fix: obfuscate logged appSettings values (#2110)

nr-ahemsath · web-flow · commit 2d8da680294b · 2023-12-01T09:50:52.000-08:00
* Obfuscate license key when logging values read from app settings

* Constant-ify the app settings keys used by the agent
diff --git a/src/Agent/NewRelic/Agent/Core/Config/ConfigurationLoader.cs b/src/Agent/NewRelic/Agent/Core/Config/ConfigurationLoader.cs
@@ -4,6 +4,7 @@
 using NewRelic.Agent.Core.Events;
 using NewRelic.Agent.Core.Utilities;
 using NewRelic.Core;
+using NewRelic.Agent.Core.Configuration;
 using NewRelic.Core.Logging;
 using NewRelic.SystemInterfaces;
 using System;
@@ -15,7 +16,6 @@
 using System.Xml.Serialization;
 #if NETSTANDARD2_0
 using System.Reflection;
-using NewRelic.Agent.Core.Configuration;
 #endif
 
 namespace NewRelic.Agent.Core.Config
@@ -139,7 +139,7 @@ public static string GetAgentConfigFileName()
             if (fileName != null)
                 return fileName;
 
-            throw new Exception(string.Format("Could not find {0} in NewRelic.ConfigFile path, application root, New Relic home directory, or working directory.", NewRelicConfigFileName));
+            throw new Exception(string.Format("Could not find {0} in {1} path, application root, New Relic home directory, or working directory.", NewRelicConfigFileName, Constants.AppSettingsConfigFile));
         }
 
         private static string TryGetAgentConfigFileFromAppConfig()
@@ -149,13 +149,13 @@ private static string TryGetAgentConfigFileFromAppConfig()
 
 			try
 			{
-				var fileName = AppSettingsConfigResolveWhenUsed.GetAppSetting("NewRelic.ConfigFile");
+				var fileName = AppSettingsConfigResolveWhenUsed.GetAppSetting(Constants.AppSettingsConfigFile);
 				if (!File.Exists(fileName))
 				{
 					return null;
 				}
 
-				Log.Info("Configuration file found in path pointed to by NewRelic.ConfigFile appSetting: {0}", fileName);
+				Log.Info("Configuration file found in path pointed to by {0} appSetting: {1}", Constants.AppSettingsConfigFile, fileName);
 				return fileName;
 			}
 			catch (Exception)
@@ -166,13 +166,13 @@ private static string TryGetAgentConfigFileFromAppConfig()
 #else
             try
             {
-                var fileName = GetConfigSetting("NewRelic.ConfigFile").Value;
+                var fileName = GetConfigSetting(Constants.AppSettingsConfigFile).Value;
                 if (!FileExists(fileName))
                 {
                     return null;
                 }
 
-                Log.Info("Configuration file found in path pointed to by NewRelic.ConfigFile appSetting of app/web config: {0}", fileName);
+                Log.Info("Configuration file found in path pointed to by {0} appSetting of app/web config: {1}", Constants.AppSettingsConfigFile, fileName);
                 return fileName;
             }
             catch (Exception)
@@ -674,7 +674,7 @@ public configuration Initialize(string xml, string provenance)
 
             try
             {
-                var enabledProvenance = ConfigurationLoader.GetConfigSetting("NewRelic.AgentEnabled");
+                var enabledProvenance = ConfigurationLoader.GetConfigSetting(Constants.AppSettingsAgentEnabled);
                 if (enabledProvenance != null && enabledProvenance.Value != null && bool.Parse(enabledProvenance.Value) == false)
                 {
                     agentEnabled = false;
@@ -683,7 +683,7 @@ public configuration Initialize(string xml, string provenance)
             }
             catch
             {
-                Log.Error("Failed to read NewRelic.AgentEnabled from local config.");
+                Log.Error($"Failed to read {Constants.AppSettingsAgentEnabled} from local config.");
             }
 
             return this;
diff --git a/src/Agent/NewRelic/Agent/Core/Configuration/AppSettingsConfigResolveWhenUsed.cs b/src/Agent/NewRelic/Agent/Core/Configuration/AppSettingsConfigResolveWhenUsed.cs
@@ -5,6 +5,7 @@
 using System;
 using System.IO;
 using Microsoft.Extensions.Configuration;
+using NewRelic.Core;
 using NewRelic.Core.Logging;
 
 namespace NewRelic.Agent.Core.Configuration
@@ -79,6 +80,10 @@ public static string GetAppSetting(string key)
                 }
                 else
                 {
+                    if (key.Equals(Constants.AppSettingsLicenseKey))
+                    {
+                        value = Strings.ObfuscateLicenseKey(value);
+                    }
                     Log.Debug($"Reading value from appsettings.json and appsettings.*.json: '{key}={value}'");
                 }
             }
diff --git a/src/Agent/NewRelic/Agent/Core/Configuration/Constants.cs b/src/Agent/NewRelic/Agent/Core/Configuration/Constants.cs
@@ -0,0 +1,15 @@
+// Copyright 2020 New Relic, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+namespace NewRelic.Agent.Core.Configuration
+{
+    public static class Constants
+    {
+        public const string AppSettingsLicenseKey = "NewRelic.LicenseKey";
+        public const string AppSettingsAgentEnabled = "NewRelic.AgentEnabled";
+        public const string AppSettingsAppName = "NewRelic.AppName";
+        public const string AppSettingsLabels = "NewRelic.Labels";
+        public const string AppSettingsConfigFile = "NewRelic.ConfigFile";
+
+    }
+}
diff --git a/src/Agent/NewRelic/Agent/Core/Configuration/DefaultConfiguration.cs b/src/Agent/NewRelic/Agent/Core/Configuration/DefaultConfiguration.cs
@@ -198,7 +198,7 @@ public virtual bool AgentEnabled
                 {
                     lock (_lockObj)
                     {
-                        _agentEnabledAppSettingParsed ??= bool.TryParse(_configurationManagerStatic.GetAppSetting("NewRelic.AgentEnabled"),
+                        _agentEnabledAppSettingParsed ??= bool.TryParse(_configurationManagerStatic.GetAppSetting(Constants.AppSettingsAgentEnabled),
                             out _appSettingAgentEnabled);
                     }
                 }
@@ -216,7 +216,7 @@ public virtual string AgentLicenseKey
                 if (_agentLicenseKey != null)
                     return _agentLicenseKey;
 
-                _agentLicenseKey = _configurationManagerStatic.GetAppSetting("NewRelic.LicenseKey")
+                _agentLicenseKey = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsLicenseKey)
                     ?? EnvironmentOverrides(_localConfiguration.service.licenseKey, "NEW_RELIC_LICENSE_KEY", "NEWRELIC_LICENSEKEY");
 
                 if (_agentLicenseKey != null)
@@ -243,7 +243,7 @@ private IEnumerable<string> GetApplicationNames()
                 return runtimeAppNames;
             }
 
-            var appName = _configurationManagerStatic.GetAppSetting("NewRelic.AppName");
+            var appName = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsAppName);
             if (appName != null)
             {
                 Log.Info("Application name from web.config or app.config.");
@@ -1361,7 +1361,7 @@ public virtual string Labels
             {
                 if (!_labelsChecked)
                 {
-                    var labels = _configurationManagerStatic.GetAppSetting("NewRelic.Labels");
+                    var labels = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsLabels);
                     if (labels != null)
                     {
                         Log.Info("Application labels from web.config, app.config, or appsettings.json.");
diff --git a/tests/Agent/UnitTests/CompositeTests/CompositeTestAgent.cs b/tests/Agent/UnitTests/CompositeTests/CompositeTestAgent.cs
@@ -141,7 +141,7 @@ public CompositeTestAgent(bool shouldAllowThreads, bool includeAsyncLocalStorage
                 .DoInstead<WaitCallback>(callback => { lock (_queuedCallbacksLockObject) { _queuedCallbacks.Add(callback); } });
 
             var configurationManagerStatic = Mock.Create<IConfigurationManagerStatic>();
-            Mock.Arrange(() => configurationManagerStatic.GetAppSetting("NewRelic.LicenseKey"))
+            Mock.Arrange(() => configurationManagerStatic.GetAppSetting(NewRelic.Agent.Core.Configuration.Constants.AppSettingsLicenseKey))
                 .Returns("Composite test license key");
 
             // Construct services
diff --git a/tests/Agent/UnitTests/Core.UnitTest/Config/ConfigurationLoaderTests.cs b/tests/Agent/UnitTests/Core.UnitTest/Config/ConfigurationLoaderTests.cs
@@ -1,4 +1,4 @@
-﻿// Copyright 2020 New Relic, Inc. All rights reserved.
+// Copyright 2020 New Relic, Inc. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 #if NETFRAMEWORK
@@ -11,6 +11,7 @@
 using System.Text;
 using System.Threading.Tasks;
 using System.Web;
+using NewRelic.Agent.Core.Configuration;
 using NUnit.Framework;
 
 namespace NewRelic.Agent.Core.Config
@@ -119,7 +120,7 @@ public void GetAgentConfigFileName_ReturnsConfigFileFromAppConfig()
             {
                 const string expectedFileName = "filenameFromAppConfig";
                 var testWebConfiguration = ConfigurationManager.OpenExeConfiguration(null);
-                testWebConfiguration.AppSettings.Settings.Add("NewRelic.ConfigFile", expectedFileName);
+                testWebConfiguration.AppSettings.Settings.Add(Constants.AppSettingsConfigFile, expectedFileName);
 
                 staticMocks.UseAppDomainAppIdFunc(() => "testAppId");
                 staticMocks.UseAppDomainAppVirtualPathFunc(() => "testVirtualPath");
@@ -138,7 +139,7 @@ public void TryGetAgentConfigFileFromAppConfig_ReturnsNullWhenFileDoesNotExist()
             {
                 const string expectedFileName = "filenameFromAppConfig";
                 var testWebConfiguration = ConfigurationManager.OpenExeConfiguration(null);
-                testWebConfiguration.AppSettings.Settings.Add("NewRelic.ConfigFile", expectedFileName);
+                testWebConfiguration.AppSettings.Settings.Add(Constants.AppSettingsConfigFile, expectedFileName);
 
                 staticMocks.UseAppDomainAppIdFunc(() => "testAppId");
                 staticMocks.UseAppDomainAppVirtualPathFunc(() => "testVirtualPath");
@@ -157,7 +158,7 @@ public void TryGetAgentConfigFileFromAppConfig_ReturnsNullOnException()
             {
                 const string expectedFileName = "filenameFromAppConfig";
                 var testWebConfiguration = ConfigurationManager.OpenExeConfiguration(null);
-                testWebConfiguration.AppSettings.Settings.Add("NewRelic.ConfigFile", expectedFileName);
+                testWebConfiguration.AppSettings.Settings.Add(Constants.AppSettingsConfigFile, expectedFileName);
 
                 staticMocks.UseAppDomainAppIdFunc(() => "testAppId");
                 staticMocks.UseAppDomainAppVirtualPathFunc(() => "testVirtualPath");
diff --git a/tests/Agent/UnitTests/Core.UnitTest/Configuration/DefaultConfigurationTests.cs b/tests/Agent/UnitTests/Core.UnitTest/Configuration/DefaultConfigurationTests.cs
diff --git a/tests/Agent/UnitTests/Core.UnitTest/CrossAgentTests/DataTransport/CollectorHostNameTests.cs b/tests/Agent/UnitTests/Core.UnitTest/CrossAgentTests/DataTransport/CollectorHostNameTests.cs
diff --git a/tests/Agent/UnitTests/Core.UnitTest/CrossAgentTests/RumTests/RumClientConfigTests.cs b/tests/Agent/UnitTests/Core.UnitTest/CrossAgentTests/RumTests/RumClientConfigTests.cs

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`using NewRelic.Agent.Core.Events;`
`5`	`5`	`using NewRelic.Agent.Core.Utilities;`
`6`	`6`	`using NewRelic.Core;`
	`7`	`+using NewRelic.Agent.Core.Configuration;`
`7`	`8`	`using NewRelic.Core.Logging;`
`8`	`9`	`using NewRelic.SystemInterfaces;`
`9`	`10`	`using System;`
`@@ -15,7 +16,6 @@`
`15`	`16`	`using System.Xml.Serialization;`
`16`	`17`	`#if NETSTANDARD2_0`
`17`	`18`	`using System.Reflection;`
`18`		`-using NewRelic.Agent.Core.Configuration;`
`19`	`19`	`#endif`
`20`	`20`
`21`	`21`	`namespace NewRelic.Agent.Core.Config`
`@@ -139,7 +139,7 @@ public static string GetAgentConfigFileName()`
`139`	`139`	`if (fileName != null)`
`140`	`140`	`return fileName;`
`141`	`141`
`142`		`- throw new Exception(string.Format("Could not find {0} in NewRelic.ConfigFile path, application root, New Relic home directory, or working directory.", NewRelicConfigFileName));`
	`142`	`+ throw new Exception(string.Format("Could not find {0} in {1} path, application root, New Relic home directory, or working directory.", NewRelicConfigFileName, Constants.AppSettingsConfigFile));`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`private static string TryGetAgentConfigFileFromAppConfig()`
`@@ -149,13 +149,13 @@ private static string TryGetAgentConfigFileFromAppConfig()`
`149`	`149`
`150`	`150`	`try`
`151`	`151`	`{`
`152`		`- var fileName = AppSettingsConfigResolveWhenUsed.GetAppSetting("NewRelic.ConfigFile");`
	`152`	`+ var fileName = AppSettingsConfigResolveWhenUsed.GetAppSetting(Constants.AppSettingsConfigFile);`
`153`	`153`	`if (!File.Exists(fileName))`
`154`	`154`	`{`
`155`	`155`	`return null;`
`156`	`156`	`}`
`157`	`157`
`158`		`- Log.Info("Configuration file found in path pointed to by NewRelic.ConfigFile appSetting: {0}", fileName);`
	`158`	`+ Log.Info("Configuration file found in path pointed to by {0} appSetting: {1}", Constants.AppSettingsConfigFile, fileName);`
`159`	`159`	`return fileName;`
`160`	`160`	`}`
`161`	`161`	`catch (Exception)`
`@@ -166,13 +166,13 @@ private static string TryGetAgentConfigFileFromAppConfig()`
`166`	`166`	`#else`
`167`	`167`	`try`
`168`	`168`	`{`
`169`		`- var fileName = GetConfigSetting("NewRelic.ConfigFile").Value;`
	`169`	`+ var fileName = GetConfigSetting(Constants.AppSettingsConfigFile).Value;`
`170`	`170`	`if (!FileExists(fileName))`
`171`	`171`	`{`
`172`	`172`	`return null;`
`173`	`173`	`}`
`174`	`174`
`175`		`- Log.Info("Configuration file found in path pointed to by NewRelic.ConfigFile appSetting of app/web config: {0}", fileName);`
	`175`	`+ Log.Info("Configuration file found in path pointed to by {0} appSetting of app/web config: {1}", Constants.AppSettingsConfigFile, fileName);`
`176`	`176`	`return fileName;`
`177`	`177`	`}`
`178`	`178`	`catch (Exception)`
`@@ -674,7 +674,7 @@ public configuration Initialize(string xml, string provenance)`
`674`	`674`
`675`	`675`	`try`
`676`	`676`	`{`
`677`		`- var enabledProvenance = ConfigurationLoader.GetConfigSetting("NewRelic.AgentEnabled");`
	`677`	`+ var enabledProvenance = ConfigurationLoader.GetConfigSetting(Constants.AppSettingsAgentEnabled);`
`678`	`678`	`if (enabledProvenance != null && enabledProvenance.Value != null && bool.Parse(enabledProvenance.Value) == false)`
`679`	`679`	`{`
`680`	`680`	`agentEnabled = false;`
`@@ -683,7 +683,7 @@ public configuration Initialize(string xml, string provenance)`
`683`	`683`	`}`
`684`	`684`	`catch`
`685`	`685`	`{`
`686`		`- Log.Error("Failed to read NewRelic.AgentEnabled from local config.");`
	`686`	`+ Log.Error($"Failed to read {Constants.AppSettingsAgentEnabled} from local config.");`
`687`	`687`	`}`
`688`	`688`
`689`	`689`	`return this;`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`using System;`
`6`	`6`	`using System.IO;`
`7`	`7`	`using Microsoft.Extensions.Configuration;`
	`8`	`+using NewRelic.Core;`
`8`	`9`	`using NewRelic.Core.Logging;`
`9`	`10`
`10`	`11`	`namespace NewRelic.Agent.Core.Configuration`
`@@ -79,6 +80,10 @@ public static string GetAppSetting(string key)`
`79`	`80`	`}`
`80`	`81`	`else`
`81`	`82`	`{`
	`83`	`+ if (key.Equals(Constants.AppSettingsLicenseKey))`
	`84`	`+ {`
	`85`	`+ value = Strings.ObfuscateLicenseKey(value);`
	`86`	`+ }`
`82`	`87`	`Log.Debug($"Reading value from appsettings.json and appsettings.*.json: '{key}={value}'");`
`83`	`88`	`}`
`84`	`89`	`}`
Original file line number	Diff line number	Diff line change
`@@ -198,7 +198,7 @@ public virtual bool AgentEnabled`
`198`	`198`	`{`
`199`	`199`	`lock (_lockObj)`
`200`	`200`	`{`
`201`		`- _agentEnabledAppSettingParsed ??= bool.TryParse(_configurationManagerStatic.GetAppSetting("NewRelic.AgentEnabled"),`
	`201`	`+ _agentEnabledAppSettingParsed ??= bool.TryParse(_configurationManagerStatic.GetAppSetting(Constants.AppSettingsAgentEnabled),`
`202`	`202`	`out _appSettingAgentEnabled);`
`203`	`203`	`}`
`204`	`204`	`}`
`@@ -216,7 +216,7 @@ public virtual string AgentLicenseKey`
`216`	`216`	`if (_agentLicenseKey != null)`
`217`	`217`	`return _agentLicenseKey;`
`218`	`218`
`219`		`- _agentLicenseKey = _configurationManagerStatic.GetAppSetting("NewRelic.LicenseKey")`
	`219`	`+ _agentLicenseKey = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsLicenseKey)`
`220`	`220`	`?? EnvironmentOverrides(_localConfiguration.service.licenseKey, "NEW_RELIC_LICENSE_KEY", "NEWRELIC_LICENSEKEY");`
`221`	`221`
`222`	`222`	`if (_agentLicenseKey != null)`
`@@ -243,7 +243,7 @@ private IEnumerable<string> GetApplicationNames()`
`243`	`243`	`return runtimeAppNames;`
`244`	`244`	`}`
`245`	`245`
`246`		`- var appName = _configurationManagerStatic.GetAppSetting("NewRelic.AppName");`
	`246`	`+ var appName = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsAppName);`
`247`	`247`	`if (appName != null)`
`248`	`248`	`{`
`249`	`249`	`Log.Info("Application name from web.config or app.config.");`
`@@ -1361,7 +1361,7 @@ public virtual string Labels`
`1361`	`1361`	`{`
`1362`	`1362`	`if (!_labelsChecked)`
`1363`	`1363`	`{`
`1364`		`- var labels = _configurationManagerStatic.GetAppSetting("NewRelic.Labels");`
	`1364`	`+ var labels = _configurationManagerStatic.GetAppSetting(Constants.AppSettingsLabels);`
`1365`	`1365`	`if (labels != null)`
`1366`	`1366`	`{`
`1367`	`1367`	`Log.Info("Application labels from web.config, app.config, or appsettings.json.");`