Add support for properties containing destructured objects

Author: sandermvanvliet

Changelog.md

@@ -1,5 +1,9 @@
 # Changelog for Serilog.Enrichers.Sensitive
 
+## 1.4.0
+
+- Add support for masking destructured objects
+
 ## 1.3.0
 
 - Add the default enricher logo to package [#5](https://github.com/serilog-contrib/Serilog.Enrichers.Sensitive/issues/5)

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
 	<PropertyGroup>
-		<Version>1.3.0.0</Version>
+		<Version>1.4.0.0</Version>
 		<Authors>Sander van Vliet, Huibert Jan Nieuwkamer, Scott Toberman</Authors>
 		<Company>Codenizer BV</Company>
 		<Copyright>2022 Sander van Vliet</Copyright>

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricher.cs

@@ -2,7 +2,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
-using System.Threading.Tasks;
 using Serilog.Core;
 using Serilog.Events;
 using Serilog.Parsing;
@@ -35,7 +34,7 @@ public SensitiveDataEnricher(
             {
                 throw new ArgumentNullException("mask", "The mask must be a non-empty string");
             }
-            
+
             _maskingMode = enricherOptions.Mode;
             _maskValue = enricherOptions.MaskValue;
             _maskProperties = enricherOptions.MaskProperties ?? new List<string>();
@@ -49,7 +48,7 @@ public SensitiveDataEnricher(
         }
 
         public SensitiveDataEnricher(
-            MaskingMode maskingMode, 
+            MaskingMode maskingMode,
             IEnumerable<IMaskingOperator> maskingOperators,
             string mask = DefaultMaskValue)
         : this(options =>
@@ -71,29 +70,50 @@ public void Enrich(LogEvent logEvent, ILogEventPropertyFactory propertyFactory)
 
                 foreach (var property in logEvent.Properties.ToList())
                 {
-                    if (_excludeProperties.Contains(property.Key, StringComparer.InvariantCultureIgnoreCase))
-                    {
-                        continue;
-                    }
-
-                    if (_maskProperties.Contains(property.Key, StringComparer.InvariantCultureIgnoreCase))
-                    {
-                        logEvent.AddOrUpdateProperty(
-                            new LogEventProperty(
-                                property.Key,
-                                new ScalarValue(_maskValue)));
-                    }
-                    else if (property.Value is ScalarValue scalar && scalar.Value is string stringValue)
-                    {
-                        logEvent.AddOrUpdateProperty(
+                    var maskedValue = MaskProperty(property);
+
+                    logEvent
+                        .AddOrUpdateProperty(
                             new LogEventProperty(
                                 property.Key,
-                                new ScalarValue(ReplaceSensitiveDataFromString(stringValue))));
-                    }
+                                maskedValue));
                 }
             }
         }
 
+        private LogEventPropertyValue MaskProperty(KeyValuePair<string, LogEventPropertyValue> property)
+        {
+            if (_excludeProperties.Contains(property.Key, StringComparer.InvariantCultureIgnoreCase))
+            {
+                return property.Value;
+            }
+
+            if (_maskProperties.Contains(property.Key, StringComparer.InvariantCultureIgnoreCase))
+            {
+                return new ScalarValue(_maskValue);
+            }
+
+            if (property.Value is ScalarValue scalar && scalar.Value is string stringValue)
+            {
+                return new ScalarValue(ReplaceSensitiveDataFromString(stringValue));
+            }
+            if (property.Value is StructureValue structureValue)
+            {
+                var propList = new List<LogEventProperty>();
+
+                foreach (var prop in structureValue.Properties)
+                {
+                    var maskedValue = MaskProperty(new KeyValuePair<string, LogEventPropertyValue>(prop.Name, prop.Value));
+
+                    propList.Add(new LogEventProperty(prop.Name, maskedValue));
+                }
+
+                return new StructureValue(propList);
+            }
+
+            return property.Value;
+        }
+
         private string ReplaceSensitiveDataFromString(string input)
         {
             foreach (var maskingOperator in _maskingOperators)

test/Serilog.Enrichers.Sensitive.Tests.Unit/WhenMaskingDestructuredObject.cs

@@ -0,0 +1,78 @@
+using System.Collections.Generic;
+using Serilog.Core;
+using Serilog.Sinks.InMemory;
+using Serilog.Sinks.InMemory.Assertions;
+using Xunit;
+
+namespace Serilog.Enrichers.Sensitive.Tests.Unit
+{
+    public class WhenMaskingDestructuredObject
+    {
+        private readonly InMemorySink _sink;
+        private readonly Logger _logger;
+
+        public WhenMaskingDestructuredObject()
+        {
+            _sink = new InMemorySink();
+
+            _logger = new LoggerConfiguration()
+                .WriteTo.Sink(_sink)
+                .Enrich.WithSensitiveDataMasking(options =>
+                {
+                    options.MaskProperties.Add("TestProperty");
+                    options.MaskingOperators = new List<IMaskingOperator> { new EmailAddressMaskingOperator() };
+                })
+                .CreateLogger();
+        }
+
+        [Fact]
+        public void GivenLogMessageWithDestructuredObjectPropertyThatHasSensitiveData_SensitiveDataIsMasked()
+        {
+            var testObject = new TestObject();
+            
+            _logger.Information("Test message {@TestObject}", testObject);
+            
+            _sink
+                .Should()
+                .HaveMessage("Test message {@TestObject}")
+                .Appearing()
+                .Once()
+                .WithProperty("TestObject")
+                .HavingADestructuredObject()
+                .WithProperty("TestProperty")
+                .WithValue("***MASKED***");
+        }
+
+        [Fact]
+        public void GivenLogMessageWithDestructuredObjectPropertyThatHasSensitiveDataInNestedProperty_SensitiveDataIsMasked()
+        {
+            var testObject = new TestObject();
+            
+            _logger.Information("Test message {@TestObject}", testObject);
+
+            _sink
+                .Should()
+                .HaveMessage("Test message {@TestObject}")
+                .Appearing()
+                .Once()
+                .WithProperty("TestObject")
+                .HavingADestructuredObject()
+                .WithProperty("Nested")
+                .HavingADestructuredObject()
+                .WithProperty("TestProperty")
+                .WithValue("***MASKED***");
+        }
+    }
+
+    public class TestObject
+    {
+        public string TestProperty { get; set; } = "[email protected]";
+
+        public NestedTestObject Nested { get; set; } = new NestedTestObject();
+    }
+
+    public class NestedTestObject
+    {
+        public string TestProperty { get; set; } = "[email protected]";
+    }
+}