Open
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
rads-1996
commented
Mar 12, 2026
rads-1996
commented
Mar 12, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the URL field redaction configuration in AppInsightsCore by separating control of credential redaction vs query-parameter redaction, and expands unit test coverage for the new configuration behavior.
Changes:
- Introduces separate query-parameter redaction configuration (
redactQueryParamsboolean + append/replace query param lists). - Updates
fieldRedaction()/ query-parameter redaction selection logic to respect the new configuration shape. - Adjusts and adds unit tests covering disabled redaction, credential-only redaction, and custom query param modes.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| shared/AppInsightsCore/Tests/Unit/src/ai/ApplicationInsightsCore.Tests.ts | Adds/updates FieldRedaction unit tests for new query-param config modes and flag interactions. |
| shared/AppInsightsCore/Tests/Unit/src/ai/AppInsightsCommon.tests.ts | Updates dataSanitizeUrl test config usage and adds coverage for “replace default sensitive params” behavior. |
| shared/AppInsightsCore/src/utils/EnvUtils.ts | Updates query-param redaction selection and splits credential vs query redaction behavior in fieldRedaction(). |
| shared/AppInsightsCore/src/interfaces/ai/IConfiguration.ts | Changes the public config surface for URL redaction (new boolean + new append/replace arrays). |
Comments suppressed due to low confidence (1)
shared/AppInsightsCore/Tests/Unit/src/ai/ApplicationInsightsCore.Tests.ts:2264
- Test name/assert message say this covers an "empty redactQueryParams array", but the test now uses
let config = {} as IConfiguration;(no empty array / no query-param config at all). Either pass an explicit empty list (for the new config shape) or rename the test/message so it matches what’s being exercised.
this.testCase({
name: "FieldRedaction: should handle empty redactQueryParams array",
test: () => {
let config = {} as IConfiguration;
// Should still redact default parameters
const url = "https://example.com/path?Signature=secret&custom_param=value";
const redactedLocation = fieldRedaction(url, config);
Assert.equal(redactedLocation, "https://example.com/path?Signature=REDACTED&custom_param=value",
"URL with default sensitive parameters should still be redacted with empty custom array");
You can also share your feedback on Copilot code review. Take the survey.
shared/AppInsightsCore/Tests/Unit/src/ai/ApplicationInsightsCore.Tests.ts
Show resolved
Hide resolved
Member
Author
|
Will document all the changes once decide all the config changes. |
rads-1996
force-pushed
the
dynamic-config-for-url-redaction
branch
from
71e3d85 to
b4d41fd
Compare
MSNev
reviewed
Mar 13, 2026
MSNev
requested changes
Mar 13, 2026
rads-1996
commented
Mar 16, 2026
rads-1996
commented
Mar 18, 2026
| } | ||
|
|
||
| if (config && config.redactQueryParams) { | ||
| const option = config ? config.redactUrls : undefined; |
Member
Author
There was a problem hiding this comment.
I added this check here to avoid having to change the function arguments.
MSNev
reviewed
Mar 19, 2026
| * Controls how the user can configure which parts of the URL should be redacted. Example, certain query parameters, username and password, etc. | ||
| */ | ||
|
|
||
| export const enum UrlRedactionOptions { |
Collaborator
There was a problem hiding this comment.
OK, looking good just a couple of comments
- const enum is excellent and it's what we want to use internally (like you have)
minor changes
- the const enum should be named with a leading lowercase "e"
- As this is usable from the
IConfigurationit also needs to be exported from the index - Because of the exporting requirement we "should" probably also create a user usable enum using createEnumStyle
- We should also export a type (the name you have now without a leading lowercase "e") and use this in the IConfiguration (so that files doesn't need to change)
Examples of what I'm talking about for the enum definitions are in https://github.com/microsoft/ApplicationInsights-JS/blob/main/shared/AppInsightsCore/src/enums/ai/EventsDiscardedReason.ts
Member
Author
There was a problem hiding this comment.
I have addressed the comments. PTAL when you have time. Thanks!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.