Add support to supply a custom mask value

Author: sandermvanvliet

CHANGELOG

@@ -1,5 +1,9 @@
 # Changelog for Serilog.Enrichers.Sensitive
 
+## 1.1.0
+
+- Add support to supply a custom mask value
+
 ## 1.0.0
 
 - Removed a number of try/catch blocks that only existed for debugging

README.md

@@ -95,6 +95,23 @@ The effect is that the log message will be rendered as:
 
 See the [Serilog.Enrichers.Sensitive.Demo](src/Serilog.Enrichers.Sensitive.Demo/Program.cs) app for a code example of the above.
 
+## Using a custom mask value
+
+In case the default mask value `***MASKED***` is not what you want, you can supply your own mask value:
+
+```csharp
+var logger = new LoggerConfiguration()
+    .Enrich.WithSensitiveDataMasking(mask: "**")
+    .WriteTo.Console()
+    .CreateLogger();
+```
+
+A example rendered message would then look like:
+
+`This is a sensitive value: **`
+
+You can specify any mask string as long as it's non-null or an empty string.
+
 ## Extending to additional use cases
 
 Extending this enricher is a fairly straight forward process.

src/Serilog.Enrichers.Sensitive/ExtensionMethods.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using Serilog.Configuration;
 
 namespace Serilog.Enrichers.Sensitive
@@ -19,17 +20,28 @@ public static LoggerConfiguration WithSensitiveDataMasking(this LoggerEnrichment
             return loggerConfiguration.WithSensitiveDataMasking(MaskingMode.Globally, SensitiveDataEnricher.DefaultOperators);
         }
 
+        public static LoggerConfiguration WithSensitiveDataMasking(this LoggerEnrichmentConfiguration loggerConfiguration, string mask)
+        {
+            return loggerConfiguration.WithSensitiveDataMasking(MaskingMode.Globally, SensitiveDataEnricher.DefaultOperators, mask);
+        }
+
         public static LoggerConfiguration WithSensitiveDataMaskingInArea(this LoggerEnrichmentConfiguration loggerConfiguration)
         {
 	        return loggerConfiguration.WithSensitiveDataMasking(MaskingMode.InArea, SensitiveDataEnricher.DefaultOperators);
         }
 
+        public static LoggerConfiguration WithSensitiveDataMaskingInArea(this LoggerEnrichmentConfiguration loggerConfiguration, string mask)
+        {
+            return loggerConfiguration.WithSensitiveDataMasking(MaskingMode.InArea, SensitiveDataEnricher.DefaultOperators, mask);
+        }
+
         public static LoggerConfiguration WithSensitiveDataMasking(
 	        this LoggerEnrichmentConfiguration loggerConfiguration, MaskingMode mode,
-	        IEnumerable<IMaskingOperator> operators)
+	        IEnumerable<IMaskingOperator> operators,
+            string mask = SensitiveDataEnricher.DefaultMaskValue)
         {
 	        return loggerConfiguration
-		        .With(new SensitiveDataEnricher(mode, operators));
+		        .With(new SensitiveDataEnricher(mode, operators, mask));
         }
     }
 }

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricher.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
 using Serilog.Core;
@@ -10,15 +11,23 @@ namespace Serilog.Enrichers.Sensitive
     internal class SensitiveDataEnricher : ILogEventEnricher
     {
         private readonly MaskingMode _maskingMode;
-        private const string MaskValue = "***MASKED***";
+        public const string DefaultMaskValue = "***MASKED***";
 
         private static readonly MessageTemplateParser Parser = new MessageTemplateParser();
         private readonly FieldInfo _messageTemplateBackingField;
         private readonly List<IMaskingOperator> _maskingOperators;
+        private readonly string _maskValue;
 
-        public SensitiveDataEnricher(MaskingMode maskingMode, IEnumerable<IMaskingOperator> maskingOperators)
+        public SensitiveDataEnricher(MaskingMode maskingMode, IEnumerable<IMaskingOperator> maskingOperators,
+            string mask = DefaultMaskValue)
         {
+            if (string.IsNullOrEmpty(mask))
+            {
+                throw new ArgumentNullException(nameof(mask), "The mask must be a non-empty string");
+            }
+
             _maskingMode = maskingMode;
+            _maskValue = mask;
 
             var fields = typeof(LogEvent).GetFields(BindingFlags.Instance | BindingFlags.NonPublic);
 
@@ -52,7 +61,7 @@ private string ReplaceSensitiveDataFromString(string input)
         {
             foreach (var maskingOperator in _maskingOperators)
             {
-                var maskResult = maskingOperator.Mask(input, MaskValue);
+                var maskResult = maskingOperator.Mask(input, _maskValue);
 
                 if (maskResult.Match)
                 {

test/Serilog.Enrichers.Sensitive.Tests.Unit/WhenMasingWithCustomMaskValue.cs

@@ -0,0 +1,73 @@
+using System;
+using FluentAssertions;
+using Serilog.Sinks.InMemory;
+using Serilog.Sinks.InMemory.Assertions;
+using Xunit;
+
+namespace Serilog.Enrichers.Sensitive.Tests.Unit
+{
+    public class WhenMaskingWithCustomMaskValue
+    {
+        [Fact]
+        public void GivenMaskValueIsNull_ArgumentNullExceptionIsThrown()
+        {
+            Action action = () => new LoggerConfiguration()
+                .Enrich.WithSensitiveDataMasking(null)
+                .CreateLogger();
+
+            action
+                .Should()
+                .Throw<ArgumentNullException>();
+        }
+
+        [Fact]
+        public void GivenMaskValueIsEmptyString_ArgumentNullExceptionIsThrown()
+        {
+            Action action = () => new LoggerConfiguration()
+                .Enrich.WithSensitiveDataMasking(string.Empty)
+                .CreateLogger();
+
+            action
+                .Should()
+                .Throw<ArgumentNullException>();
+        }
+
+        [Fact]
+        public void GivenMaskValue_MaskedLogEntryContainsMaskValue()
+        {
+            var inMemorySink = new InMemorySink();
+
+            var logger =  new LoggerConfiguration()
+                .Enrich.WithSensitiveDataMasking("SPECIFIC VALUE")
+                .WriteTo.Sink(inMemorySink)
+                .CreateLogger();
+
+            logger.Information("Example [email protected]");
+
+            inMemorySink
+                .Should()
+                .HaveMessage("Example SPECIFIC VALUE");
+        }
+
+        [Fact]
+        public void GivenMaskValueAndLogMessageHasSensitiveDataInProperty_PropertyContainsMaskValue()
+        {
+            var inMemorySink = new InMemorySink();
+
+            var logger =  new LoggerConfiguration()
+                .Enrich.WithSensitiveDataMasking("SPECIFIC VALUE")
+                .WriteTo.Sink(inMemorySink)
+                .CreateLogger();
+
+            logger.Information("Example {Email}", "[email protected]");
+
+            inMemorySink
+                .Should()
+                .HaveMessage("Example {Email}")
+                .Appearing()
+                .Once()
+                .WithProperty("Email")
+                .WithValue("SPECIFIC VALUE");
+        }
+    }
+}