feat: Sanitize request body in BoxAPIError (box/box-codegen#948) (#1844)

Author: box-sdk-build

.codegen.json

@@ -1 +1 @@
-{ "engineHash": "0f85d1e", "specHash": "576cd17", "version": "10.11.0" }
+{ "engineHash": "78a8dc0", "specHash": "576cd17", "version": "10.11.0" }

src/main/java/com/box/sdkgen/box/errors/BoxAPIError.java

@@ -27,7 +27,16 @@ public static BoxAPIError fromAPICall(
       FetchResponse fetchResponse,
       String rawResponseBody,
       DataSanitizer dataSanitizer) {
-    RequestInfo requestInfo = RequestInfo.fromRequest(request);
+    return fromAPICall(request, fetchResponse, rawResponseBody, dataSanitizer, null);
+  }
+
+  public static BoxAPIError fromAPICall(
+      Request request,
+      FetchResponse fetchResponse,
+      String rawResponseBody,
+      DataSanitizer dataSanitizer,
+      String contentType) {
+    RequestInfo requestInfo = RequestInfo.fromRequest(request, contentType);
     ResponseInfo responseInfo = ResponseInfo.fromResponse(fetchResponse, rawResponseBody);
 
     String requestId =

src/main/java/com/box/sdkgen/box/errors/RequestInfo.java

@@ -19,6 +19,8 @@ public class RequestInfo {
 
   public String body;
 
+  public String contentType;
+
   public RequestInfo(
       String method, String url, Map<String, String> queryParams, Map<String, String> headers) {
     this.method = method;
@@ -33,6 +35,7 @@ protected RequestInfo(Builder builder) {
     this.queryParams = builder.queryParams;
     this.headers = builder.headers;
     this.body = builder.body;
+    this.contentType = builder.contentType;
   }
 
   public String getMethod() {
@@ -55,6 +58,10 @@ public String getBody() {
     return body;
   }
 
+  public String getContentType() {
+    return contentType;
+  }
+
   public static class Builder {
 
     protected final String method;
@@ -67,6 +74,8 @@ public static class Builder {
 
     protected String body;
 
+    protected String contentType;
+
     public Builder(
         String method, String url, Map<String, String> queryParams, Map<String, String> headers) {
       this.method = method;
@@ -80,12 +89,21 @@ public Builder body(String body) {
       return this;
     }
 
+    public Builder contentType(String contentType) {
+      this.contentType = contentType;
+      return this;
+    }
+
     public RequestInfo build() {
       return new RequestInfo(this);
     }
   }
 
   public static RequestInfo fromRequest(Request request) {
+    return fromRequest(request, null);
+  }
+
+  public static RequestInfo fromRequest(Request request, String contentType) {
     Builder requestInfoBuilder =
         new Builder(
                 request.method(),
@@ -95,7 +113,8 @@ public static RequestInfo fromRequest(Request request) {
                         Collectors.toMap(name -> name, name -> request.url().queryParameter(name))),
                 request.headers().toMultimap().entrySet().stream()
                     .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().get(0))))
-            .body(getRequestBodyAsString(request.body()));
+            .body(getRequestBodyAsString(request.body()))
+            .contentType(contentType);
 
     return new RequestInfo(requestInfoBuilder);
   }
@@ -116,6 +135,12 @@ private static String getRequestBodyAsString(RequestBody requestBody) {
   String print(DataSanitizer dataSanitizer) {
     Map<String, String> sanitizedHeaders =
         dataSanitizer == null ? headers : dataSanitizer.sanitizeHeaders(headers);
+    String sanitizedBody;
+    if (dataSanitizer == null || body == null) {
+      sanitizedBody = body;
+    } else {
+      sanitizedBody = dataSanitizer.sanitizeStringBody(body, contentType);
+    }
     return "RequestInfo{"
         + "\n\tmethod='"
         + method
@@ -128,7 +153,7 @@ String print(DataSanitizer dataSanitizer) {
         + ", \n\theaders="
         + sanitizedHeaders
         + ", \n\tbody='"
-        + body
+        + sanitizedBody
         + '\''
         + '}';
   }

src/main/java/com/box/sdkgen/internal/logging/DataSanitizer.java

@@ -3,7 +3,10 @@
 import static com.box.sdkgen.internal.utils.UtilsManager.entryOf;
 import static com.box.sdkgen.internal.utils.UtilsManager.mapOf;
 import static com.box.sdkgen.internal.utils.UtilsManager.sanitizeMap;
+import static com.box.sdkgen.serialization.json.JsonManager.jsonToSerializedData;
+import static com.box.sdkgen.serialization.json.JsonManager.sanitizeFormEncodedBodyFromString;
 import static com.box.sdkgen.serialization.json.JsonManager.sanitizeSerializedData;
+import static com.box.sdkgen.serialization.json.JsonManager.sdToJson;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import java.util.Map;
@@ -36,4 +39,27 @@ public Map<String, String> sanitizeHeaders(Map<String, String> headers) {
   public JsonNode sanitizeBody(JsonNode body) {
     return sanitizeSerializedData(body, this.keysToSanitize);
   }
+
+  public String sanitizeFormEncodedBody(String body) {
+    return sanitizeFormEncodedBodyFromString(body, this.keysToSanitize);
+  }
+
+  public String sanitizeStringBody(String body) {
+    return sanitizeStringBody(body, null);
+  }
+
+  public String sanitizeStringBody(String body, String contentType) {
+    if (contentType.equals("application/json")
+        || contentType.equals("application/json-patch+json")) {
+      try {
+        return sdToJson(this.sanitizeBody(jsonToSerializedData(body)));
+      } catch (Exception exception) {
+        return body;
+      }
+    }
+    if (contentType.equals("application/x-www-form-urlencoded")) {
+      return this.sanitizeFormEncodedBody(body);
+    }
+    return body;
+  }
 }

src/main/java/com/box/sdkgen/networking/boxnetworkclient/BoxNetworkClient.java

@@ -255,6 +255,7 @@ public FetchResponse fetch(FetchOptions options) {
           fetchResponse,
           rawResponseBody,
           exceptionThrown,
+          fetchOptions.getContentType(),
           networkSession.getDataSanitizer());
     }
   }
@@ -367,12 +368,14 @@ private static void throwOnUnsuccessfulResponse(
       FetchResponse fetchResponse,
       String rawResponseBody,
       Exception exceptionThrown,
+      String contentType,
       DataSanitizer dataSanitizer) {
     if (fetchResponse.getStatus() == 0 && exceptionThrown != null) {
       throw new BoxSDKError(exceptionThrown.getMessage(), exceptionThrown);
     }
     try {
-      throw BoxAPIError.fromAPICall(request, fetchResponse, rawResponseBody, dataSanitizer);
+      throw BoxAPIError.fromAPICall(
+          request, fetchResponse, rawResponseBody, dataSanitizer, contentType);
     } finally {
       try {
         if (fetchResponse.getContent() != null) {

src/main/java/com/box/sdkgen/serialization/json/JsonManager.java

@@ -113,4 +113,35 @@ public static JsonNode sanitizeSerializedData(JsonNode sd, Map<String, String> k
 
     return new ObjectMapper().valueToTree(sanitizedDictionary);
   }
+
+  public static String sanitizeFormEncodedBodyFromString(
+      String body, Map<String, String> keysToSanitize) {
+    if (body == null) {
+      return null;
+    }
+
+    String[] parameters = body.split("&", -1);
+    StringBuilder sanitizedBodyBuilder = new StringBuilder();
+    for (int i = 0; i < parameters.length; i++) {
+      if (i > 0) {
+        sanitizedBodyBuilder.append("&");
+      }
+      sanitizedBodyBuilder.append(sanitizeFormEncodedParameter(parameters[i], keysToSanitize));
+    }
+    return sanitizedBodyBuilder.toString();
+  }
+
+  private static String sanitizeFormEncodedParameter(
+      String parameter, Map<String, String> keysToSanitize) {
+    int separatorIndex = parameter.indexOf("=");
+    if (separatorIndex < 0) {
+      return parameter;
+    }
+
+    String key = parameter.substring(0, separatorIndex);
+    String value = parameter.substring(separatorIndex + 1);
+    String sanitizedValue =
+        keysToSanitize.containsKey(key.toLowerCase(Locale.ROOT)) ? sanitizedValue() : value;
+    return key + "=" + sanitizedValue;
+  }
 }