Mirrors/PowerToys
1
0
Fork 0
mirror of https://github.com/microsoft/PowerToys.git synced 2026-04-05 02:36:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

CmdPal: GEH per partes; part 1: error report builder, sanitizer and internals tools setting page (#44140)

Browse Source 
<!-- Enter a brief description/summary of your PR here. What does it
fix/what does it change/how was it tested (even manually, if necessary)?
-->
## Summary of the Pull Request

This PR adds three parts of the original big bad global error handler
(error report builder, sanitization and internal tools UI).

### Error Report Generation

- `ErrorReportBuilder`: Produces a detailed, technical report with
system context.
- Comprehensive data: OS version, architecture, culture, app version,
elevation status, etc.
- Exception analysis: Coalesces nested exception messages and HRESULT
details for clearer diagnostics.

<details><summary>Example</summary>
<pre>

This is an error report generated by Windows Command Palette.
If you are seeing this, it means something went a little sideways in the
app.
You can help us fix it by filing a report at
https://aka.ms/powerToysReportBug.

(While you’re at it, give the details below a quick skim — just to make
sure there’s nothing personal you’d prefer not to share. It’s rare, but
sometimes little surprises sneak in.)
============================================================
Summary:
  Message:               Test exception; thrown from the UI thread
  Type:                  System.NotImplementedException
  Source:                Microsoft.CmdPal.UI
  Time:                  2025-08-25 18:54:44.3854569
  HRESULT:               0x80004001 (-2147467263)
  Context:               MainThreadException

Application:
  App version:           0.0.1.0
  Is elevated:           no

Environment:
  OS version:            Microsoft Windows 10.0.26120
  OS architecture:       X64
  Runtime identifier:    win-x64
  Framework:             .NET 9.0.8
  Process architecture:  X64
  Culture:               cs-CZ
  UI culture:            en-US

Stack Trace:
at
Microsoft.CmdPal.UI.Settings.InternalPage.ThrowPlainMainThreadException_Click(Object
sender, RoutedEventArgs e)
at
WinRT._EventSource_global__Microsoft_UI_Xaml_RoutedEventHandler.EventState.<GetEventInvoke>b__1_0(Object
sender, RoutedEventArgs e)
at ABI.Microsoft.UI.Xaml.RoutedEventHandler.Do_Abi_Invoke(IntPtr
thisPtr, IntPtr sender, IntPtr e)

------------------ Full Exception Details ------------------
System.NotImplementedException: Test exception; thrown from the UI
thread
at
Microsoft.CmdPal.UI.Settings.InternalPage.ThrowPlainMainThreadException_Click(Object
sender, RoutedEventArgs e)
at
WinRT._EventSource_global__Microsoft_UI_Xaml_RoutedEventHandler.EventState.<GetEventInvoke>b__1_0(Object
sender, RoutedEventArgs e)
at ABI.Microsoft.UI.Xaml.RoutedEventHandler.Do_Abi_Invoke(IntPtr
thisPtr, IntPtr sender, IntPtr e)

============================================================

</pre>
</details> 

Real-world example: #41362

### PII Sanitization Framework

- `ErrorReportSanitizer`: Multi-layer sanitization pipeline for
sensitive data.
- Nine specialized rule providers:
- `PiiRuleProvider`: Personally identifiable information (emails, phone
numbers, SSNs).
- `ProfilePathAndUsernameRuleProvider`: Windows user profiles and
usernames.
- `NetworkRuleProvider`: IP addresses, MAC addresses, network
identifiers.
- `SecretKeyValueRulesProvider`: API keys, tokens, passwords in
key/value formats.
  - `FilenameMaskRuleProvider`: Sensitive file paths and extensions.
  - `UrlRuleProvider`: URLs and web addresses.
  - `TokenRuleProvider`: JWT and other auth tokens.
  - `ConnectionStringRuleProvider`: Database connection strings.
- `EnvironmentPropertiesRuleProvider`: Environment variables and system
properties.

### Internals Tools Page

A page in settings available in non-CI-builds:

<img width="1305" height="745" alt="image"
src="https://github.com/user-attachments/assets/3145ecfd-997f-491d-8c8a-6096634b6045"
/>


<!-- Please review the items on the PR checklist before submitting-->
## PR Checklist

- [ ] Closes: #xxx
<!-- - [ ] Closes: #yyy (add separate lines for additional resolved
issues) -->
- [ ] **Communication:** I've discussed this with core contributors
already. If the work hasn't been agreed, this work might be rejected
- [ ] **Tests:** Added/updated and all pass
- [ ] **Localization:** All end-user-facing strings can be localized
- [ ] **Dev docs:** Added/updated
- [ ] **New binaries:** Added on the required places
- [ ] [JSON for
signing](https://github.com/microsoft/PowerToys/blob/main/.pipelines/ESRPSigning_core.json)
for new binaries
- [ ] [WXS for
installer](https://github.com/microsoft/PowerToys/blob/main/installer/PowerToysSetup/Product.wxs)
for new binaries and localization folder
- [ ] [YML for CI
pipeline](https://github.com/microsoft/PowerToys/blob/main/.pipelines/ci/templates/build-powertoys-steps.yml)
for new test projects
- [ ] [YML for signed
pipeline](https://github.com/microsoft/PowerToys/blob/main/.pipelines/release.yml)
- [ ] **Documentation updated:** If checked, please file a pull request
on [our docs
repo](https://github.com/MicrosoftDocs/windows-uwp/tree/docs/hub/powertoys)
and link it here: #xxx

<!-- Provide a more detailed description of the PR, other things fixed,
or any additional comments/features here -->
## Detailed Description of the Pull Request / Additional comments

<!-- Describe how you validated the behavior. Add automated tests
wherever possible, but list manual validation steps taken as well -->
## Validation Steps Performed
This commit is contained in:
Jiří Polášek
2026-01-29 04:09:37 +01:00
committed by GitHub
parent f82afdf384
commit 8ec530c65e
50 changed files with 2529 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/GlobalUsings.cs Normal file
View File

@@ -0,0 +1,9 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
global using System;
global using System.Collections.Generic;
global using System.Diagnostics.CodeAnalysis;
global using System.Linq;
global using Microsoft.VisualStudio.TestTools.UnitTesting;

25
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Microsoft.CmdPal.Core.Common.UnitTests.csproj Normal file
View File

@@ -0,0 +1,25 @@
<Project Sdk="Microsoft.NET.Sdk">
<!-- Look at Directory.Build.props in root for common stuff as well -->
<Import Project="..\..\..\..\Common.Dotnet.CsWinRT.props" />
<PropertyGroup>
<IsPackable>false</IsPackable>
<IsTestProject>true</IsTestProject>
<RootNamespace>Microsoft.CmdPal.Common.UnitTests</RootNamespace>
<OutputPath>$(SolutionDir)$(Platform)\$(Configuration)\WinUI3Apps\CmdPal\tests\</OutputPath>
<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
<AppendRuntimeIdentifierToOutputPath>false</AppendRuntimeIdentifierToOutputPath>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Moq" />
<PackageReference Include="MSTest" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\Core\Microsoft.CmdPal.Core.Common\Microsoft.CmdPal.Core.Common.csproj" />
<ProjectReference Include="..\Microsoft.CmdPal.Ext.UnitTestsBase\Microsoft.CmdPal.Ext.UnitTestBase.csproj" />
</ItemGroup>
</Project>

107
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Services/Sanitizer/ConnectionStringRuleProviderTests.cs Normal file
View File

@@ -0,0 +1,107 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using Microsoft.CmdPal.Common.UnitTests.TestUtils;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer.Abstraction;
namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
[TestClass]
public class ConnectionStringRuleProviderTests
{
[TestMethod]
public void GetRules_ShouldReturnExpectedRules()
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var rules = provider.GetRules();
// Assert
var ruleList = new List<SanitizationRule>(rules);
Assert.AreEqual(1, ruleList.Count);
Assert.AreEqual("Connection string parameters", ruleList[0].Description);
}
[DataTestMethod]
[DataRow("Server=localhost;Database=mydb;User ID=admin;Password=secret123", "Server=[REDACTED];Database=[REDACTED];User ID=[REDACTED];Password=[REDACTED]")]
[DataRow("Data Source=server.example.com;Initial Catalog=testdb;Uid=user;Pwd=pass", "Data Source=[REDACTED];Initial Catalog=[REDACTED];Uid=[REDACTED];Pwd=[REDACTED]")]
[DataRow("Server=localhost;Password=my_secret", "Server=[REDACTED];Password=[REDACTED]")]
[DataRow("No connection string here", "No connection string here")]
public void ConnectionStringRules_ShouldMaskConnectionStringParameters(string input, string expected)
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("Password=\"complexPassword123!\"", "Password=[REDACTED]")]
[DataRow("Password='myPassword'", "Password=[REDACTED]")]
[DataRow("Password=unquotedSecret", "Password=[REDACTED]")]
public void ConnectionStringRules_ShouldHandleQuotedAndUnquotedValues(string input, string expected)
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("SERVER=server1;PASSWORD=pass1", "SERVER=[REDACTED];PASSWORD=[REDACTED]")]
[DataRow("server=server1;password=pass1", "server=[REDACTED];password=[REDACTED]")]
[DataRow("Server=server1;Password=pass1", "Server=[REDACTED];Password=[REDACTED]")]
public void ConnectionStringRules_ShouldBeCaseInsensitive(string input, string expected)
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("User ID=admin;Username=john;Password=secret", "User ID=[REDACTED];Username=[REDACTED];Password=[REDACTED]")]
[DataRow("Database=mydb;Uid=user1;Pwd=pass1;Server=localhost", "Database=[REDACTED];Uid=[REDACTED];Pwd=[REDACTED];Server=[REDACTED]")]
public void ConnectionStringRules_ShouldHandleMultipleParameters(string input, string expected)
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("Server = localhost ; Password = secret123", "Server=[REDACTED] ; Password=[REDACTED]")]
[DataRow("Initial Catalog=db; User ID=admin; Password=pass", "Initial Catalog=[REDACTED]; User ID=[REDACTED]; Password=[REDACTED]")]
public void ConnectionStringRules_ShouldHandleWhitespace(string input, string expected)
{
// Arrange
var provider = new ConnectionStringRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
}

81
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Services/Sanitizer/ErrorReportSanitizerTests.TestData.cs Normal file
View File

@@ -0,0 +1,81 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
public partial class ErrorReportSanitizerTests
{
private static class TestData
{
internal static string Input =>
$"""
HRESULT: 0x80004005
HRESULT: -2147467259
Here is e-mail address <jane.doe@contoso.com>
IPv4 address: 192.168.100.1
IPv4 loopback address: 127.0.0.1
MAC address: 00-14-22-01-23-45
IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
IPv6 loopback address: ::1
Password: P@ssw0rd123!
Password=secret
Api key: 1234567890abcdef
PostgreSQL connection string: Host=localhost;Username=postgres;Password=secret;Database=mydb
InstrumentationKey=00000000-0000-0000-0000-000000000000;EndpointSuffix=ai.contoso.com;
X-API-key: 1234567890abcdef
Pet-Shop-Subscription-Key: 1234567890abcdef
Here is a user name {Environment.UserName}
And here is a profile path {Environment.GetFolderPath(Environment.SpecialFolder.UserProfile)}\RandomFolder
Here is a local app data path {Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)}\Microsoft\PowerToys\CmdPal
Here is machine name {Environment.MachineName}
JWT token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
User email john.doe@company.com failed validation
File not found: {Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments)}\\secret.txt
Connection string: Server=localhost;User ID=admin;Password=secret123;Database=test
Phone number 555-123-4567 is invalid
API key abc123def456ghi789jkl012mno345pqr678 expired
Failed to connect to https://api.internal-company.com/users/12345?token=secret_abc123
Error accessing file://C:/Users/john.doe/Documents/confidential.pdf
JDBC connection failed: jdbc://database-server:5432/userdb?user=admin&password=secret
FTP upload error: ftp://internal-server.company.com/uploads/user_data.csv
Email service error: mailto:admin@internal-company.com?subject=Alert
""";
public const string Expected =
$"""
HRESULT: 0x80004005
HRESULT: -2147467259
Here is e-mail address <[EMAIL_REDACTED]>
IPv4 address: [IP4_REDACTED]
IPv4 loopback address: [IP4_REDACTED]
MAC address: [MAC_ADDRESS_REDACTED]
IPv6 address: [IP6_REDACTED]
IPv6 loopback address: [IP6_REDACTED]
Password: [REDACTED]
Password= [REDACTED]
Api key: [REDACTED]
PostgreSQL connection string: [REDACTED]
InstrumentationKey= [REDACTED]
X-API-key: [REDACTED]
Pet-Shop-Subscription-Key: [REDACTED]
Here is a user name [USERNAME_REDACTED]
And here is a profile path [USER_PROFILE_DIR]RandomFolder
Here is a local app data path [LOCALAPPLICATIONDATA_DIR]Microsoft\PowerToys\CmdPal
Here is machine name [MACHINE_NAME_REDACTED]
JWT token: [REDACTED]
User email [EMAIL_REDACTED] failed validation
File not found: [MYDOCUMENTS_DIR]se****.txt
Connection string: [REDACTED] ID=[REDACTED];Password= [REDACTED]
Phone number [PHONE_REDACTED] is invalid
API key [TOKEN_REDACTED] expired
Failed to connect to [URL_REDACTED]
Error accessing [URL_REDACTED]
JDBC connection failed: [URL_REDACTED]
FTP upload error: [URL_REDACTED]
Email service error: mailto:[EMAIL_REDACTED]?subject=Alert
""";
}
}

25
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Services/Sanitizer/ErrorReportSanitizerTests.cs Normal file
View File

@@ -0,0 +1,25 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using Microsoft.CmdPal.Core.Common.Services.Sanitizer;
namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
[TestClass]
public partial class ErrorReportSanitizerTests
{
[TestMethod]
public void Sanitize_ShouldMaskPiiInErrorReport()
{
// Arrange
var reportSanitizer = new ErrorReportSanitizer();
var input = TestData.Input;
// Act
var result = reportSanitizer.Sanitize(input);
// Assert
Assert.AreEqual(TestData.Expected, result);
}
}

122
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Services/Sanitizer/PiiRuleProviderTests.cs Normal file
View File

@@ -0,0 +1,122 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using Microsoft.CmdPal.Common.UnitTests.TestUtils;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer.Abstraction;
namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
[TestClass]
public class PiiRuleProviderTests
{
[TestMethod]
public void GetRules_ShouldReturnExpectedRules()
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var rules = provider.GetRules();
// Assert
var ruleList = new List<SanitizationRule>(rules);
Assert.AreEqual(4, ruleList.Count);
Assert.AreEqual("Email addresses", ruleList[0].Description);
Assert.AreEqual("Social Security Numbers", ruleList[1].Description);
Assert.AreEqual("Credit card numbers", ruleList[2].Description);
Assert.AreEqual("Phone numbers", ruleList[3].Description);
}
[DataTestMethod]
[DataRow("Contact me at john.doe@contoso.com", "Contact me at [EMAIL_REDACTED]")]
[DataRow("Contact me at a_b-c%2@foo-bar.example.co.uk", "Contact me at [EMAIL_REDACTED]")]
[DataRow("My email is john@sub-domain.contoso.com.", "My email is [EMAIL_REDACTED].")]
[DataRow("Two: a@b.com and c@d.org", "Two: [EMAIL_REDACTED] and [EMAIL_REDACTED]")]
[DataRow("No email here", "No email here")]
public void EmailRules_ShouldMaskEmailAddresses(string input, string expected)
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("Call me at 123-456-7890", "Call me at [PHONE_REDACTED]")]
[DataRow("My number is (123) 456-7890.", "My number is [PHONE_REDACTED].")]
[DataRow("Office: +1 123 456 7890", "Office: [PHONE_REDACTED]")]
[DataRow("Two numbers: 123-456-7890 and +420 777123456", "Two numbers: [PHONE_REDACTED] and [PHONE_REDACTED]")]
[DataRow("Czech phone +420 777 123 456", "Czech phone [PHONE_REDACTED]")]
[DataRow("Slovak phone +421 777 12 34 56", "Slovak phone [PHONE_REDACTED]")]
[DataRow("No phone number here", "No phone number here")]
public void PhoneRules_ShouldMaskPhoneNumbers(string input, string expected)
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("My SSN is 123-45-6789", "My SSN is [SSN_REDACTED]")]
[DataRow("No SSN here", "No SSN here")]
public void SsnRules_ShouldMaskSsn(string input, string expected)
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("My credit card number is 1234-5678-9012-3456", "My credit card number is [CARD_REDACTED]")]
[DataRow("My credit card number is 1234567890123456", "My credit card number is [CARD_REDACTED]")]
[DataRow("No credit card here", "No credit card here")]
public void CreditCardRules_ShouldMaskCreditCardNumbers(string input, string expected)
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("Error code: 0x80070005", "Error code: 0x80070005")]
[DataRow("Error code: -2147467262", "Error code: -2147467262")]
[DataRow("GUID: 123e4567-e89b-12d3-a456-426614174000", "GUID: 123e4567-e89b-12d3-a456-426614174000")]
[DataRow("Timestamp: 2023-10-05T14:32:10Z", "Timestamp: 2023-10-05T14:32:10Z")]
[DataRow("Version: 1.2.3", "Version: 1.2.3")]
[DataRow("Version: 10.0.22631.3448", "Version: 10.0.22631.3448")]
[DataRow("MAC: 00:1A:2B:3C:4D:5E", "MAC: 00:1A:2B:3C:4D:5E")]
[DataRow("Date: 2023-10-05", "Date: 2023-10-05")]
[DataRow("Date: 05/10/2023", "Date: 05/10/2023")]
public void PiiRuleProvider_ShouldNotOverRedact(string input, string expected)
{
// Arrange
var provider = new PiiRuleProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
}

266
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/Services/Sanitizer/SecretKeyValueRulesProviderTests.cs Normal file
View File

@@ -0,0 +1,266 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using Microsoft.CmdPal.Common.UnitTests.TestUtils;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer.Abstraction;
namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
[TestClass]
public class SecretKeyValueRulesProviderTests
{
[TestMethod]
public void GetRules_ShouldReturnExpectedRules()
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var rules = provider.GetRules();
// Assert
var ruleList = new List<SanitizationRule>(rules);
Assert.AreEqual(1, ruleList.Count);
Assert.AreEqual("Sensitive key/value pairs", ruleList[0].Description);
}
[DataTestMethod]
[DataRow("password=secret123", "password= [REDACTED]")]
[DataRow("passphrase=myPassphrase", "passphrase= [REDACTED]")]
[DataRow("pwd=test", "pwd= [REDACTED]")]
[DataRow("passwd=pass1234", "passwd= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskPasswordSecrets(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("token=abc123def456", "token= [REDACTED]")]
[DataRow("access_token=token_value", "access_token= [REDACTED]")]
[DataRow("refresh-token=refresh_value", "refresh-token= [REDACTED]")]
[DataRow("id token=id_token_value", "id token= [REDACTED]")]
[DataRow("bearer token=bearer_value", "bearer token= [REDACTED]")]
[DataRow("session token=session_value", "session token= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskTokens(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("api key=my_api_key", "api key= [REDACTED]")]
[DataRow("api-key=key123", "api-key= [REDACTED]")]
[DataRow("api_key=secret_key", "api_key= [REDACTED]")]
[DataRow("x-api-key=api123", "x-api-key= [REDACTED]")]
[DataRow("x api key=key456", "x api key= [REDACTED]")]
[DataRow("client id=client123", "client id= [REDACTED]")]
[DataRow("client-secret=secret123", "client-secret= [REDACTED]")]
[DataRow("consumer secret=secret456", "consumer secret= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskApiCredentials(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("subscription key=sub_key_123", "subscription key= [REDACTED]")]
[DataRow("instrumentation key=instr_key", "instrumentation key= [REDACTED]")]
[DataRow("account key=account123", "account key= [REDACTED]")]
[DataRow("storage account key=storage_key", "storage account key= [REDACTED]")]
[DataRow("shared access key=sak123", "shared access key= [REDACTED]")]
[DataRow("SAS token=sas123", "SAS token= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskCloudPlatformKeys(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("connection string=Server=localhost;Pwd=pass", "connection string= [REDACTED]")]
[DataRow("conn string=conn_value", "conn string= [REDACTED]")]
[DataRow("storage connection string=connection_value", "storage connection string= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskConnectionStrings(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("private key=pk123", "private key= [REDACTED]")]
[DataRow("certificate password=cert_pass", "certificate password= [REDACTED]")]
[DataRow("client certificate password=cert123", "client certificate password= [REDACTED]")]
[DataRow("pfx password=pfx_pass", "pfx password= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskCertificateSecrets(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("aws access key id=AKIAIOSFODNN7EXAMPLE", "aws access key id= [REDACTED]")]
[DataRow("aws secret access key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "aws secret access key= [REDACTED]")]
[DataRow("aws session token=session_token_value", "aws session token= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskAwsKeys(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("password=\"complexPassword123!\"", "password= \"[REDACTED]\"")]
[DataRow("api-key='secret-key'", "api-key= '[REDACTED]'")]
[DataRow("token=\"bearer_token_value\"", "token= \"[REDACTED]\"")]
public void SecretKeyValueRules_ShouldPreserveQuotesAroundRedactedValue(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("PASSWORD=secret", "PASSWORD= [REDACTED]")]
[DataRow("Api-Key=key123", "Api-Key= [REDACTED]")]
[DataRow("CLIENT_ID=client123", "CLIENT_ID= [REDACTED]")]
[DataRow("Pwd=pass123", "Pwd= [REDACTED]")]
public void SecretKeyValueRules_ShouldBeCaseInsensitive(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("regularKey=regularValue", "regularKey=regularValue")]
[DataRow("config=myConfig", "config=myConfig")]
[DataRow("hostname=server.example.com", "hostname=server.example.com")]
[DataRow("port=8080", "port=8080")]
public void SecretKeyValueRules_ShouldNotRedactNonSecretKeyValuePairs(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("password:secret123", "password: [REDACTED]")]
[DataRow("api key:api_key_value", "api key: [REDACTED]")]
[DataRow("client_secret:secret_value", "client_secret: [REDACTED]")]
public void SecretKeyValueRules_ShouldSupportColonSeparator(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("password = secret123", "password= [REDACTED]")]
[DataRow("api key = api_key_value", "api key= [REDACTED]")]
[DataRow("token : token_value", "token: [REDACTED]")]
public void SecretKeyValueRules_ShouldHandleWhitespace(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("password=secret API_KEY=key config=myConfig", "password= [REDACTED] API_KEY= [REDACTED] config=myConfig")]
[DataRow("client_id=id123 name=admin pwd=pass123", "client_id= [REDACTED] name=admin pwd= [REDACTED]")]
public void SecretKeyValueRules_ShouldHandleMultipleKeyValuePairsInSingleString(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
[DataTestMethod]
[DataRow("cosmos db key=cosmos_key", "cosmos db key= [REDACTED]")]
[DataRow("service principal secret=sp_secret", "service principal secret= [REDACTED]")]
[DataRow("shared access signature=sas_signature", "shared access signature= [REDACTED]")]
public void SecretKeyValueRules_ShouldMaskServiceSpecificSecrets(string input, string expected)
{
// Arrange
var provider = new SecretKeyValueRulesProvider();
// Act
var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
// Assert
Assert.AreEqual(expected, result);
}
}

110
src/modules/cmdpal/Tests/Microsoft.CmdPal.Core.Common.UnitTests/TestUtils/SanitizerTestHelper.cs Normal file
View File

@@ -0,0 +1,110 @@
// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using System.Text.RegularExpressions;
using Microsoft.CmdPal.Core.Common.Services.Sanitizer.Abstraction;
namespace Microsoft.CmdPal.Common.UnitTests.TestUtils;
/// <summary>
/// Test-only helpers for applying SanitizationRule sets without relying on production ITextSanitizer implementation.
/// </summary>
public static class SanitizerTestHelper
{
/// <summary>
/// Applies the provided rules to the input, in order, mimicking the production sanitizer behavior closely
/// but without any external dependencies.
/// </summary>
public static string ApplyRules(string? input, IEnumerable<SanitizationRule> rules)
{
if (string.IsNullOrEmpty(input))
{
return input ?? string.Empty;
}
var result = input;
foreach (var rule in rules ?? [])
{
try
{
var previous = result;
result = rule.Evaluator is null
? rule.Regex.Replace(previous, rule.Replacement ?? string.Empty)
: rule.Regex.Replace(previous, rule.Evaluator);
// Guardrail to avoid accidental mass-redaction from a faulty rule
if (result.Length < previous.Length * 0.3)
{
result = previous;
}
}
catch (RegexMatchTimeoutException)
{
// Ignore timeouts in tests
}
}
return result;
}
/// <summary>
/// Creates a lightweight sanitizer instance backed by the given rules.
/// Useful when a component expects an ITextSanitizer, but you want deterministic behavior in tests.
/// </summary>
public static ITextSanitizer CreateSanitizer(IEnumerable<SanitizationRule> rules)
=> new InlineSanitizer(rules);
private sealed class InlineSanitizer : ITextSanitizer
{
private readonly List<SanitizationRule> _rules;
public InlineSanitizer(IEnumerable<SanitizationRule> rules)
{
_rules = rules?.ToList() ?? [];
}
public string Sanitize(string? input) => ApplyRules(input, _rules);
public void AddRule(string pattern, string replacement, string description = "")
{
var rx = new Regex(pattern, RegexOptions.Compiled | RegexOptions.CultureInvariant);
_rules.Add(new SanitizationRule(rx, replacement, description));
}
public void RemoveRule(string description)
{
_rules.RemoveAll(r => r.Description.Equals(description, StringComparison.OrdinalIgnoreCase));
}
public IReadOnlyList<SanitizationRule> GetRules() => _rules.AsReadOnly();
public string TestRule(string input, string ruleDescription)
{
var rule = _rules.FirstOrDefault(r => r.Description.Contains(ruleDescription, StringComparison.OrdinalIgnoreCase));
if (rule.Regex is null)
{
return input;
}
try
{
if (rule.Evaluator is not null)
{
return rule.Regex.Replace(input, rule.Evaluator);
}
if (rule.Replacement is not null)
{
return rule.Regex.Replace(input, rule.Replacement);
}
}
catch
{
// Ignore exceptions for test determinism
}
return input;
}
}
}