Adding sanitizer allow lists (#1386)

Author: nhpaine

lib/android_build/maesdk/src/main/java/com/microsoft/applications/events/Sanitizer.java

@@ -4,26 +4,45 @@
 //
 package com.microsoft.applications.events;
 
-public class Sanitizer  {
-    
+public class Sanitizer  {    
     /**
      * Initializes the sanitizer with the given logger pointer and optional notification event name.
      *
      * @param loggerNativePtr         Native pointer to ILogger.
      * @param notificationEventName   Optional event name for sanitizer notifications.
      * @param enforceSanitization     Flag to control whether sanitization is enforced.
+     * @param urlDomains             Array of URL domains to allow.
+     * @param emailDomains           Array of email domains to allow.
+     * @param analyzerOptions        Analyzer options flags (bitwise OR of values):
+     *                               0 = None (default - no special analyzer behaviors). SitePathLoose is the default behavior.
+     *                               1 = SitePathStrict (enables strict site path analysis)
+     *                               2 = SitePathLoose (enables loose site path analysis)
+     *                               Multiple flags can be combined with bitwise OR (e.g., 1 | 2 = 3)
      * @return true if initialization was successful, false otherwise.
      */
-    private static native boolean nativeInitialize(long loggerNativePtr, String notificationEventName, boolean enforceSanitization);
-
+    private static native boolean nativeInitialize(long loggerNativePtr, 
+        String notificationEventName,
+        boolean enforceSanitization, 
+        String[] urlDomains, 
+        String[] emailDomains, 
+        int analyzerOptions,
+        int sendConcernLimit);    
     /**
      * Initializes the sanitizer with the provided configuration.
      *
      * @param config The configuration settings used to initialize a sanitizer.
+     * @param urlDomains Array of URL domains to allow (can be null for empty list).
+     * @param emailDomains Array of email domains to allow (can be null for empty list).
+     * @param analyzerOptions Analyzer options flags (bitwise OR of values):
+     *                        0 = None (default - no special analyzer behaviors). SitePathLoose is the default behavior.
+     *                        1 = SitePathStrict (enables strict site path analysis)
+     *                        2 = SitePathLoose (enables loose site path analysis)
+     *                        Multiple flags can be combined with bitwise OR (e.g., 1 | 2 = 3)
+     * @param sendConcernLimit Maximum number of concerns to send. 0 = no concerns sent, 65536+ = all concerns sent.
      * @return true if initialization succeeds, false otherwise.
      * @throws IllegalArgumentException if config or any required field is null or invalid.
      */
-    public static boolean initialize(SanitizerConfiguration config)  {
+    public static boolean initialize(SanitizerConfiguration config, String[] urlDomains, String[] emailDomains, int analyzerOptions, int sendConcernLimit)  {
 
         // Validate that the configuration object is not null
         if(config == null) {
@@ -43,7 +62,11 @@ public static boolean initialize(SanitizerConfiguration config)  {
         return nativeInitialize(
             config.getLogger().getNativeILoggerPtr(), 
             config.getNotificationEventName(),
-            config.isEnforceSanitization());
+            config.isEnforceSanitization(),
+            urlDomains,
+            emailDomains,
+            analyzerOptions,
+            sendConcernLimit);
     }
 
     /**

lib/include/public/Version.hpp

@@ -6,8 +6,8 @@
 #define MAT_VERSION_HPP
 // WARNING: DO NOT MODIFY THIS FILE!
 // This file has been automatically generated, manual changes will be lost.
-#define BUILD_VERSION_STR "3.9.309.1"
-#define BUILD_VERSION 3,9,309,1
+#define BUILD_VERSION_STR "3.9.318.1"
+#define BUILD_VERSION 3,9,318,1
 
 #ifndef RESOURCE_COMPILER_INVOKED
 #include "ctmacros.hpp"
@@ -18,7 +18,7 @@ namespace MAT_NS_BEGIN {
 uint64_t const Version =
     ((uint64_t)3 << 48) |
     ((uint64_t)9 << 32) |
-    ((uint64_t)309 << 16) |
+    ((uint64_t)318 << 16) |
     ((uint64_t)1);
 
 } MAT_NS_END

lib/jni/Sanitizer_jni.cpp

@@ -23,19 +23,66 @@ Java_com_microsoft_applications_events_Sanitizer_isInitialized(const JNIEnv *env
     return spSanitizer != nullptr;
 }
 
-extern "C"
-JNIEXPORT jboolean JNICALL
-Java_com_microsoft_applications_events_Sanitizer_nativeInitialize(
+    /**
+     * Initializes the sanitizer with the provided configuration.
+     *
+     * @param iLoggerNativePtr Native pointer to the ILogger instance.
+     * @param notificationEventName Name of the event to log sanitizer concerns.
+     * @param warningsToSanitization If true, all warnings are treated as sanitizations.
+     * @param urlDomains Array of URL domains to allow (can be null for empty list).
+     * @param emailDomains Array of email domains to allow (can be null for empty list).
+     * @param analyzerOptions Analyzer options flags (bitwise OR of values):
+     *                        0 = None (default - no special analyzer behaviors). SitePathLoose is the default behavior.
+     *                        1 = SitePathStrict (enables strict site path analysis)
+     *                        2 = SitePathLoose (enables loose site path analysis)
+     *                        Multiple flags can be combined with bitwise OR (e.g., 1 | 2 = 3)
+     * @param sendConcernLimit Maximum number of concerns to send. 0 = no concerns sent, 65536+ = all concerns sent.
+     * **/
+    extern "C"
+    JNIEXPORT jboolean JNICALL
+    Java_com_microsoft_applications_events_Sanitizer_nativeInitialize(
         JNIEnv *env, jclass /* this */,
         jlong iLoggerNativePtr,
         jstring notificationEventName,
-        jboolean warningsToSanitization) {
+        jboolean warningsToSanitization,
+        jobjectArray urlDomains,
+        jobjectArray emailDomains,
+        jint analyzerOptions,
+        jint sendConcernLimit // number of concerns to upload. Set to 0 to upload none, greater than 65536 uploads everything.
+    ) {
 
     if (spSanitizer != nullptr) {
         return false;
     }
 
-    SanitizerConfiguration sanitizerConfig(reinterpret_cast<ILogger*>(iLoggerNativePtr));
+    std::vector<std::string> urlDomainsVec;
+    std::vector<std::string> emailDomainsVec;
+    
+    if (urlDomains != nullptr) {
+        jsize urlDomainsLength = env->GetArrayLength(urlDomains);
+        for (jsize i = 0; i < urlDomainsLength; i++) {
+            jstring domain = static_cast<jstring>(env->GetObjectArrayElement(urlDomains, i));
+            if (domain != nullptr) {
+                urlDomainsVec.push_back(JStringToStdString(env, domain));
+                env->DeleteLocalRef(domain);
+            }
+        }
+    }
+    
+    if (emailDomains != nullptr) {
+        jsize emailDomainsLength = env->GetArrayLength(emailDomains);
+        for (jsize i = 0; i < emailDomainsLength; i++) {
+            jstring domain = static_cast<jstring>(env->GetObjectArrayElement(emailDomains, i));
+            if (domain != nullptr) {
+                emailDomainsVec.push_back(JStringToStdString(env, domain));
+                env->DeleteLocalRef(domain);
+            }
+        }
+    }
+    
+    SanitizerConfiguration sanitizerConfig(reinterpret_cast<ILogger*>(iLoggerNativePtr), urlDomainsVec, emailDomainsVec, static_cast<size_t>(analyzerOptions));
+
+    sanitizerConfig.SendConcernLimit = sendConcernLimit;
 
     if (notificationEventName != nullptr) {
         sanitizerConfig.NotificationEventName = JStringToStdString(env, notificationEventName);

lib/modules

@@ -134,6 +134,21 @@ typedef NS_ENUM(NSInteger, ODWSessionState)
  */
 -(void)initializeSanitizerWithODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject;
 
+/*!
+ @brief Initialize the Sanitizer component with domain allow lists.
+ @param initConfigObject An instance of ODWSanitizerInitConfig that contains the configuration settings for the Sanitizer component. 
+There is a property on initConfigObject named "SendConcernLimit" that controls the maximum number of concerns uploaded. If set to 0, no concerns are uploaded.
+If set to 65536 or higher all concerns are uploaded. For n between 0 and 65536, n concerns are uploaded. This number cannot be changed after process start.
+ @param urlDomains Array of URL domains to allow (can be nil for empty list).
+ @param emailDomains Array of email domains to allow (can be nil for empty list).
+ @param analyzerOptions Analyzer options flags (bitwise OR of values):
+        - 0: None (default - no special analyzer behaviors)
+        - 1: SitePathStrict (enables strict site path analysis)
+        - 2: SitePathLoose (enables loose site path analysis)
+        Multiple flags can be combined with bitwise OR (e.g., 1 | 2 = 3)
+ */
+-(void)initializeSanitizerWithODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject urlDomains:(NSArray<NSString *> * _Nullable)urlDomains emailDomains:(NSArray<NSString *> * _Nullable)emailDomains analyzerOptions:(int)analyzerOptions;
+
 #pragma mark Set Context methods
 
 /*!

wrappers/obj-c/ODWLogger.h

@@ -1,3 +1,4 @@
+
 //
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
@@ -418,4 +419,9 @@ -(void)initializeSanitizerWithODWSanitizerInitConfig:(ODWSanitizerInitConfig *)i
 {
     [ODWSanitizer initializeSanitizer:_wrappedLogger withODWSanitizerInitConfig:initConfigObject];
 }
+
+-(void)initializeSanitizerWithODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject urlDomains:(NSArray<NSString *> *)urlDomains emailDomains:(NSArray<NSString *> *)emailDomains analyzerOptions:(int)analyzerOptions
+{
+    [ODWSanitizer initializeSanitizer:_wrappedLogger withODWSanitizerInitConfig:initConfigObject urlDomains:urlDomains emailDomains:emailDomains analyzerOptions:analyzerOptions];
+}
 @end

wrappers/obj-c/ODWLogger.mm

@@ -1,3 +1,4 @@
+
 //
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
@@ -19,19 +20,59 @@ @implementation ODWSanitizer
 std::shared_ptr<Sanitizer> _sanitizerPtr;
 
 +(void)initializeSanitizer:(ILogger *)logger withODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject
+{
+    if (_sanitizerPtr != nullptr)
+    {
+        return;
+    }    
+    std::vector<std::string> urlDomains;
+    std::vector<std::string> emailDomains;
+    SanitizerConfiguration config(logger, urlDomains, emailDomains, 0);
+
+    if ([initConfigObject notificationEventName] != nil)
+    {
+        config.NotificationEventName = [[initConfigObject notificationEventName] UTF8String];
+    }
+    config.SetAllWarningsToSanitizations = initConfigObject.setWarningsToSanitization;
+    config.SendConcernLimit = static_cast<size_t>(initConfigObject.sendConcernLimit);
+
+    _sanitizerPtr = std::make_shared<Sanitizer>(config);
+    LogManager::GetInstance()->SetDataInspector(_sanitizerPtr);
+}
+
++(void)initializeSanitizer:(ILogger *)logger withODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject urlDomains:(NSArray<NSString *> *)urlDomains emailDomains:(NSArray<NSString *> *)emailDomains analyzerOptions:(int)analyzerOptions
 {
     if (_sanitizerPtr != nullptr)
     {
         return;
     }
 
-    SanitizerConfiguration config(logger);
+    std::vector<std::string> urlDomainsVec;
+    std::vector<std::string> emailDomainsVec;
+    
+    if (urlDomains != nil)
+    {
+        for (NSString *domain in urlDomains)
+        {
+            urlDomainsVec.push_back([domain UTF8String]);
+        }
+    }
+    
+    if (emailDomains != nil)
+    {
+        for (NSString *domain in emailDomains)
+        {
+            emailDomainsVec.push_back([domain UTF8String]);
+        }
+    }
+    SanitizerConfiguration config(logger, urlDomainsVec, emailDomainsVec, static_cast<size_t>(analyzerOptions));
 
     if ([initConfigObject notificationEventName] != nil)
     {
         config.NotificationEventName = [[initConfigObject notificationEventName] UTF8String];
     }
     config.SetAllWarningsToSanitizations = initConfigObject.setWarningsToSanitization;
+    config.SendConcernLimit = static_cast<size_t>(initConfigObject.sendConcernLimit);
 
     _sanitizerPtr = std::make_shared<Sanitizer>(config);
     LogManager::GetInstance()->SetDataInspector(_sanitizerPtr);

wrappers/obj-c/ODWSanitizer.mm

@@ -20,6 +20,12 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(readwrite, nonatomic) BOOL setWarningsToSanitization;
 
+/*!
+ @brief (OPTIONAL) Total amount of SendConcerns that can be emitted. If set to 0 no concerns will be uploaded.
+        If set to 65536 or higher all concerns will be uploaded. Default value is `65536`.
+ */
+@property(readwrite, nonatomic) NSUInteger sendConcernLimit;
+
 // Initializer
 - (instancetype)init;
 

wrappers/obj-c/ODWSanitizerInitConfig.h

@@ -15,6 +15,7 @@ - (instancetype)init {
     if (self) {
         _notificationEventName = @"SanitizerConcerns";  // Default event name
         _setWarningsToSanitization = YES;               // Default to true
+        _sendConcernLimit = 65536;                      // Default to 65536 (upload all concerns)
     }
     return self;
 }

wrappers/obj-c/ODWSanitizerInitConfig.mm

@@ -22,6 +22,21 @@ NS_ASSUME_NONNULL_BEGIN
  @param initConfigObject the configuration
  */
 +(void)initializeSanitizer:(ILogger *)logger withODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject;
+
+/*!
+ @brief Initializes the sanitizer with domain allow lists
+ @param logger Logger used for reporting concerns
+ @param initConfigObject the configuration
+ @param urlDomains Array of URL domains to allow (can be nil for empty list)
+ @param emailDomains Array of email domains to allow (can be nil for empty list)
+ @param analyzerOptions Analyzer options flags (bitwise OR of values):
+        - 0: None (default - no special analyzer behaviors)
+        - 1: SitePathStrict (enables strict site path analysis)
+        - 2: SitePathLoose (enables loose site path analysis)
+        Multiple flags can be combined with bitwise OR (e.g., 1 | 2 = 3)
+ */
++(void)initializeSanitizer:(ILogger *)logger withODWSanitizerInitConfig:(ODWSanitizerInitConfig *)initConfigObject urlDomains:(NSArray<NSString *> * _Nullable)urlDomains emailDomains:(NSArray<NSString *> * _Nullable)emailDomains analyzerOptions:(int)analyzerOptions;
+
 @end
 
 NS_ASSUME_NONNULL_END