evjenio / masking.serilog Goto Github PK
View Code? Open in Web Editor NEWMasking sensitive information during logging to Serilog by hiding individual properties
License: Apache License 2.0
Masking sensitive information during logging to Serilog by hiding individual properties
License: Apache License 2.0
GIVEN an (internal or external) API
AND this API returns an exception on a certain endpoint
GIVEN a console application with using refit to call this API and this certain endpoint
AND Serilog is used for logging
AND Exception details on Serilog is enabled
AND this library is used for masking logs
THEN catching an exception from this certain endpoint
AND logging this exception
This will give an out of memory exception, because the masking library is trying to log the RefitSettings from the exception to the Exception details in Serilog. Because this RefitSettings contains circular references this keeps on hogging memory until the machines goes out of memory.
In this case it only happens on Refit, but I can imagine other libraries in combination with masking that can cause this.
The masking serilog failed to deconstruct an instance of record which inheriting from another record. Any code calling ILogger
interface will make the program stops working completely. Below is the debug messaging log:
2021-05-11T09:06:59.7952117Z The property accessor System.Reflection.GenericParameterAttributes GenericParameterAttributes threw exception System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
---> System.InvalidOperationException: Method may only be called on a Type for which Type.IsGenericParameter is true.
at System.RuntimeType.get_GenericParameterAttributes()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.RuntimePropertyInfo.GetValue(Object obj, BindingFlags invokeAttr, Binder binder, Object[] index, CultureInfo culture)
at System.Reflection.RuntimePropertyInfo.GetValue(Object obj, Object[] index)
at System.Reflection.PropertyInfo.GetValue(Object obj)
at Masking.Serilog.ByMasking.DestructureByMaskingPolicy.SafeGetPropertyValue(Object o, PropertyInfo pi)
2021-05-11T09:06:59.7975937Z Maximum destructuring depth reached.
Tech detail:
using System.Diagnostics;
using System.Threading;
using System.Threading.Tasks;
using Masking.Serilog;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Serilog;
Host.CreateDefaultBuilder(args)
.ConfigureLogging((context, logBuilder) =>
{
var logConfig = new LoggerConfiguration()
.Enrich.FromLogContext()
.ReadFrom.Configuration(context.Configuration)
.WriteTo.Console()
.Destructure.ByMaskingProperties(opt =>
{
opt.PropertyNames.Add(nameof(MailConfig.Password));
opt.Mask = "***";
opt.ExcludeStaticProperties = true;
});
var logger = logConfig.CreateLogger();
logBuilder.ClearProviders().AddSerilog(logger);
})
.ConfigureServices(services => services.AddHostedService<Dummy>())
.Build().Run();
class Dummy : IHostedService
{
private readonly ILogger<Dummy> _log;
public Dummy(ILogger<Dummy> log) => _log = log;
public Task StartAsync(CancellationToken cancellationToken)
{
// enable for error tracing
Serilog.Debugging.SelfLog.Enable(msg => Debug.WriteLine(msg));
var config = new MailConfig
{
Username = "user",
Password = "secret",
ServerAddress = "localhost",
Port = 25,
UseSecureMode = false
};
_log.LogInformation("Dumping my {@Config}", config);
return Task.CompletedTask;
}
public Task StopAsync(CancellationToken cancellationToken) => Task.CompletedTask;
}
record ConnectionConfig
{
public int Port { get; set; }
public bool UseSecureMode { get; set; }
}
record MailConfig : ConnectionConfig
{
public string Username { get; set; } = string.Empty;
public string Password { get; set; } = string.Empty;
public string ServerAddress { get; set; } = string.Empty;
}
Use ordinal class instead, change ConnectionConfig
and MailConfig
to use class
instead of record
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.