From c73ce833d026cc8ce681e51f9a5e67b2b130787c Mon Sep 17 00:00:00 2001 From: Keegan Caruso Date: Tue, 5 Sep 2023 09:13:25 -0700 Subject: [PATCH] Scrub log messages (#2289) Co-authored-by: Keegan Caruso --- src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs | 8 ++++---- src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs | 2 +- .../JwtSecurityTokenHandler.cs | 4 ++-- .../json/JsonWebTokenHandler.cs | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs index 186caf74b7..c2eca450ff 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs @@ -423,7 +423,7 @@ internal void ReadToken(string encodedJson) // header cannot be empty if (hChars.IsEmpty) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14307, encodedJson))); + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14307)); byte[] headerAsciiBytes = new byte[hChars.Length]; #if NET6_0_OR_GREATER @@ -463,7 +463,7 @@ internal void ReadToken(string encodedJson) ReadOnlyMemory initializationVectorChars = encodedJson.AsMemory(Dot2 + 1, Dot3 - Dot2 - 1); if (initializationVectorChars.IsEmpty) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14308, encodedJson))); + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14308)); try { @@ -476,7 +476,7 @@ internal void ReadToken(string encodedJson) ReadOnlyMemory authTagChars = encodedJson.AsMemory(Dot4 + 1); if (authTagChars.IsEmpty) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14310, encodedJson))); + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14310)); try { @@ -489,7 +489,7 @@ internal void ReadToken(string encodedJson) ReadOnlyMemory cipherTextBytes = encodedJson.AsMemory(Dot3 + 1, Dot4 - Dot3 - 1); if (cipherTextBytes.IsEmpty) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14306, encodedJson))); + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14306)); try { diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs index 7ae727012c..51feccc0bc 100644 --- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs +++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs @@ -521,7 +521,7 @@ private void DecodeJws(string payload) } catch (Exception ex) { - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, payload, RawData), ex)); + throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, payload), ex)); } } diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs index 79ccbb0c17..bb5bda4676 100644 --- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs +++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs @@ -661,7 +661,7 @@ private JwtSecurityToken CreateJwtSecurityTokenPrivate( } if (LogHelper.IsEnabled(EventLogLevel.Informational)) - LogHelper.LogInformation(LogMessages.IDX12722, rawHeader, rawPayload, rawSignature); + LogHelper.LogInformation(LogMessages.IDX12722, rawHeader, rawPayload); if (encryptingCredentials != null) { @@ -856,7 +856,7 @@ public override ClaimsPrincipal ValidateToken(string token, TokenValidationParam int tokenPartCount = JwtTokenUtilities.CountJwtTokenPart(token, JwtConstants.MaxJwtSegmentCount + 1); if (tokenPartCount != JwtConstants.JwsSegmentCount && tokenPartCount != JwtConstants.JweSegmentCount) - throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12741, token))); + throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12741)); if (tokenPartCount == JwtConstants.JweSegmentCount) { diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs index 4694abddc7..9f0a37702a 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs @@ -705,7 +705,7 @@ private string CreateTokenPrivate( catch(Exception ex) { if (LogHelper.IsEnabled(EventLogLevel.Error)) - LogHelper.LogExceptionMessage(new SecurityTokenException(LogHelper.FormatInvariant(LogMessages.IDX14307, ex, payload))); + LogHelper.LogExceptionMessage(new SecurityTokenException(LogMessages.IDX14307, ex)); } payload = jsonPayload != null ? jsonPayload.ToString(Formatting.None) : payload; @@ -1390,7 +1390,7 @@ public override async Task ValidateTokenAsync(SecurityTok var jwt = token as JsonWebToken; if (jwt == null) - return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, token))), IsValid = false }; + return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100)), IsValid = false }; try { @@ -1438,7 +1438,7 @@ private static TokenValidationResult ReadToken(string token, TokenValidationPara { return new TokenValidationResult { - Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, LogHelper.MarkAsSecurityArtifact(token, JwtTokenUtilities.SafeLogJwtToken), ex))), + Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100, ex)), IsValid = false }; }