Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Xiao/DisarmSecurityArtifact #2064

Merged
merged 10 commits into from
Jun 7, 2023
Merged

Xiao/DisarmSecurityArtifact #2064

merged 10 commits into from
Jun 7, 2023

Conversation

ciaozhang
Copy link
Contributor

@ciaozhang ciaozhang commented Apr 25, 2023
edited

Remove the signatures from JWS and authentication tag from JWE when PII is on.

  1. For SecurityToken: A new interface is introduced: Microsoft.IdentityModel.Logging. ISafeLogSecurityArtifact with a single method UnsafeToString(). SecurityToken will implementations (JsonWebToken, SAML, etc.) the interface and will provide an implementation of UnsafeToString().
  2. For type of object that is not able modified (such as ‘string’): Struct SecurityArtifact can be used to wrap the object and provide a callback to Log appropriately.

@ciaozhang ciaozhang force-pushed the Xiao/DisarmSecurityArtifact branch 3 times, most recently from 0c583ae to de6d050 Compare April 26, 2023 16:29
@TimHannMSFT
Copy link
Contributor

TimHannMSFT commented Apr 26, 2023
edited by ciaozhang

@ciaozhang can you add more details to the description as well as a section which can be copied directly into the release notes? I'm happy to help construct if you need help. @jmprieur would also likely be able to help.

In reply to: 1524185285

In reply to: 1524185285

In reply to: 1524185285

TimHannMSFT
TimHannMSFT requested changes Apr 27, 2023
View reviewed changes
Copy link
Contributor

@TimHannMSFT TimHannMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes so far Xiao.

You mentioned to me you also had two questions for Brent/Team? Can you please add those as comments in the PR and we can resolve there?

@victorm-hernandez
Copy link
Contributor

victorm-hernandez commented Apr 27, 2023
edited by ciaozhang

@ciaozhang minor observation, the title of the PR is very descriptive but the commit message is not. Let's try to keep our commit messages readable and with enough context for anyone to understand a change.

In reply to: 1526562219

In reply to: 1526562219

In reply to: 1526562219

victorm-hernandez
victorm-hernandez previously requested changes Apr 27, 2023
View reviewed changes
Copy link
Contributor

@victorm-hernandez victorm-hernandez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🕐

jmprieur
jmprieur reviewed May 15, 2023
View reviewed changes
Copy link
Contributor

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ciaozhang
I've asked questions.

Not sure why this is so complicated?
why not just:

if (PII)
{
write token;
}
else
{
write token.SubString(0, token.LastIndexOf('.'));
}

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs Outdated Show resolved Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs Outdated Show resolved Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs Outdated Show resolved Hide resolved
src/Microsoft.IdentityModel.Logging/IdentityModelEventSource.cs Outdated Show resolved Hide resolved
src/Microsoft.IdentityModel.Logging/NonPII.cs Outdated Show resolved Hide resolved
@victorm-hernandez victorm-hernandez dismissed their stale review May 16, 2023 00:33

revoking review

victorm-hernandez
victorm-hernandez requested changes May 31, 2023
View reviewed changes
Copy link
Contributor

@victorm-hernandez victorm-hernandez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🕐

@brentschmaltz brentschmaltz mentioned this pull request May 31, 2023
Open
@ciaozhang ciaozhang force-pushed the Xiao/DisarmSecurityArtifact branch from b669c1d to cedb975 Compare June 1, 2023 00:51
victorm-hernandez
victorm-hernandez reviewed Jun 1, 2023
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
@@ -429,6 +429,24 @@ private static long ParseTimeValue(JToken jToken, string claimName)
throw LogHelper.LogExceptionMessage(new FormatException(LogHelper.FormatInvariant(LogMessages.IDX14300, LogHelper.MarkAsNonPII(claimName), jToken.ToString(), LogHelper.MarkAsNonPII(typeof(long)))));
}

internal static string SafeLogJwtToken(object obj)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

object

I thought this was meant for strings only, for any other object type we should be able to use the provided interface #Closed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ciaozhang

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is the callback func we used in SecurityArtifact struct. The reason we take obj as the type of parameter is LogHelper treat all arguments as object.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, still regardless of the parameter type this is meant to be consumed by using string version of tokens correct?

how do you justify the code for non strings that you have here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will use the default ToString() method return the GetType().ToString()

victorm-hernandez
victorm-hernandez reviewed Jun 1, 2023
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
int lastDot = token.LastIndexOf(".");

// no dots, maybe not a JWT
if (lastDot == -1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lastDot

Since this is meant to parse JWT token strings we should throw an argument exception here. #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will throw in the ReadToken() method if the string token is not an encoded JWT token.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be safe regardless of the caller, for non strings, non tokens we should return null.

victorm-hernandez
victorm-hernandez reviewed Jun 6, 2023
View reviewed changes
src/Microsoft.IdentityModel.Logging/ISafeLogSecurityArtifact.cs
namespace Microsoft.IdentityModel.Logging
{
/// <summary>
/// Interface that provides an unsafe method to log a security artifact.
Copy link
Contributor

@victorm-hernandez victorm-hernandez Jun 6, 2023
edited by ciaozhang

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interface

You may want to bring the description you have for the SecurityArtifact class to the interface, this would address the questions that Henrik had here. #Resolved

victorm-hernandez
victorm-hernandez reviewed Jun 6, 2023
View reviewed changes
src/Microsoft.IdentityModel.Logging/LogHelper.cs
/// <param name="arg">A log message argument to be marked as SecurityArtifact.</param>
/// <param name="callback">A callback function to log the security artifact safely.</param>
/// <returns>An argument marked as SecurityArtifact.</returns>
public static object MarkAsSecurityArtifact(object arg, Func<object, string> callback)
Copy link
Contributor

@victorm-hernandez victorm-hernandez Jun 6, 2023
edited by ciaozhang

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we receive an object here, this should receive and return a string. #Resolved

victorm-hernandez
victorm-hernandez approved these changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@victorm-hernandez victorm-hernandez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

TimHannMSFT
TimHannMSFT approved these changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@TimHannMSFT TimHannMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on Victor's approval and seeing that the new direction is more consistent. Thanks for the changes @ciaozhang!

@ciaozhang ciaozhang merged commit 5f742de into dev Jun 7, 2023
2 checks passed
@ciaozhang ciaozhang mentioned this pull request Jun 13, 2023
Closed
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentschmaltz brentschmaltz brentschmaltz left review comments

@jmprieur jmprieur jmprieur left review comments

@henrik-me henrik-me henrik-me left review comments

@sruke sruke sruke left review comments

@dannybtsai dannybtsai dannybtsai left review comments

@victorm-hernandez victorm-hernandez victorm-hernandez approved these changes

@TimHannMSFT TimHannMSFT TimHannMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@ciaozhang @TimHannMSFT @victorm-hernandez @brentschmaltz @jmprieur @henrik-me @sruke @dannybtsai