Adding a check for uri. (#10993)

Author: RohitRanjanMS

src/WebJobs.Script.WebHost/Middleware/SystemTraceMiddleware.cs

@@ -2,12 +2,11 @@
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics;
-using System.IO;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Logging;
 using Microsoft.Azure.WebJobs.Script.Diagnostics;
 using Microsoft.Azure.WebJobs.Script.Extensions;
 using Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics.Extensions;
@@ -33,7 +32,7 @@ public async Task Invoke(HttpContext context)
 
             var sw = ValueStopwatch.StartNew();
             string userAgent = context.Request.GetHeaderValueOrDefault("User-Agent");
-            _logger.ExecutingHttpRequest(requestId, context.Request.Method, userAgent, context.Request.Path);
+            _logger.ExecutingHttpRequest(requestId, context.Request.Method, userAgent, Sanitizer.Sanitize(context.Request.Path));
 
             await _next.Invoke(context);
 

src/WebJobs.Script/Sanitizer.cs

@@ -18,7 +18,7 @@ internal static class Sanitizer
 
         // List of keywords that should not be replaced with [Hidden Credential]
         private static readonly string[] AllowedTokens = new string[] { "PublicKeyToken=" };
-        internal static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&sig=", "&sig=", "?sig=", "SharedAccessKey=", "&code=", "&code=", "?code=", "key=" };
+        internal static readonly string[] CredentialTokens = new string[] { "Token=", "DefaultEndpointsProtocol=http", "AccountKey=", "Data Source=", "Server=", "Password=", "pwd=", "&sig=", "&sig=", "?sig=", "SharedAccessKey=", "&code=", "&code=", "?code=", "/code=", "key=" };
         private static readonly string[] CredentialNameFragments = new[] { "password", "pwd", "key", "secret", "token", "sas" };
 
         // Pattern of format : "<protocol>://<username>:<password>@<address>:<port>"

test/WebJobs.Script.Tests/Middleware/SystemTraceMiddlewareTests.cs

@@ -40,12 +40,14 @@ public SystemTraceMiddlewareTests()
             _middleware = new SystemTraceMiddleware(requestDelegate, logger);
         }
 
-        [Fact]
-        public async Task SendAsync_WritesExpectedTraces()
+        [Theory]
+        [InlineData("http://functions.com/api/testfunc?code=123", "/api/testfunc")]
+        [InlineData("http://functions.com/api/testfunc/code=123", "/api/testfunc[Hidden Credential]")]
+        public async Task SendAsync_WritesExpectedTraces(string uriString, string loggedUriString)
         {
             string requestId = Guid.NewGuid().ToString();
             var context = new DefaultHttpContext();
-            Uri uri = new Uri("http://functions.com/api/testfunc?code=123");
+            Uri uri = new Uri(uriString);
             var requestFeature = context.Request.HttpContext.Features.Get<IHttpRequestFeature>();
             requestFeature.Method = "GET";
             requestFeature.Scheme = uri.Scheme;
@@ -86,7 +88,7 @@ public async Task SendAsync_WritesExpectedTraces()
             Assert.Equal(4, jo.Count);
             Assert.Equal(requestId, jo["requestId"]);
             Assert.Equal("GET", jo["method"]);
-            Assert.Equal("/api/testfunc", jo["uri"]);
+            Assert.Equal(loggedUriString, jo["uri"]);
             Assert.Equal("TestAgent", jo["userAgent"]);
 
             // validate executed trace