Increase limit for AZP_IGNORE_SECRETS_SHORTER_THAN knob to 6 (#4214)

* Update secret masker length limit * Make property static * Decrease limit to 6 * Update tests * Update tests * Update comment --------- Co-authored-by: Kirill Ivlev <102740624+kirill-ivlev@users.noreply.github.com>
microsoft · Mar 28, 2023 · 4e4f00c · 4e4f00c
1 parent e5c6c57
commit 4e4f00c
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 10 deletions.
diff --git a/src/Agent.Sdk/Util/ILoggedSecretMasker.cs b/src/Agent.Sdk/Util/ILoggedSecretMasker.cs
@@ -8,7 +8,7 @@ namespace Agent.Sdk.Util
     /// </summary>
     public interface ILoggedSecretMasker : ISecretMasker
     {
-        int MinSecretLengthLimit { get; }
+        static int MinSecretLengthLimit { get; }
 
         void AddRegex(String pattern, string origin);
         void AddValue(String value, string origin);

diff --git a/src/Agent.Sdk/Util/LoggedSecretMasker.cs b/src/Agent.Sdk/Util/LoggedSecretMasker.cs
@@ -70,8 +70,9 @@ public void AddRegex(string pattern, string origin)
             AddRegex(pattern);
         }
 
-        // We don't allow to skip secrets longer than 4 characters.
-        public int MinSecretLengthLimit => 4;
+        // We don't allow to skip secrets longer than 5 characters.
+        // Note: the secret that will be ignored is of length n-1.
+        public static int MinSecretLengthLimit => 6;
 
         public int MinSecretLength
         {

diff --git a/src/Test/L0/SecretMaskerTests/LoggedSecretMaskerL0.cs b/src/Test/L0/SecretMaskerTests/LoggedSecretMaskerL0.cs
@@ -58,15 +58,31 @@ public void LoggedSecretMasker_ShortSecret_Removes_From_Dictionary_BoundaryValue
         {
             var lsm = new LoggedSecretMasker(_secretMasker)
             {
-                MinSecretLength = 3
+                MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit
             };
-            var inputMessage = "123456";
+            var inputMessage = "1234567";
 
-            lsm.AddValue("123");
-            lsm.RemoveShortSecretsFromDictionary();
+            lsm.AddValue("12345");
+            var resultMessage = lsm.MaskSecrets(inputMessage);
+
+            Assert.Equal("1234567", resultMessage);
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "SecretMasker")]
+        public void LoggedSecretMasker_ShortSecret_Removes_From_Dictionary_BoundaryValue2()
+        {
+            var lsm = new LoggedSecretMasker(_secretMasker)
+            {
+                MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit
+            };
+            var inputMessage = "1234567";
+
+            lsm.AddValue("123456");
             var resultMessage = lsm.MaskSecrets(inputMessage);
 
-            Assert.Equal("***456", resultMessage);
+            Assert.Equal("***7", resultMessage);
         }
 
         [Fact]
@@ -91,9 +107,9 @@ public void LoggedSecretMasker_Skipping_ShortSecrets()
         public void LoggedSecretMasker_Sets_MinSecretLength_To_MaxValue()
         {
             var lsm = new LoggedSecretMasker(_secretMasker);
-            var expectedMinSecretsLengthValue = lsm.MinSecretLengthLimit;
+            var expectedMinSecretsLengthValue = LoggedSecretMasker.MinSecretLengthLimit;
 
-            lsm.MinSecretLength = 5;
+            lsm.MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit + 1;
 
             Assert.Equal(expectedMinSecretsLengthValue, lsm.MinSecretLength);
         }