Skip to content

CredScan Reports - clearing noise related to "scope" in request bodies #14954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
41 commits merged into from
May 26, 2021
Merged

CredScan Reports - clearing noise related to "scope" in request bodies #14954

41 commits merged into from
May 26, 2021

Conversation

@HarshaNalluru
Copy link
Contributor

@HarshaNalluru HarshaNalluru commented Apr 20, 2021
edited
Loading

CredScan Reports - clearing noise related to "scope" in request bodies

...& Extending applyRequestBodyTransformations for browser

  • Extended the requestBodyTransformations from #14897 to handle browser tests as well.
  • Adds a default transformation to strip out the scope in the request body with the string "https://sanitized/"
  • And removed requestBodyTransformations from the setup, users won't be able to pass. The reason being, Nock doesn't support multiple .filteringRequestBody patches in the recordings. The best alternative would be to migrate to JSON recordings for node tests.

Updates after #14897

  • ("scope" in the request body is only present in the login requests.)
  • For node, as we mock the msal auth already through [Recorder] Filtering request bodies #14897, only thing left is to replace the scope URL in the recordings so that Cred scan doesn't complain with false positives - So, added a default callback at "customizationOnRecordings".
  • For browser, along with the replacements, we need to mock the new requests - So, added a new default request body transformation - which will be applicable in during the playback mode to match the new request and during the record mode to save the recording by sanitizing the scope URL to avoid false positives from Cred Scan reports.

jeremymeng
jeremymeng reviewed Apr 20, 2021
View reviewed changes
HarshaNalluru and others added 10 commits April 20, 2021 16:51
@HarshaNalluru HarshaNalluru changed the title [Recorder] Credscan reports - clearing noise & extend applyRequestBodyTransformations for browser Credscan reports - clearing noise & extend applyRequestBodyTransformations for browser Apr 21, 2021
@HarshaNalluru HarshaNalluru changed the title Credscan reports - clearing noise & extend applyRequestBodyTransformations for browser Credscan reports - clearing noise & Extending applyRequestBodyTransformations for browser Apr 21, 2021
@HarshaNalluru HarshaNalluru changed the title Credscan reports - clearing noise & Extending applyRequestBodyTransformations for browser CredScan Reports - clearing noise & Extending applyRequestBodyTransformations for browser Apr 21, 2021
@HarshaNalluru HarshaNalluru changed the title CredScan Reports - clearing noise & Extending applyRequestBodyTransformations for browser CredScan Reports - clearing noise related to "scope" in request bodies Apr 21, 2021
HarshaNalluru
HarshaNalluru commented Apr 21, 2021
View reviewed changes
sdk/test-utils/recorder/src/utils/requestBodyTransform.ts
} else {
// TODO: Browser side - not needed right now since the browser tests are not using the new identity with msal
console.log("This feature is not yet supported in the browser");
} else if (runtime === "browser" && typeof fixture !== "string") {
Copy link
Contributor Author

@HarshaNalluru HarshaNalluru Apr 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add tests

jeremymeng
jeremymeng reviewed Apr 21, 2021
View reviewed changes
sdk/test-utils/recorder/src/createRecorder.browser.ts Outdated
// This class overrides requests' 'open', 'send' and 'onreadystatechange' functions, adding our own code to them to deal with requests
export class NiseRecorder extends BaseRecorder {
private recordings: any[] = [];
private recordings: { [key: string]: unknown }[] = [];
Copy link
Member

@jeremymeng jeremymeng Apr 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Record<string, unknown>?

@HarshaNalluru HarshaNalluru marked this pull request as ready for review April 21, 2021 21:52
HarshaNalluru
HarshaNalluru commented May 12, 2021
View reviewed changes
HarshaNalluru
HarshaNalluru commented May 12, 2021
View reviewed changes
@HarshaNalluru HarshaNalluru force-pushed the harshan/recorder/filter-scope branch from 9cde294 to b3b00dd Compare May 25, 2021 08:08
jeremymeng
jeremymeng approved these changes May 25, 2021
View reviewed changes
Copy link
Member

@jeremymeng jeremymeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks a lot for the hard work!

@HarshaNalluru HarshaNalluru marked this pull request as ready for review May 26, 2021 00:30
@HarshaNalluru HarshaNalluru requested a review from bterlson as a code owner May 26, 2021 00:30
@ghost
Copy link

ghost commented May 26, 2021

Hello @HarshaNalluru!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit dd475e1 into Azure:master May 26, 2021
@HarshaNalluru HarshaNalluru mentioned this pull request Jun 16, 2021
Closed
openapi-sdkautomation bot pushed a commit to AzureSDKAutomation/azure-sdk-for-js that referenced this pull request Jul 15, 2021
CodeGen from PR 14954 in Azure/azure-rest-api-specs
7bc15ff 
Fix path at line 1557 (Azure#14954)
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeremymeng jeremymeng jeremymeng approved these changes

@chradek chradek Awaiting requested review from chradek

@deyaaeldeen deyaaeldeen Awaiting requested review from deyaaeldeen

@richardpark-msft richardpark-msft Awaiting requested review from richardpark-msft

@sadasant sadasant Awaiting requested review from sadasant

@witemple-msft witemple-msft Awaiting requested review from witemple-msft

@xirzec xirzec Awaiting requested review from xirzec

@bterlson bterlson Awaiting requested review from bterlson

Assignees

No one assigned

Labels

Client This issue points to a problem in the data-plane of the library. test-utils-recorder Label for the issues related to the common recorder

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HarshaNalluru @jeremymeng