search

serilog-contrib / Serilog.Enrichers.Sensitive

A Serilog LogEvent enricher that masks sensitive data
MIT License
114 stars 23 forks source link

FromLogContext property with destructured object are not masked #30

Closed geminixandroid closed 9 months ago

geminixandroid commented 1 year ago 
using var logContext = LogContext.PushProperty("Message", someObject, true);
logger.LogInformation("some text")

How to mask someObject property?

sandermvanvliet commented 9 months ago

I've created a reproduction test case for this and the problem is with the order in which enrichers are configured on the logger. In order for log context properties to be masked correctly, the sensitive data masking enricher must be added last.

This will work:

var logger = new LoggerConfiguration()
   .Enrich.FromLogContext()
   .Enrich.WithSensitiveDataMasking()
   .CreateLogger();

LogContext.PushProperty("Prop", "test@example.com");

logger.Information("Hello, world!");

// Prop will be ***MASKED***

This will NOT work:

var logger = new LoggerConfiguration()
   .Enrich.WithSensitiveDataMasking()
   .Enrich.FromLogContext()
   .CreateLogger();

LogContext.PushProperty("Prop", "test@example.com");

logger.Information("Hello, world!");

// Prop will be test@example.com

Unfortunately right now there isn't much I can do about that.

geminixandroid commented 9 months ago

@sandermvanvliet, thank you very much :)

sandermvanvliet commented 9 months ago

Alternatively, I would recommend this approach if possible:

var logger = Log.Logger.ForContext("myprop", "myval");

logger.Information("Hello, world!");

in this case the property is always masked if you add that property to the masking configuration.