-
Notifications
You must be signed in to change notification settings - Fork 461
Improved metadata binding parsing and validation. #11101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
src/WebJobs.Script.WebHost/Extensions/FunctionMetadataExtensions.cs
Outdated
Show resolved
Hide resolved
Had offline sync with @surgupta-msft and agreed to mask only the "connection" binding value. |
ed60f35
to
c0129c5
Compare
b317aee
to
dff555b
Compare
src/WebJobs.Script.WebHost/Extensions/FunctionMetadataExtensions.cs
Outdated
Show resolved
Hide resolved
9be495d
to
3377dd6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR improves metadata binding parsing and validation by implementing sanitization of sensitive data (specifically connection strings) in function metadata bindings. The changes handle both worker indexing and host indexing scenarios to prevent exposure of sensitive credentials in logs or error messages.
- Introduces a new
MetadataJsonHelper
class with methods to sanitize sensitive properties in JSON objects - Updates both
WorkerFunctionMetadataProvider
andHostFunctionMetadataProvider
to use the sanitization logic - Adds comprehensive test coverage for the new sanitization functionality
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
File | Description |
---|---|
src/WebJobs.Script/Host/MetadataJsonHelper.cs |
New helper class providing JSON sanitization methods for sensitive metadata properties |
src/WebJobs.Script/ScriptConstants.cs |
Adds constant defining sensitive binding property names (connection) |
src/WebJobs.Script/Host/WorkerFunctionMetadataProvider.cs |
Updates binding validation to use sanitization and removes unused serializer settings |
src/WebJobs.Script/Host/HostFunctionMetadataProvider.cs |
Integrates sanitization into metadata parsing for host functions |
src/WebJobs.Script.WebHost/Extensions/FunctionMetadataExtensions.cs |
Adds sanitization when reading function configuration from files |
test/WebJobs.Script.Tests/MetadataJsonHelperTests.cs |
Comprehensive test suite for the new sanitization functionality |
test/WebJobs.Script.Tests/WorkerFunctionMetadataProviderTests.cs |
Test ensuring worker provider masks sensitive data correctly |
test/WebJobs.Script.Tests/HostFunctionMetadataProviderTests.cs |
Test ensuring host provider masks sensitive data correctly |
release_notes.md |
Documents the metadata binding validation improvement |
Improving how metadata binding is being read and used. Handles both worker indexing and host indexing cases.
Pull request checklist
IMPORTANT: Currently, changes must be backported to the
in-proc
branch to be included in Core Tools and non-Flex deployments.in-proc
branch is not requiredrelease_notes.md