RE1-T102 PR#281 fixes

ucswift · ucswift · commit 23829fdafa8b · 2026-02-17T12:26:08.000-08:00
diff --git a/Web/Resgrid.Web.Mcp/Controllers/McpController.cs b/Web/Resgrid.Web.Mcp/Controllers/McpController.cs
@@ -7,6 +7,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using ModelContextProtocol.Server;
+using Resgrid.Web.Mcp.Infrastructure;
 
 namespace Resgrid.Web.Mcp.Controllers
 {
@@ -55,16 +56,18 @@ public async Task<IActionResult> HandleRequest(CancellationToken cancellationTok
 							message = "Invalid Request: Empty request body"
 						}
 					});
-				}
+			}
 
-				_logger.LogDebug("Received MCP request: {Request}", requestBody);
+			var redactedRequest = SensitiveDataRedactor.RedactSensitiveFields(requestBody);
+			_logger.LogDebug("Received MCP request: {Request}", redactedRequest);
 
-				// Process the request through the MCP handler
-				var response = await _mcpHandler.HandleRequestAsync(requestBody, cancellationToken);
+			// Process the request through the MCP handler
+			var response = await _mcpHandler.HandleRequestAsync(requestBody, cancellationToken);
 
-				_logger.LogDebug("Sending MCP response: {Response}", response);
+			var redactedResponse = SensitiveDataRedactor.RedactSensitiveFields(response);
+			_logger.LogDebug("Sending MCP response: {Response}", redactedResponse);
 
-				// Return the JSON-RPC response
+			// Return the JSON-RPC response
 				return Content(response, "application/json");
 			}
 			catch (JsonException ex)
diff --git a/Web/Resgrid.Web.Mcp/Infrastructure/SensitiveDataRedactor.Test.cs b/Web/Resgrid.Web.Mcp/Infrastructure/SensitiveDataRedactor.Test.cs
@@ -0,0 +1,50 @@
+﻿using System;
+using System.Text.Json;
+using Resgrid.Web.Mcp.Infrastructure;
+
+namespace Resgrid.Web.Mcp.Tests
+{
+	/// <summary>
+	/// Simple test examples for SensitiveDataRedactor
+	/// </summary>
+	public static class SensitiveDataRedactorTests
+	{
+		public static void RunTests()
+		{
+			Console.WriteLine("Testing SensitiveDataRedactor...\n");
+
+			// Test 1: Redact password
+			var jsonWithPassword = @"{""username"":""john.doe"",""password"":""secret123""}";
+			var redacted1 = SensitiveDataRedactor.RedactSensitiveFields(jsonWithPassword);
+			Console.WriteLine($"Original: {jsonWithPassword}");
+			Console.WriteLine($"Redacted: {redacted1}\n");
+
+			// Test 2: Redact token and apikey
+			var jsonWithToken = @"{""token"":""Bearer abc123"",""apikey"":""xyz789"",""data"":""safe data""}";
+			var redacted2 = SensitiveDataRedactor.RedactSensitiveFields(jsonWithToken);
+			Console.WriteLine($"Original: {jsonWithToken}");
+			Console.WriteLine($"Redacted: {redacted2}\n");
+
+			// Test 3: Nested JSON with sensitive fields
+			var nestedJson = @"{""user"":{""username"":""jane"",""password"":""pass456""},""sessionToken"":""token123""}";
+			var redacted3 = SensitiveDataRedactor.RedactSensitiveFields(nestedJson);
+			Console.WriteLine($"Original: {nestedJson}");
+			Console.WriteLine($"Redacted: {redacted3}\n");
+
+			// Test 4: JSON-RPC request with params containing sensitive data
+			var jsonRpcRequest = @"{""jsonrpc"":""2.0"",""method"":""authenticate"",""params"":{""username"":""admin"",""password"":""admin123""},""id"":1}";
+			var redacted4 = SensitiveDataRedactor.RedactSensitiveFields(jsonRpcRequest);
+			Console.WriteLine($"Original: {jsonRpcRequest}");
+			Console.WriteLine($"Redacted: {redacted4}\n");
+
+			// Test 5: Invalid JSON (should return metadata only)
+			var invalidJson = "not valid json {";
+			var redacted5 = SensitiveDataRedactor.RedactSensitiveFields(invalidJson);
+			Console.WriteLine($"Original: {invalidJson}");
+			Console.WriteLine($"Redacted: {redacted5}\n");
+
+			Console.WriteLine("All tests completed!");
+		}
+	}
+}
+
diff --git a/Web/Resgrid.Web.Mcp/Infrastructure/SensitiveDataRedactor.cs b/Web/Resgrid.Web.Mcp/Infrastructure/SensitiveDataRedactor.cs
@@ -0,0 +1,148 @@
+﻿using System.Text.Json;
+using System.Text.Json.Nodes;
+
+namespace Resgrid.Web.Mcp.Infrastructure
+{
+	/// <summary>
+	/// Provides functionality to redact sensitive fields from JSON payloads before logging
+	/// </summary>
+	public static class SensitiveDataRedactor
+	{
+		private static readonly string[] SensitiveFields = new[]
+		{
+			"password",
+			"username",
+			"token",
+			"ssn",
+			"email",
+			"apikey",
+			"api_key",
+			"secret",
+			"authorization",
+			"auth",
+			"credentials",
+			"credit_card",
+			"creditcard",
+			"cvv",
+			"pin"
+		};
+
+		private const string RedactedValue = "***REDACTED***";
+
+		/// <summary>
+		/// Redacts sensitive fields from a JSON string
+		/// </summary>
+		/// <param name="jsonString">The JSON string to redact</param>
+		/// <returns>A redacted version of the JSON string, or metadata if parsing fails</returns>
+		public static string RedactSensitiveFields(string jsonString)
+		{
+			if (string.IsNullOrWhiteSpace(jsonString))
+			{
+				return string.Empty;
+			}
+
+			try
+			{
+				var jsonNode = JsonNode.Parse(jsonString);
+				if (jsonNode == null)
+				{
+					return GetMetadataOnly(jsonString);
+				}
+
+				RedactNode(jsonNode);
+				return jsonNode.ToJsonString(new JsonSerializerOptions { WriteIndented = false });
+			}
+			catch (JsonException)
+			{
+				// If parsing fails, return only metadata
+				return GetMetadataOnly(jsonString);
+			}
+		}
+
+		/// <summary>
+		/// Extracts only metadata from a JSON string without sensitive data
+		/// </summary>
+		/// <param name="jsonString">The JSON string</param>
+		/// <returns>A string containing only metadata</returns>
+		private static string GetMetadataOnly(string jsonString)
+		{
+			try
+			{
+				using var doc = JsonDocument.Parse(jsonString);
+				var root = doc.RootElement;
+
+				var metadata = new
+				{
+					method = root.TryGetProperty("method", out var method) ? method.GetString() : null,
+					id = root.TryGetProperty("id", out var id) ? id.ToString() : null,
+					jsonrpc = root.TryGetProperty("jsonrpc", out var jsonrpc) ? jsonrpc.GetString() : null,
+					hasParams = root.TryGetProperty("params", out _),
+					hasResult = root.TryGetProperty("result", out _),
+					hasError = root.TryGetProperty("error", out _)
+				};
+
+				return JsonSerializer.Serialize(metadata);
+			}
+			catch
+			{
+				return $"[Length: {jsonString.Length} bytes]";
+			}
+		}
+
+		/// <summary>
+		/// Recursively redacts sensitive fields in a JSON node
+		/// </summary>
+		/// <param name="node">The JSON node to redact</param>
+		private static void RedactNode(JsonNode node)
+		{
+			if (node is JsonObject jsonObject)
+			{
+				// Create a list of properties to avoid modifying while iterating
+				var propertiesToProcess = new System.Collections.Generic.List<System.Collections.Generic.KeyValuePair<string, JsonNode>>();
+				foreach (var property in jsonObject)
+				{
+					propertiesToProcess.Add(new System.Collections.Generic.KeyValuePair<string, JsonNode>(property.Key, property.Value));
+				}
+
+				foreach (var property in propertiesToProcess)
+				{
+					var propertyName = property.Key.ToLowerInvariant();
+
+					// Check if this property name matches a sensitive field
+					var isSensitive = false;
+					foreach (var sensitiveField in SensitiveFields)
+					{
+						if (propertyName.Contains(sensitiveField))
+						{
+							isSensitive = true;
+							break;
+						}
+					}
+
+					if (isSensitive)
+					{
+						jsonObject[property.Key] = RedactedValue;
+					}
+					else if (property.Value != null)
+					{
+						RedactNode(property.Value);
+					}
+				}
+			}
+			else if (node is JsonArray jsonArray)
+			{
+				for (int i = 0; i < jsonArray.Count; i++)
+				{
+					var item = jsonArray[i];
+					if (item != null)
+					{
+						RedactNode(item);
+					}
+				}
+			}
+		}
+	}
+}
+
+
+
