Support configuring masking operators from appsettings.json

Author: sandermvanvliet

Changelog.md

@@ -1,5 +1,9 @@
 # Changelog for Serilog.Enrichers.Sensitive
 
+## 1.7.1
+
+- Support confguring masking operators using [Serilog.Settings.Configuration](https://github.com/serilog/serilog-settings-configuration) (mainly `appsettings.json`)
+
 ## 1.7.0
 
 - Allow configuration through `appsettings.json` files.

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
 	<PropertyGroup>
-		<Version>1.7.0.0</Version>
+		<Version>1.7.1.0</Version>
 		<Authors>Sander van Vliet, Huibert Jan Nieuwkamer, Scott Toberman</Authors>
 		<Company>Codenizer BV</Company>
 		<Copyright>2023 Sander van Vliet</Copyright>

README.md

@@ -267,4 +267,31 @@ If you are configuring your logger through `appsettings.json`, you can configure
 }
 ```
 
-Note that `options` is the argument name of the `WithSensitiveDataMasking` extension method and must match exactly.
+Note that `options` is the argument name of the `WithSensitiveDataMasking` extension method and must match exactly.
+
+### Masking operators
+
+To configure masking operators you will need to specify the fully qualified name of the masking operator type. For example: `MyApplication.Logging.Serilog.MyCustomMaskingOperator, MyAppliation.Logging` for the type `MyCustomMaskingOperator` in the `MyApplication.Logging` assembly.
+
+An example config file:
+
+```json
+{
+  "Serilog": {
+    "Using": [
+      "Serilog.Enrichers.Sensitive"
+    ],
+    "Enrich": [
+      {
+        "Name": "WithSensitiveDataMasking",
+        "Args": {
+          "options": {
+            "MaskValue": "CUSTOM_MASK_FROM_JSON",
+            "MaskingOperators": [ "MyApplication.Logging.Serilog.MyCustomMaskingOperator, MyAppliation.Logging" ]
+          }
+        }
+      }
+    ]
+  }
+}
+```

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricher.cs

@@ -28,7 +28,12 @@ public SensitiveDataEnricher(SensitiveDataEnricherOptions options)
         public SensitiveDataEnricher(
             Action<SensitiveDataEnricherOptions>? options)
         {
-            var enricherOptions = new SensitiveDataEnricherOptions();
+            var enricherOptions = new SensitiveDataEnricherOptions(
+                MaskingMode.Globally, 
+                DefaultMaskValue, 
+                DefaultOperators.Select(o => o.GetType().AssemblyQualifiedName),
+                new List<string>(),
+                new List<string>());
 
             if (options != null)
             {

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricherOptions.cs

@@ -1,10 +1,69 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Reflection;
 
 namespace Serilog.Enrichers.Sensitive
 {
     public class SensitiveDataEnricherOptions
     {
+        public SensitiveDataEnricherOptions(
+            MaskingMode mode = MaskingMode.Globally, 
+            string maskValue = SensitiveDataEnricher.DefaultMaskValue, 
+            IEnumerable<string>? maskingOperators = null,
+            IEnumerable<string>? maskProperties = null, 
+            IEnumerable<string>? excludeProperties = null)
+        {
+            Mode = mode;
+            MaskValue = maskValue;
+            MaskingOperators = maskingOperators == null ? new List<IMaskingOperator>() : ResolveMaskingOperators(maskingOperators);
+            MaskProperties = maskProperties?.ToList() ?? new List<string>();
+            ExcludeProperties = excludeProperties?.ToList() ?? new List<string>();
+        }
+
+        private static List<IMaskingOperator> ResolveMaskingOperators(IEnumerable<string> maskingOperatorTypeNames)
+        {
+            var maskingOperators = new List<IMaskingOperator>();
+
+            foreach (var typeName in maskingOperatorTypeNames)
+            {
+                if (string.IsNullOrWhiteSpace(typeName))
+                {
+                    continue;
+                }
+
+                var type = Type.GetType(
+                    typeName,
+                    Assembly.Load,
+                    (assembly, fullTypeName, _) =>
+                    {
+                        if (assembly == null)
+                        {
+                            return null;
+                        }
+
+                        var singleOrDefault = assembly.GetTypes().SingleOrDefault(t => t.FullName == fullTypeName);
+                        
+                        return singleOrDefault;
+                    });
+
+                if (type == null)
+                {
+                    throw new Exception(
+                        $"Could not find the masking operator type '{typeName}', check if the type name matches 'Assembly.Namespace.TypeName, Assembly' format and that the assembly can be resolved by the application (i.e. in the same folder)");
+                }
+
+                var instance = Activator.CreateInstance(type);
+
+                if (instance != null)
+                {
+                    maskingOperators.Add((IMaskingOperator)instance);
+                }
+            }
+
+            return maskingOperators;
+        }
+
         /// <summary>
         /// Sets whether masking should happen for all log messages ('Globally') or only in sensitive areas ('SensitiveArea')
         /// </summary>

test/Serilog.Enrichers.Sensitive.Tests.Unit/Serilog.Enrichers.Sensitive.Tests.Unit.csproj

@@ -12,7 +12,9 @@
 	<ItemGroup>
 		<PackageReference Include="FluentAssertions" Version="6.7.0" />
 		<PackageReference Include="Microsoft.Extensions.Configuration" Version="7.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="7.0.2" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="7.0.0" />
+		<PackageReference Include="Microsoft.Extensions.DependencyModel" Version="7.0.0" />
 		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.3.2" />
 		<PackageReference Include="Serilog" Version="2.12.0" />
 		<PackageReference Include="Serilog.Settings.Configuration" Version="3.4.0" />

test/Serilog.Enrichers.Sensitive.Tests.Unit/WhenConfiguringFromJson.cs

@@ -10,7 +10,7 @@ namespace Serilog.Enrichers.Sensitive.Tests.Unit;
 public class WhenConfiguringFromJson
 {
     [Fact]
-    public void GivenJsonConfigurationWithMaskValue_EnricherIsConfiguredWithTheCorrectMaskValue()
+    public void GivenJsonConfigurationWithMaskingOperator_MaskingOperatorIsUsedAndFullMessageIsMasked()
     {
         var jsonConfiguration = @"
 {
@@ -20,9 +20,8 @@ public void GivenJsonConfigurationWithMaskValue_EnricherIsConfiguredWithTheCorre
         ""Name"": ""WithSensitiveDataMasking"",
         ""Args"": {
             ""options"": {
-                ""MaskValue"": ""^^"",
-                ""ExcludeProperties"": [ ""email"" ],
-                ""Mode"": ""Globally""
+                ""MaskValue"": ""MASK FROM JSON"",
+                ""MaskingOperators"": [ ""Serilog.Enrichers.Sensitive.Tests.Unit.MyTestMaskingOperator, Serilog.Enrichers.Sensitive.Tests.Unit"" ]
             }
         }
     }]
@@ -44,11 +43,25 @@ public void GivenJsonConfigurationWithMaskValue_EnricherIsConfiguredWithTheCorre
             .WriteTo.Sink(inMemorySink)
             .CreateLogger();
 
-        logger.Information("Test value foo@bar.net");
+        logger.Information("A test message");
 
         inMemorySink
             .Should()
-            .HaveMessage("Test value ^^", "the e-mail address is replaced with the configured masking value")
+            .HaveMessage("MASK FROM JSON", "the custom masking operator matches everything")
             .Appearing().Once();
     }
+}
+
+public class MyTestMaskingOperator : IMaskingOperator
+{
+    public static IMaskingOperator Instance = new MyTestMaskingOperator();
+        
+    public MaskingResult Mask(string input, string mask)
+    {
+        return new MaskingResult
+        {
+            Match = true,
+            Result = mask
+        };
+    }
 }