feat: Support sensitive data sanitization in errors (box/box-codegen#695) (#453)

Co-authored-by: box-sdk-build <[email protected]>

Author: box-sdk-build

.codegen.json

@@ -1 +1 @@
-{ "engineHash": "f4f1ff6", "specHash": "c303afc", "version": "1.9.0" }
+{ "engineHash": "d69fdc9", "specHash": "c303afc", "version": "1.9.0" }

Box.Sdk.Gen/Box/Errors/BoxApiException.cs

@@ -1,4 +1,5 @@
 using System;
+using Box.Sdk.Gen.Internal;
 
 namespace Box.Sdk.Gen
 {
@@ -8,10 +9,20 @@ public class BoxApiException : BoxSdkException
 
         public ResponseInfo ResponseInfo { get; }
 
+        public DataSanitizer DataSanitizer { get; init; } = new DataSanitizer();
+
         public BoxApiException(string message, DateTimeOffset timeStamp, RequestInfo requestInfo, ResponseInfo responseInfo) : base(message, timeStamp, "BoxApiException")
         {
             RequestInfo = requestInfo;
             ResponseInfo = responseInfo;
         }
+
+        public override string ToString()
+                {
+                    return $"{base.ToString()}\n" +
+                           $"{RequestInfo.Print(DataSanitizer)}\n" +
+                           $"{ResponseInfo.Print(DataSanitizer)}";
+                }
+
     }
 }

Box.Sdk.Gen/Box/Errors/RequestInfo.cs

@@ -1,5 +1,7 @@
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
+using System.Linq;
+using Box.Sdk.Gen.Internal;
 
 namespace Box.Sdk.Gen
 {
@@ -22,5 +24,23 @@ public RequestInfo(string method, string? url, IReadOnlyDictionary<string, strin
             QueryParams = queryParams ?? new ReadOnlyDictionary<string, string>(new Dictionary<string, string>());
             Headers = headers;
         }
+
+        internal string Print(DataSanitizer dataSanitizer)
+        {
+            string queryParamsString = QueryParams.Count > 0
+                ? string.Join(", ", QueryParams.Select(kvp => $"{kvp.Key}: {kvp.Value}"))
+                : "None";
+
+            string headersString = Headers.Count > 0
+                ? string.Join(", ", dataSanitizer.SanitizeHeaders(new Dictionary<string, string>(Headers)).Select(kvp => $"{kvp.Key}: {kvp.Value}"))
+                : "None";
+
+            return $"RequestInfo:\n" +
+                   $"\tMethod: {Method}\n" +
+                   $"\tURL: {Url}\n" +
+                   $"\tQuery Params: {queryParamsString}\n" +
+                   $"\tHeaders: {headersString}\n" +
+                   $"\tBody: {(string.IsNullOrEmpty(Body) ? "None" : Body)}";
+        }
     }
 }

Box.Sdk.Gen/Box/Errors/ResponseInfo.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.Json.Serialization;
 using Box.Sdk.Gen.Internal;
 
@@ -34,6 +35,29 @@ public ResponseInfo(int statusCode, IReadOnlyDictionary<string, string> headers,
             RequestId = requestId;
             HelpUrl = helpUrl;
         }
+
+        internal string Print(DataSanitizer dataSanitizer)
+        {
+            string headersString = Headers.Count > 0
+                ? string.Join(", ", dataSanitizer.SanitizeHeaders(new Dictionary<string, string>(Headers)).Select(kvp => $"{kvp.Key}: {kvp.Value}"))
+                : "None";
+
+            string contextInfoString = (ContextInfo != null && ContextInfo.Count > 0)
+                ? string.Join(", ", ContextInfo.Select(kvp => $"{kvp.Key}: {kvp.Value}"))
+                : "None";
+
+            string sanitizedBody = Body != null ? JsonUtils.SdToJson(dataSanitizer.SanitizeBody(Body)) : "None";
+
+            return $"ResponseInfo:\n" +
+                   $"\tStatus Code: {StatusCode}\n" +
+                   $"\tHeaders: {headersString}\n" +
+                   $"\tBody: {sanitizedBody}\n" +
+                   $"\tCode: {(string.IsNullOrEmpty(Code) ? "None" : Code)}\n" +
+                   $"\tContext Info: {contextInfoString}\n" +
+                   $"\tRequest ID: {(string.IsNullOrEmpty(RequestId) ? "None" : RequestId)}\n" +
+                   $"\tHelp URL: {(string.IsNullOrEmpty(HelpUrl) ? "None" : HelpUrl)}";
+        }
+
     }
 
     internal class BoxApiExceptionDetails

Box.Sdk.Gen/Internal/Logging/DataSanitizer.cs

@@ -0,0 +1,21 @@
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using Box.Sdk.Gen.Internal;
+
+namespace Box.Sdk.Gen.Internal {
+    public class DataSanitizer {
+        internal Dictionary<string, string> KeysToSanitize { get; }
+
+        public DataSanitizer() {
+            KeysToSanitize = new Dictionary<string, string>() { { "authorization", "" }, { "access_token", "" }, { "refresh_token", "" }, { "subject_token", "" }, { "token", "" }, { "client_id", "" }, { "client_secret", "" }, { "shared_link", "" }, { "download_url", "" }, { "jwt_private_key", "" }, { "jwt_private_key_passphrase", "" }, { "password", "" } };
+        }
+        public Dictionary<string, string> SanitizeHeaders(Dictionary<string, string> headers) {
+            return Utils.SanitizeMap(mapToSanitize: headers, keysToSanitize: this.KeysToSanitize);
+        }
+
+        public SerializedData SanitizeBody(SerializedData body) {
+            return JsonUtils.SanitizeSerializedData(sd: body, keysToSanitize: this.KeysToSanitize);
+        }
+
+    }
+}

Box.Sdk.Gen/Internal/Utils.cs

@@ -350,5 +350,25 @@ internal static object GetValueFromObjectRawData(object obj, string key)
 
             return current;
         }
+
+        /// <summary>
+        /// Returns a string replacement for sensitive data.
+        /// </summary>
+        /// <returns>A string replacement for sensitive data.</returns>
+        internal static string SanitizedValue() => "---[redacted]---";
+
+        /// <summary>
+        /// Sanitizes a dictionary from sensitive data.
+        /// </summary>
+        /// <param name="mapToSanitize">Dictionary to sanitize.</param>
+        /// <param name="keysToSanitize">Keys to sanitize.</param>
+        /// <returns>Sanitized dictionary.</returns>
+        internal static Dictionary<string, string> SanitizeMap(Dictionary<string, string> mapToSanitize, Dictionary<string, string> keysToSanitize)
+        {
+            return mapToSanitize.ToDictionary(kvp => kvp.Key,
+                kvp => keysToSanitize.ContainsKey(kvp.Key.ToLower()) ? SanitizedValue() : kvp.Value);
+
+        }
+
     }
 }

Box.Sdk.Gen/Networking/BoxNetworkClient/BoxNetworkClient.cs

@@ -259,7 +259,9 @@ private static async Task<Exception> BuildApiException(HttpRequestMessage reques
             var responseInfo = new ResponseInfo(statusCode, responseHeaders, responseAsSerializedData, responseContent, errorDetails.Code, errorDetails.ContextInfo,
                 errorDetails.RequestId, errorDetails.HelpUrl);
 
-            return new BoxApiException(responseContent, DateTimeOffset.UtcNow, requestInfo, responseInfo);
+            var dataSanitizer = options.NetworkSession?.DataSanitizer ?? new DataSanitizer();
+
+            return new BoxApiException(responseContent, DateTimeOffset.UtcNow, requestInfo, responseInfo) {DataSanitizer = dataSanitizer};
         }
 
         private static async Task<HttpRequestMessage> BuildHttpRequest(FetchOptions options, Stream? stream)

Box.Sdk.Gen/Networking/NetworkSession.cs

@@ -38,6 +38,11 @@ public class NetworkSession
         /// </summary>
         public INetworkClient NetworkClient { get; init; } = new BoxNetworkClient();
 
+        /// <summary>
+        /// Data sanitizer used to sanitize sensitive data for logging.
+        /// </summary>
+        public DataSanitizer DataSanitizer { get; init; } = new DataSanitizer();
+
         public NetworkSession(Dictionary<string, string>? additionalHeaders = default, BaseUrls? baseUrls = null)
         {
             AdditionalHeaders = additionalHeaders ?? new Dictionary<string, string>();
@@ -50,7 +55,7 @@ public NetworkSession(Dictionary<string, string>? additionalHeaders = default, B
         /// </summary>
         public NetworkSession WithNetworkClient(INetworkClient networkClient)
         {
-            return new NetworkSession(this.AdditionalHeaders, this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = networkClient };
+            return new NetworkSession(this.AdditionalHeaders, this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = networkClient, DataSanitizer = this.DataSanitizer };
         }
 
         /// <summary>
@@ -62,7 +67,7 @@ public NetworkSession WithNetworkClient(INetworkClient networkClient)
         /// </param>
         public NetworkSession WithAdditionalHeaders(Dictionary<string, string> additionalHeaders)
         {
-            return new NetworkSession(DictionaryUtils.MergeDictionaries(this.AdditionalHeaders, additionalHeaders), this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = this.NetworkClient};
+            return new NetworkSession(DictionaryUtils.MergeDictionaries(this.AdditionalHeaders, additionalHeaders), this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = this.NetworkClient, DataSanitizer = this.DataSanitizer };
         }
 
         /// <summary>
@@ -74,7 +79,7 @@ public NetworkSession WithAdditionalHeaders(Dictionary<string, string> additiona
         /// </param>
         public NetworkSession WithCustomBaseUrls(BaseUrls baseUrls)
         {
-            return new NetworkSession(this.AdditionalHeaders, baseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = this.NetworkClient};
+            return new NetworkSession(this.AdditionalHeaders, baseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = this.NetworkClient, DataSanitizer = this.DataSanitizer  };
         }
 
         /// <summary>
@@ -86,7 +91,15 @@ public NetworkSession WithCustomBaseUrls(BaseUrls baseUrls)
         /// </param>
         public NetworkSession WithProxy(ProxyConfig config)
         {
-            return new NetworkSession(this.AdditionalHeaders, this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = config, NetworkClient = this.NetworkClient};
+            return new NetworkSession(this.AdditionalHeaders, this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = config, NetworkClient = this.NetworkClient, DataSanitizer = this.DataSanitizer };
+        }
+
+        /// <summary>
+        /// Generate a fresh network session by duplicating the existing configuration and network parameters,
+        /// while also including a data sanitizer to be used to sanitize sensitive data for logging.
+        public NetworkSession WithDataSanitizer(DataSanitizer dataSanitizer)
+        {
+            return new NetworkSession(this.AdditionalHeaders, this.BaseUrls) { RetryAttempts = this.RetryAttempts, RetryStrategy = this.RetryStrategy, proxyConfig = this.proxyConfig, NetworkClient = this.NetworkClient, DataSanitizer = dataSanitizer };
         }
     }
 }

Box.Sdk.Gen/Serialization/Json/JsonUtils.cs

@@ -76,5 +76,24 @@ internal static string SdToUrlParams(SerializedData data)
 
             return null;
         }
+
+
+        /// <summary>
+        /// Returns a string replacement for sensitive data.
+        /// </summary>
+        /// <returns>A string replacement for sensitive data.</returns>
+        internal static string SanitizedValue() => "---[redacted]---";
+
+
+        /// <summary>
+        /// Sanitizes a SerializedData from sensitive data.
+        /// </summary>
+        /// <param name="sd">SerializedData to sanitize.</param>
+        /// <param name="keysToSanitize">Keys to sanitize.</param>
+        /// <returns>Sanitized SerializedData.</returns>
+        internal static SerializedData SanitizeSerializedData(SerializedData sd, Dictionary<string, string> keysToSanitize)
+        {
+            return sd;
+        }
     }
 }