Sanitize fields

datadog_checks_base/datadog_checks/base/checks/base.py

@@ -396,7 +396,7 @@ def diagnosis(self):
         A Diagnosis object to register explicit diagnostics and record diagnoses.
         """
         if not hasattr(self, '_diagnosis'):
-            self._diagnosis = Diagnosis()
+            self._diagnosis = Diagnosis(sanitize=self.sanitize)
         return self._diagnosis
 
     def get_tls_context(self, refresh=False, overrides=None):

datadog_checks_base/datadog_checks/base/utils/diagnose.py

@@ -47,11 +47,17 @@ class Diagnosis:
     DIAGNOSIS_WARNING = 2
     DIAGNOSIS_UNEXPECTED_ERROR = 3
 
-    def __init__(self):
+    def __init__(self, sanitize=None):
         # Holds results
         self._diagnoses = []
         # Holds explicit diagnostic routines (callables)
         self._diagnostics = []
+        # Sanitization function
+        if sanitize is not None:
+            # We need to account for a field being `None`, with the sanitizer might not do
+            self._sanitize = lambda t: t and sanitize(t)
+        else:
+            self._sanitize = lambda t: t
 
     def clear(self):
         """Remove all cached diagnoses."""
@@ -130,7 +136,13 @@ def diagnoses(self):
         """The list of cached diagnostics."""
         return self._diagnoses
 
-    @classmethod
-    def _result(cls, result, name, diagnosis, category=None, description=None, remediation=None, raw_error=None):
-        # Note: Once we drop py2 we can use `defaults` in the `namedtuple` instead of this constructor
-        return cls.Result(result, name, diagnosis, category, description, remediation, raw_error)
+    def _result(self, result, name, diagnosis, category=None, description=None, remediation=None, raw_error=None):
+        return self.Result(
+            result,
+            name,
+            diagnosis,
+            category,
+            self._sanitize(description),
+            self._sanitize(remediation),
+            self._sanitize(raw_error),
+        )

datadog_checks_base/tests/base/utils/test_diagnose.py

@@ -103,3 +103,44 @@ def good_diagnostic(self):
         Diagnosis.Result(Diagnosis.DIAGNOSIS_UNEXPECTED_ERROR, "", "", None, None, None, "something went wrong"),
         Diagnosis.Result(Diagnosis.DIAGNOSIS_SUCCESS, "foo check", "explicit diagnosis", None, None, None, None),
     ]
+
+
+def test_diagnose_fields_get_sanitized():
+    fields_with_secrets = {
+        "description": "something's wrong with your secret",
+        "remediation": "change your secret to something else",
+    }
+
+    class Foo(AgentCheck):
+        def __init__(self, name, init_config, instances):
+            super(Foo, self).__init__(name, init_config, instances)
+
+            self.diagnosis.register(self.bad_diagnostic)
+            self.register_secret("secret")
+
+        def check(self, _):
+            self.diagnosis.success("foo check", "ok", **fields_with_secrets)
+            self.diagnosis.fail("foo check", "fail", **fields_with_secrets)
+            self.diagnosis.warning("foo check", "warn", **fields_with_secrets)
+
+        def bad_diagnostic(self):
+            raise Exception("something went wrong with secret")
+
+    check = Foo("foo", {}, [{}])
+    check.run()
+
+    expected_fields = {
+        "category": None,
+        "description": "something's wrong with your ********",
+        "remediation": "change your ******** to something else",
+        "raw_error": None,
+    }
+
+    assert check.get_diagnoses() == [
+        Diagnosis.Result(Diagnosis.DIAGNOSIS_SUCCESS, "foo check", "ok", **expected_fields),
+        Diagnosis.Result(Diagnosis.DIAGNOSIS_FAIL, "foo check", "fail", **expected_fields),
+        Diagnosis.Result(Diagnosis.DIAGNOSIS_WARNING, "foo check", "warn", **expected_fields),
+        Diagnosis.Result(
+            Diagnosis.DIAGNOSIS_UNEXPECTED_ERROR, "", "", None, None, None, "something went wrong with ********"
+        ),
+    ]