Add support for masking structured objects that are or contain collections

Author: sandermvanvliet

Changelog.md

@@ -1,5 +1,10 @@
 # Changelog for Serilog.Enrichers.Sensitive
 
+## 1.5.0
+
+- Add support for collections in destructured objects
+- Add support for destructured objects which are collections
+
 ## 1.4.0
 
 - Add support for masking destructured objects

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
 	<PropertyGroup>
-		<Version>1.4.0.0</Version>
+		<Version>1.5.0.0</Version>
 		<Authors>Sander van Vliet, Huibert Jan Nieuwkamer, Scott Toberman</Authors>
 		<Company>Codenizer BV</Company>
 		<Copyright>2022 Sander van Vliet</Copyright>

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricher.cs

@@ -32,13 +32,13 @@ public SensitiveDataEnricher(
 
             if (string.IsNullOrEmpty(enricherOptions.MaskValue))
             {
-                throw new ArgumentNullException("mask", "The mask must be a non-empty string");
+                throw new ArgumentNullException(nameof(enricherOptions.MaskValue), "The mask must be a non-empty string");
             }
 
             _maskingMode = enricherOptions.Mode;
             _maskValue = enricherOptions.MaskValue;
-            _maskProperties = enricherOptions.MaskProperties ?? new List<string>();
-            _excludeProperties = enricherOptions.ExcludeProperties ?? new List<string>();
+            _maskProperties = enricherOptions.MaskProperties;
+            _excludeProperties = enricherOptions.ExcludeProperties;
             _maskingOperators = enricherOptions.MaskingOperators.ToList();
 
             var fields = typeof(LogEvent).GetFields(BindingFlags.Instance | BindingFlags.NonPublic);
@@ -121,6 +121,25 @@ public void Enrich(LogEvent logEvent, ILogEventPropertyFactory propertyFactory)
 
                         return (false, null);
                     }
+                case SequenceValue sequenceValue:
+                    var resultElements = new List<LogEventPropertyValue>();
+                    var anyElementMasked = false;
+                    foreach (var element in sequenceValue.Elements)
+                    {
+                        var (wasElementMasked, elementResult) = MaskProperty(new KeyValuePair<string, LogEventPropertyValue>(property.Key, element));
+                        
+                        if (wasElementMasked)
+                        {
+                            resultElements.Add(elementResult!);
+                            anyElementMasked = true;
+                        }
+                        else
+                        {
+                            resultElements.Add(element);
+                        }
+                    }
+
+                    return (anyElementMasked, new SequenceValue(resultElements));
                 case StructureValue structureValue:
                     {
                         var propList = new List<LogEventProperty>();

test/Serilog.Enrichers.Sensitive.Tests.Unit/WhenMaskingDestructuredObject.cs

@@ -1,5 +1,9 @@
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using FluentAssertions;
 using Serilog.Core;
+using Serilog.Events;
 using Serilog.Sinks.InMemory;
 using Serilog.Sinks.InMemory.Assertions;
 using Xunit;
@@ -29,9 +33,9 @@ public WhenMaskingDestructuredObject()
         public void GivenLogMessageWithDestructuredObjectPropertyThatHasSensitiveData_SensitiveDataIsMasked()
         {
             var testObject = new TestObject();
-            
+
             _logger.Information("Test message {@TestObject}", testObject);
-            
+
             _sink
                 .Should()
                 .HaveMessage("Test message {@TestObject}")
@@ -47,7 +51,7 @@ public void GivenLogMessageWithDestructuredObjectPropertyThatHasSensitiveData_Se
         public void GivenLogMessageWithDestructuredObjectPropertyThatHasSensitiveDataInNestedProperty_SensitiveDataIsMasked()
         {
             var testObject = new TestObject();
-            
+
             _logger.Information("Test message {@TestObject}", testObject);
 
             _sink
@@ -74,7 +78,7 @@ public void GivenLogMessageWithDestructuredObjectPropertyWithoutSensitiveDataInN
                     TestProperty = "also not sensitive"
                 }
             };
-            
+
             _logger.Information("Test message {@TestObject}", testObject);
 
             _sink
@@ -107,17 +111,133 @@ public void GivenConfigurationToMaskSpecificPropertyAndLoggingADestructuredObjec
                 .WithProperty("SensitiveProperty")
                 .WithValue("***MASKED***");
         }
+
+        [Fact]
+        public void GivenDestructuredObjectHasListOfNestedObjects()
+        {
+            var testObject = new TestObject();
+
+            _logger.Information("Test message {@TestObject}", testObject);
+
+            var elements = _sink
+                .Should()
+                .HaveMessage("Test message {@TestObject}")
+                .Appearing()
+                .Once()
+                .WithProperty("TestObject")
+                .HavingADestructuredObject()
+                .WithProperty("NestedList")
+                .Subject
+                .As<SequenceValue>()
+                .Elements;
+
+            foreach (var structureValue in elements.OfType<StructureValue>())
+            {
+                var testProperty = structureValue.Properties.Single(p => p.Name == "TestProperty");
+                testProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+                var sensitiveProperty = structureValue.Properties.Single(p => p.Name == "SensitiveProperty");
+                sensitiveProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+            }
+        }
+
+        [Fact]
+        public void GivenDestructuredObjectHasArrayOfNestedObjects()
+        {
+            var testObject = new TestObject();
+
+            _logger.Information("Test message {@TestObject}", testObject);
+
+            var elements = _sink
+                .Should()
+                .HaveMessage("Test message {@TestObject}")
+                .Appearing()
+                .Once()
+                .WithProperty("TestObject")
+                .HavingADestructuredObject()
+                .WithProperty("NestedArray")
+                .Subject
+                .As<SequenceValue>()
+                .Elements;
+
+            foreach (var structureValue in elements.OfType<StructureValue>())
+            {
+                var testProperty = structureValue.Properties.Single(p => p.Name == "TestProperty");
+                testProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+                var sensitiveProperty = structureValue.Properties.Single(p => p.Name == "SensitiveProperty");
+                sensitiveProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+            }
+        }
+
+        [Fact]
+        public void GivenDestructuredObjectHasCollectionOfNestedObjects()
+        {
+            var testObject = new TestObject();
+
+            _logger.Information("Test message {@TestObject}", testObject);
+
+            var elements = _sink
+                .Should()
+                .HaveMessage("Test message {@TestObject}")
+                .Appearing()
+                .Once()
+                .WithProperty("TestObject")
+                .HavingADestructuredObject()
+                .WithProperty("NestedCollection")
+                .Subject
+                .As<SequenceValue>()
+                .Elements;
+
+            foreach (var structureValue in elements.OfType<StructureValue>())
+            {
+                var testProperty = structureValue.Properties.Single(p => p.Name == "TestProperty");
+                testProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+                var sensitiveProperty = structureValue.Properties.Single(p => p.Name == "SensitiveProperty");
+                sensitiveProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+            }
+        }
+
+        [Fact]
+        public void GivenDestructuredObjectIsCollectionOfObjects()
+        {
+            var collection = new[] { new TestObject(), new TestObject() };
+
+            _logger.Information("Test message {@Collection}", collection);
+
+            var elements = _sink
+                .Should()
+                .HaveMessage("Test message {@Collection}")
+                .Appearing()
+                .Once()
+                .WithProperty("Collection")
+                .Subject
+                .As<SequenceValue>()
+                .Elements;
+
+            foreach (var structureValue in elements.OfType<StructureValue>())
+            {
+                var testProperty = structureValue.Properties.Single(p => p.Name == "TestProperty");
+                testProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+                var sensitiveProperty = structureValue.Properties.Single(p => p.Name == "SensitiveProperty");
+                sensitiveProperty.Value.ToString().Should().Be("\"***MASKED***\"");
+            }
+        }
     }
 
     public class TestObject
     {
         public string TestProperty { get; set; } = "[email protected]";
         public string SensitiveProperty { get; set; } = "Super sensitive data";
         public NestedTestObject Nested { get; set; } = new NestedTestObject();
+
+        public List<NestedTestObject> NestedList { get; set; } = new() { new NestedTestObject(), new NestedTestObject() };
+
+        public NestedTestObject[] NestedArray { get; set; } = { new NestedTestObject(), new NestedTestObject() };
+        public Collection<NestedTestObject> NestedCollection { get; set; } = new() { new NestedTestObject(), new NestedTestObject() };
     }
 
     public class NestedTestObject
     {
         public string TestProperty { get; set; } = "[email protected]";
+        public string SensitiveProperty { get; set; } = "Super sensitive data";
     }
 }