From fc9574e0453f308bb0f0cbf613b8448aa4004e4f Mon Sep 17 00:00:00 2001 From: Radhika Gupta Date: Tue, 15 Jul 2025 12:01:42 -0700 Subject: [PATCH 1/2] Suppressed credentials inline to avoid credscan false positive --- .../Tests/Unit/src/ApplicationInsightsCore.Tests.ts | 2 +- shared/AppInsightsCore/src/JavaScriptSDK/EnvUtils.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts b/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts index 66162dfd4..c35bd5e8b 100644 --- a/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts +++ b/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts @@ -2325,7 +2325,7 @@ export class ApplicationInsightsCoreTests extends AITestClass { name: "FieldRedaction: should handle non-standard port with encoded credentials", test: () => { let config = {} as IConfiguration; - const url = "https://admin%21:secret%21@server.com:9443/admin"; + const url = "https://admin%21:secret%21@server.com:9443/admin"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Test file with mock credentials - not actual secrets")] const redactedLocation = fieldRedaction(url, config); Assert.equal(redactedLocation, "https://REDACTED:REDACTED@server.com:9443/admin", "Non-standard port with encoded credentials should be handled"); diff --git a/shared/AppInsightsCore/src/JavaScriptSDK/EnvUtils.ts b/shared/AppInsightsCore/src/JavaScriptSDK/EnvUtils.ts index 2b8e9dcfc..d8806cd8d 100644 --- a/shared/AppInsightsCore/src/JavaScriptSDK/EnvUtils.ts +++ b/shared/AppInsightsCore/src/JavaScriptSDK/EnvUtils.ts @@ -362,7 +362,7 @@ export function sendCustomEvent(evtName: string, cfg?: any, customDetails?: any) * @returns The URL with user information redacted */ function redactUserInfo(url: string): string { - return url.replace(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)([^:@]{1,200}):([^@]{1,200})@(.*)$/, "$1REDACTED:REDACTED@$4"); //(/^([a-zA-Z][a-zA-Z0-9+.-]{0,50}:\/\/)([^:@]{0,200})(?::([^@]{0,200}))?@(.*)$/, "$1REDACTED:REDACTED@$4"); + return url.replace(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)([^:@]{1,200}):([^@]{1,200})@(.*)$/, "$1REDACTED:REDACTED@$4"); } /** @@ -461,7 +461,7 @@ function redactQueryParameters(url: string, config?: IConfiguration): string { * @returns The redacted URL string or the original string if no redaction was needed or possible. */ export function fieldRedaction(input: string, config: IConfiguration): string { - if (!input ||input.indexOf(" ") !== -1) { + if (!input || input.indexOf(" ") !== -1) { return input; } const isRedactionDisabled = config && config.redactUrls === false; From ae8239cbcd3472d55373144d9acc7629ba26bc20 Mon Sep 17 00:00:00 2001 From: Radhika Gupta Date: Tue, 15 Jul 2025 13:26:12 -0700 Subject: [PATCH 2/2] Used the next line supression syntax to avoid long length issue --- .../Tests/Unit/src/ApplicationInsightsCore.Tests.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts b/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts index c35bd5e8b..5dcd26d82 100644 --- a/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts +++ b/shared/AppInsightsCore/Tests/Unit/src/ApplicationInsightsCore.Tests.ts @@ -2325,7 +2325,8 @@ export class ApplicationInsightsCoreTests extends AITestClass { name: "FieldRedaction: should handle non-standard port with encoded credentials", test: () => { let config = {} as IConfiguration; - const url = "https://admin%21:secret%21@server.com:9443/admin"; // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Test file with mock credentials - not actual secrets")] + //[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test file with mock credentials - not actual secrets")] + const url = "https://admin%21:secret%21@server.com:9443/admin"; const redactedLocation = fieldRedaction(url, config); Assert.equal(redactedLocation, "https://REDACTED:REDACTED@server.com:9443/admin", "Non-standard port with encoded credentials should be handled");