You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My frontend projects (which reference Serilog and Destructurama) have dependencies on libraries which expose objects containing sensitive data, however I'm not able to annotate the types in those libraries with the Destructurama [NotLogged] and [LogMasked] attributes. Incidentally the backend library I'm using right now does annotate sensitive data with its own CompanyName.ProductName.SensitiveDataAttribute class.
I did try implementing my own destructuring policy but quickly found myself out of my depth.
I realise a better solution is if Destructurama allow us to specify custom attributes to respect for logging and masking, something like:
var log = new LoggerConfiguration()
.Destructure.UsingAttributes( o => {
// o.CustomNotLoggedAttribute = typeof(MyProject.SensitiveDataAttribute),
o.CustomLogMaskedConfiguration.AttributeType = typeof(MyProject.SensitiveDataAttribute);
o.CustomLogMaskedConfiguration.ShowFirst = 1;
o.CustomLogMaskedConfiguration.ShowLast = 1;
o.CustomLogMaskedConfiguration.PreserveLength = true;
} );
This design allows a non-parameterised custom attribute type for LogMasked while default values for Text, ShowFirst, ShowLast, and PreserveLength can be specified.
The text was updated successfully, but these errors were encountered:
daiplusplus
changed the title
Add support for custom attributes
Add support for substitute attributes in lieu of NotLogged and LogMasked
Dec 8, 2018
I did try implementing my own destructuring policy
@daiplusplus Indeed, custom destructuring policy is the right way here. In your example of configuration there is a custom attribute, but the rest of the settings are explicitly set, and not through this attribute. This will only complicate the design and create many questions. The custom destructuring policy will better solve your problem.
My frontend projects (which reference Serilog and Destructurama) have dependencies on libraries which expose objects containing sensitive data, however I'm not able to annotate the types in those libraries with the Destructurama
[NotLogged]
and[LogMasked]
attributes. Incidentally the backend library I'm using right now does annotate sensitive data with its ownCompanyName.ProductName.SensitiveDataAttribute
class.I did try implementing my own destructuring policy but quickly found myself out of my depth.
I realise a better solution is if Destructurama allow us to specify custom attributes to respect for logging and masking, something like:
This design allows a non-parameterised custom attribute type for
LogMasked
while default values forText
,ShowFirst
,ShowLast
, andPreserveLength
can be specified.The text was updated successfully, but these errors were encountered: