in src/Microsoft.Azure.WebJobs.Shared/Sanitizer.cs [29:78]
internal static string Sanitize(string input)
{
if (string.IsNullOrEmpty(input))
{
return string.Empty;
}
// Everything we *might* replace contains an equal, so if we don't have that short circuit out.
// This can be likely be more efficient with a Regex, but that's best done with a large test suite and this is
// a quick/simple win for the high traffic case.
if (!MayContainCredentials(input))
{
return input;
}
string t = input;
string inputWithAllowedTokensHidden = input;
// Remove any known safe strings from the input before looking for Credentials
foreach (string allowedToken in AllowedTokens)
{
if (inputWithAllowedTokensHidden.Contains(allowedToken))
{
string hiddenString = new string('#', allowedToken.Length);
inputWithAllowedTokensHidden = inputWithAllowedTokensHidden.Replace(allowedToken, hiddenString);
}
}
foreach (var token in CredentialTokens)
{
int startIndex = 0;
while (true)
{
// search for the next token instance
startIndex = inputWithAllowedTokensHidden.IndexOf(token, startIndex, StringComparison.OrdinalIgnoreCase);
if (startIndex == -1)
{
break;
}
// Find the end of the secret. It most likely ends with either a double quota " or tag opening <
int credentialEnd = t.IndexOfAny(ValueTerminators, startIndex);
t = t.Substring(0, startIndex) + SecretReplacement + (credentialEnd != -1 ? t.Substring(credentialEnd) : string.Empty);
inputWithAllowedTokensHidden = inputWithAllowedTokensHidden.Substring(0, startIndex) + SecretReplacement + (credentialEnd != -1 ? inputWithAllowedTokensHidden.Substring(credentialEnd) : string.Empty);
}
}
return t;
}