.Azure.Storage.Blob.CloudBlob", new[] { "ICloudBlob" } }, + { "Microsoft.Azure.Storage.File.CloudFile", new[] { "CloudFile" } }, - // Storage + // Skip infinite recursion properties { "Microsoft.Azure.Storage.Blob.CloudBlobDirectory", new[] { "Parent" } }, { "Microsoft.Azure.Storage.File.CloudFileDirectory", new[] { "Parent" } }, }; diff --git a/src/Accounts/Authentication/Sanitizer/Services/ISanitizerService.cs b/src/Accounts/Authentication/Sanitizer/Services/ISanitizerService.cs index df31c42e679b..2f24cac0de30 100644 --- a/src/Accounts/Authentication/Sanitizer/Services/ISanitizerService.cs +++ b/src/Accounts/Authentication/Sanitizer/Services/ISanitizerService.cs @@ -18,7 +18,7 @@ namespace Microsoft.Azure.Commands.Common.Authentication.Sanitizer.Services { public interface ISanitizerService { - Dictionary> IgnoredProperties { get; } + IReadOnlyDictionary> IgnoredProperties { get; } bool TrySanitizeData(string data, out string sanitizedData); } diff --git a/tools/Common.Netcore.Dependencies.targets b/tools/Common.Netcore.Dependencies.targets index df987dd14ab0..fb4e1c1aa9c7 100644 --- a/tools/Common.Netcore.Dependencies.targets +++ b/tools/Common.Netcore.Dependencies.targets @@ -3,22 +3,22 @@ - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + @@ -37,7 +37,7 @@ - $(NugetPackageRoot)\microsoft.azure.powershell.storage\1.3.98-preview\tools\ + $(NugetPackageRoot)\microsoft.azure.powershell.storage\1.3.99-preview\tools\