From eb39be7b002b38d7c2885078c4e506160014e458 Mon Sep 17 00:00:00 2001 From: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:56:38 -0800 Subject: [PATCH] Fix code ql by logging the response and not sending it in exception (#5085) * Fix code ql by logging the response and not sending it in exception * Update src/client/Microsoft.Identity.Client/MsalErrorMessage.cs Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com> --------- Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com> --- src/client/Microsoft.Identity.Client/MsalErrorMessage.cs | 3 ++- .../WsTrust/WsTrustWebRequestManager.cs | 5 +++-- .../CoreTests/WsTrustTests/WsTrustTests.cs | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs index 39ace37dcb..3b7e86db6d 100644 --- a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs +++ b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs @@ -189,7 +189,8 @@ public static string iOSBrokerKeySaveFailed(string keyChainResult) public const string PlatformNotSupported = "Platform Not Supported"; public const string FederatedServiceReturnedErrorTemplate = "Federated service at {0} returned error: {1} "; - public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error: Body {1} "; + public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error. Enable logging with PII to see more details. See https://aka.ms/msal-net-logging."; + public const string UnknownUserType = "Unknown User Type"; public const string ParsingWsTrustResponseFailedDueToConfiguration = "There was an error parsing the WS-Trust response from the endpoint. " + "\nThis may occur if there are issues with your ADFS configuration. See https://aka.ms/msal-net-iwa-troubleshooting for more details." + diff --git a/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs b/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs index 43bff88831..cf1ec7901a 100644 --- a/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs +++ b/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs @@ -151,11 +151,12 @@ public async Task GetWsTrustResponseAsync( } catch (System.Xml.XmlException ex) { + requestContext.Logger.ErrorPii("Error parsing WS-Trust response: \n" + resp.Body, "Error parsing WS-Trust response. "); + string message = string.Format( CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, - wsTrustEndpoint.Uri, - resp.Body); + wsTrustEndpoint.Uri); throw new MsalClientException( MsalError.ParsingWsTrustResponseFailed, message, ex); diff --git a/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs b/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs index 5a3480417a..486916bc8d 100644 --- a/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs @@ -99,7 +99,7 @@ public async Task WsTrustRequestParseErrorTestAsync() { const string body = "Non-Parsable"; const string uri = "https://some/address/usernamemixed"; - string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri, body); + string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri); var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13);