Implement AzModule for secrets detection in autorest (#24411)

Author: vidai-msft

src/Accounts/Accounts/ChangeLog.md

@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Implemented secrets detection feature for autorest modules.
 * Added `AsSecureString` to `Get-AzAccessToken` to convert the returned token to SecureString [#24190].
 * Upgraded Azure.Core to 1.37.0.
 

src/Accounts/Accounts/CommonModule/AzModule.cs

@@ -18,6 +18,7 @@
 using Microsoft.Rest.Azure;
 using Microsoft.Rest.Serialization;
 using Microsoft.WindowsAzure.Commands.Common;
+using Microsoft.WindowsAzure.Commands.Common.Sanitizer;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Newtonsoft.Json;
 using System;
@@ -31,7 +32,6 @@
 
 namespace Microsoft.Azure.Commands.Common
 {
-
     using GetEventData = Func<EventArgs>;
     using PipelineChangeDelegate = Action<Func<HttpRequestMessage, CancellationToken, Action, Func<string, CancellationToken, Func<EventArgs>, Task>, Func<HttpRequestMessage, CancellationToken, Action, Func<string, CancellationToken, Func<EventArgs>, Task>, Task<HttpResponseMessage>>, Task<HttpResponseMessage>>>;
     using SignalDelegate = Func<string, CancellationToken, Func<EventArgs>, Task>;
@@ -66,7 +66,6 @@ static AzModule()
             DeserializationSettings.Converters.Add(new CloudErrorJsonConverter());
         }
 
-
         public AzModule(ICommandRuntime runtime, IEventStore eventHandler)
         {
             _runtime = runtime;
@@ -84,11 +83,10 @@ public AzModule(ICommandRuntime runtime, IEventStore store, TelemetryProvider pr
         {
             _deferredEvents = store;
             _runtime = runtime;
-            _logger = new AdalLogger(_deferredEvents.GetDebugLogger()); ;
+            _logger = new AdalLogger(_deferredEvents.GetDebugLogger());
             _telemetry = provider;
         }
 
-
         /// <summary>
         /// Called when the module is loading. Allows adding HTTP pipeline steps that will always be present.
         /// </summary>
@@ -366,6 +364,40 @@ await signal(Events.Debug, cancellationToken,
             }
         }
 
+        public void SanitizerHandler(object sanitizingObject, string telemetryId)
+        {
+            if (AzureSession.Instance.TryGetComponent<IOutputSanitizer>(nameof(IOutputSanitizer), out var outputSanitizer))
+            {
+                if (outputSanitizer?.RequireSecretsDetection == true)
+                {
+                    outputSanitizer.Sanitize(sanitizingObject, out var telemetry);
+                    if (_telemetry.TryGetValue(telemetryId, out var qos))
+                    {
+                        qos?.SanitizerInfo?.Combine(telemetry);
+                    }
+                }
+            }
+        }
+
+        public Dictionary<string, string> GetTelemetryInfo(string telemetryId)
+        {
+            Dictionary<string, string> telemetryInfo = null;
+            if (_telemetry.TryGetValue(telemetryId, out var qos))
+            {
+                if (qos?.SanitizerInfo?.DetectedProperties?.Count > 0)
+                {
+                    var sanitizedProperties = string.Join(", ", qos.SanitizerInfo.DetectedProperties);
+                    var invocationName = qos.InvocationName;
+                    telemetryInfo = new Dictionary<string, string>
+                    {
+                        { "SanitizedProperties", sanitizedProperties },
+                        { "InvocationName", invocationName }
+                    };
+                }
+            }
+
+            return telemetryInfo;
+        }
 
         /// <summary>
         /// Free resources associated with this instance
@@ -393,7 +425,6 @@ public virtual void Dispose(bool disposing)
             }
         }
 
-
         private async void DrainDeferredEvents(SignalDelegate signal, CancellationToken token)
         {
             EventData data;
@@ -403,5 +434,4 @@ private async void DrainDeferredEvents(SignalDelegate signal, CancellationToken
             }
         }
     }
-
 }

src/Accounts/Accounts/CommonModule/RegisterAzModule.cs

@@ -58,6 +58,12 @@ protected override void ProcessRecord()
                     // this gets called at module load time (allows you to change the http pipeline)
                     OnModuleLoad = module.OnModuleLoad,
 
+                    // this gets called to sanitize the output object
+                    SanitizerHandler = module.SanitizerHandler,
+
+                    // this gets called to get the sanitizer info
+                    GetTelemetryInfo = module.GetTelemetryInfo,
+
                     // this gets called before the generated cmdlet makes a call across the wire (allows you to change the HTTP pipeline)
                     OnNewRequest = ContextAdapter.Instance.OnNewRequest,
 

src/Accounts/Accounts/CommonModule/TelemetryProvider.cs

@@ -19,6 +19,7 @@
 using Microsoft.Azure.Commands.Profile.CommonModule;
 using Microsoft.Azure.Commands.Profile.Properties;
 using Microsoft.WindowsAzure.Commands.Common;
+using Microsoft.WindowsAzure.Commands.Common.Sanitizer;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Collections;
@@ -155,6 +156,7 @@ public virtual AzurePSQoSEvent CreateQosEvent(InvocationInfo invocationInfo, str
                 PSVersion = AzurePSCmdlet.PowerShellVersion,
                 HostVersion = AzurePSCmdlet.PSHostVersion,
                 PSHostName = AzurePSCmdlet.PSHostName,
+                SanitizerInfo = new SanitizerTelemetry()
             };
 
             if (invocationInfo != null)

src/Accounts/Accounts/CommonModule/VTable.cs

@@ -33,6 +33,8 @@ namespace Microsoft.Azure.Commands.Common
                                         global::System.Action<global::System.Func<global::System.Net.Http.HttpRequestMessage, global::System.Threading.CancellationToken, global::System.Action, global::System.Func<string, global::System.Threading.CancellationToken, global::System.Func<global::System.EventArgs>, global::System.Threading.Tasks.Task>, global::System.Func<global::System.Net.Http.HttpRequestMessage, global::System.Threading.CancellationToken, global::System.Action, global::System.Func<string, global::System.Threading.CancellationToken, global::System.Func<global::System.EventArgs>, global::System.Threading.Tasks.Task>, global::System.Threading.Tasks.Task<global::System.Net.Http.HttpResponseMessage>>, global::System.Threading.Tasks.Task<global::System.Net.Http.HttpResponseMessage>>>,
                                         global::System.Func<string, string, string, string, global::System.Uri, string>,
                                         System.Collections.Generic.IDictionary<string, object>>;
+    using SanitizerDelegate = Action<object, string>;
+    using GetTelemetryInfoDelegate = Func<string, System.Collections.Generic.Dictionary<string, string>>;
 
     /// <summary>
     /// The Virtual Call table of the functions to be exported to the generated module
@@ -58,7 +60,6 @@ public class VTable
 
         public TelemetryDelegate Telemetry;
 
-
         /// <summary>
         /// The cmdlet will call this for every event during the pipeline. 
         /// </summary>
@@ -104,6 +105,10 @@ public class VTable
 
         public AuthorizeRequestDelegate AddAuthorizeRequestHandler;
 
+        public SanitizerDelegate SanitizerHandler;
+
+        public GetTelemetryInfoDelegate GetTelemetryInfo;
+
         /// <summary>
         /// Called for well-known parameters that require argument completers, it
         /// </summary>

src/Accounts/Authentication/Sanitizer/Providers/SanitizerProperty.cs

@@ -29,7 +29,8 @@ public class SanitizerProperty
 
         public SanitizerProperty(PropertyInfo property)
         {
-            PropertyName = property.Name;
+            var fullPropName = property.Name;
+            PropertyName = fullPropName.Contains(".") ? fullPropName.Substring(fullPropName.LastIndexOf('.') + 1) : fullPropName;
             PropertyType = property.PropertyType;
             ValueSupplier = property;
         }