[FEAT] Add wildcard property name matching

Author: sandermvanvliet

Changelog.md

@@ -1,5 +1,10 @@
 # Changelog for Serilog.Enrichers.Sensitive
 
+## 2.1.0
+
+Add support for wildcard matching on properties to mask.
+See [here](README.md#wildcard-matching-properties) for usage details.
+
 ## 2.0.0
 
 This release introduces support for configuring `MaskProperties` via JSON. As the version number indicates this is a breaking change as the C# equivalent had to be changed to match.

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
 	<PropertyGroup>
-		<Version>2.0.0.0</Version>
+		<Version>2.1.0.0</Version>
 		<Authors>Sander van Vliet, Huibert Jan Nieuwkamer, Scott Toberman</Authors>
 		<Company>Codenizer BV</Company>
 		<Copyright>2025 Sander van Vliet</Copyright>

README.md

@@ -234,6 +234,37 @@ logger.Information("This is a sensitive {Email}", "[email protected]");
 
 the rendered log message comes out as: `"This is a sensitive [email protected]"`
 
+### Wildcard matching properties
+
+You can specify a wildcard to match property names to mask. Supported forms are:
+
+- `*Prop`
+- `Prop*`
+- `*Prop*`
+
+Note that `Pr*p` is explicitly not supported.
+
+When you want to use a wildcard you will have to set the `WildcardMatch` property on `MaskOptions` to true:
+
+```csharp
+var logger = new LoggerConfiguration()
+    .Enrich.WithSensitiveDataMasking(
+        options => options
+            .MaskProperties
+            .Add(new MaskProperty 
+            {
+                Name = "*Prop",
+                Options = new MaskOptions 
+                {
+                    WildcardMatch = true
+                }
+            }))
+    .WriteTo.Sink(inMemorySink)
+    .CreateLogger();
+```
+
+If you do not set `WildcardMatch` then the property name will be treated as-is and only mask a property called `*Prop`. 
+Note that you will not get any error in this scenario.
 
 ## Extending to additional use cases
 

src/Serilog.Enrichers.Sensitive/MaskOptions.cs

@@ -9,6 +9,7 @@ public class MaskOptions : IEquatable<MaskOptions>
     public int ShowFirst { get; set; } = NotSet;
     public int ShowLast { get; set; } = NotSet;
     public bool PreserveLength { get; set; } = true;
+    public bool WildcardMatch { get; set; }
 
     public bool Equals(MaskOptions? other)
     {
@@ -22,7 +23,12 @@ public bool Equals(MaskOptions? other)
             return true;
         }
 
-        return ShowFirst == other.ShowFirst && ShowLast == other.ShowLast && PreserveLength == other.PreserveLength;
+        if (other.GetType() != GetType())
+        {
+            return false;
+        }
+
+        return ShowFirst == other.ShowFirst && ShowLast == other.ShowLast && PreserveLength == other.PreserveLength && WildcardMatch == other.WildcardMatch;
     }
 
     public override bool Equals(object? obj)

src/Serilog.Enrichers.Sensitive/MaskProperty.cs

@@ -1,12 +1,122 @@
-namespace Serilog.Enrichers.Sensitive;
+using System;
+using System.Collections.Generic;
+
+namespace Serilog.Enrichers.Sensitive;
 
 public class MaskProperty
 {
+    private MaskOptions _options = new();
+    // Use StringComparer.OrdinalIgnoreCase to ensure we'd match on SomePROP and SomeProp
+    private readonly HashSet<string> _matchingProperties = new(StringComparer.OrdinalIgnoreCase);
+    private string? _match;
+    private int? _minLength;
+    private MatchMode _matchMode = MatchMode.Unknown;
     public string Name { get; set; }
-    public MaskOptions Options { get; set; } = new();
+
+    public MaskOptions Options
+    {
+        get => _options;
+        set
+        {
+            _options = value;
+
+            if (_options.WildcardMatch)
+            {
+                if (Name[0] == '*')
+                {
+                    if (Name[Name.Length - 1] == '*')
+                    {
+                        _match = Name.Substring(1, Name.Length - 2);
+                        _minLength = _match.Length + 2;
+                        _matchMode = MatchMode.Middle;
+                    }
+                    else
+                    {
+                        _match = Name.Substring(1);
+                        _minLength = _match.Length + 1;
+                        _matchMode = MatchMode.End;
+                    }
+                }
+                else if (Name[Name.Length - 1] == '*')
+                {
+                    _match = Name.Substring(0, Name.Length - 2);
+                    _minLength = _match.Length + 1;
+                    _matchMode = MatchMode.Start;
+                }
+                else
+                {
+                    // If someone sets WildcardMatch to true but there
+                    // is no wildcard character in the property name then
+                    // set WildcardMatch to false so we short-circuit
+                    // property name matching.
+                    //
+                    // Note: consider throwing an exception in this scenario.
+                    _options.WildcardMatch = false;
+                }
+            }
+        }
+    }
 
     public static MaskProperty WithDefaults(string propertyName)
     {
         return new MaskProperty { Name = propertyName };
     }
-}
+
+    public bool IsMatch(string propertyName)
+    {
+        if (Name.Equals(propertyName, StringComparison.OrdinalIgnoreCase))
+        {
+            return true;
+        }
+
+        return Options.WildcardMatch && PropertyNameMatchesWildcard(propertyName);
+    }
+    
+    protected bool PropertyNameMatchesWildcard(string propertyName)
+    {
+        // If the property name is shorter than the match + at least one char
+        // then it won't match so exit early.
+        if (propertyName.Length < _minLength)
+        {
+            return false;
+        }
+        
+        if (_matchingProperties.Contains(propertyName))
+        {
+            return true;
+        }
+        
+        bool isMatch;
+        
+        switch (_matchMode)
+        {
+            case MatchMode.Start:
+                isMatch = propertyName.StartsWith(_match!, StringComparison.OrdinalIgnoreCase);
+                break;
+            case MatchMode.End:
+                isMatch = propertyName.EndsWith(_match!, StringComparison.OrdinalIgnoreCase);
+                break;
+            case MatchMode.Middle:
+                isMatch = propertyName.IndexOf(_match!, StringComparison.OrdinalIgnoreCase) > 0;
+                break;
+            default:
+                return false;
+        }
+        
+        if (isMatch)
+        {
+            _matchingProperties.Add(propertyName);
+        }
+
+        return isMatch;
+    }
+
+    private enum MatchMode
+    {
+        Unknown,
+        Start,
+        Middle,
+        End
+    }
+}
+

src/Serilog.Enrichers.Sensitive/SensitiveDataEnricher.cs

@@ -114,10 +114,10 @@ public void Enrich(LogEvent logEvent, ILogEventPropertyFactory propertyFactory)
                 return (false, null);
             }
 
-            var matchingProperty = _maskProperties.SingleOrDefault(p => p.Name.Equals(property.Key, StringComparison.OrdinalIgnoreCase));
+            var matchingProperty = _maskProperties.SingleOrDefault(p => p.IsMatch(property.Key));
             if(matchingProperty != null)
             {
-                if (matchingProperty.Options == MaskOptions.Default)
+                if (matchingProperty.Options.Equals(MaskOptions.Default))
                 {
                     return (true, new ScalarValue(_maskValue));
                 }

src/Serilog.Enrichers.Sensitive/UriMaskOptions.cs

@@ -1,9 +1,64 @@
-namespace Serilog.Enrichers.Sensitive;
+using System;
 
-public class UriMaskOptions : MaskOptions
+namespace Serilog.Enrichers.Sensitive;
+
+public sealed class UriMaskOptions : MaskOptions, IEquatable<UriMaskOptions>
 {
     public bool ShowScheme { get; set; } = true;
     public bool ShowHost { get; set; } = true;
     public bool ShowPath { get; set; } = false;
     public bool ShowQueryString { get; set; } = false;
+
+    public bool Equals(UriMaskOptions? other)
+    {
+        if (other is null)
+        {
+            return false;
+        }
+
+        if (ReferenceEquals(this, other))
+        {
+            return true;
+        }
+
+        if (other.GetType() != GetType())
+        {
+            return false;
+        }
+
+        return base.Equals(other) && ShowScheme == other.ShowScheme && ShowHost == other.ShowHost && ShowPath == other.ShowPath && ShowQueryString == other.ShowQueryString;
+    }
+
+    public override bool Equals(object? obj)
+    {
+        if (obj is null)
+        {
+            return false;
+        }
+
+        if (ReferenceEquals(this, obj))
+        {
+            return true;
+        }
+
+        if (obj.GetType() != GetType())
+        {
+            return false;
+        }
+
+        return Equals((UriMaskOptions)obj);
+    }
+
+    public override int GetHashCode()
+    {
+        unchecked
+        {
+            int hashCode = base.GetHashCode();
+            hashCode = (hashCode * 397) ^ ShowScheme.GetHashCode();
+            hashCode = (hashCode * 397) ^ ShowHost.GetHashCode();
+            hashCode = (hashCode * 397) ^ ShowPath.GetHashCode();
+            hashCode = (hashCode * 397) ^ ShowQueryString.GetHashCode();
+            return hashCode;
+        }
+    }
 }

test/Serilog.Enrichers.Sensitive.Tests.Benchmark/BenchmarkWildcardPropertyMatch.cs

@@ -0,0 +1,75 @@
+using System;
+using BenchmarkDotNet.Attributes;
+using BenchmarkDotNet.Engines;
+
+namespace Serilog.Enrichers.Sensitive.Tests.Benchmark
+{
+    [SimpleJob(RunStrategy.Throughput, warmupCount: 1)]
+    public class BenchmarkWildcardPropertyMatch
+    {
+        private readonly MaskPropertyForTest _maskProperty;
+        
+        public BenchmarkWildcardPropertyMatch()
+        {
+            _maskProperty = new MaskPropertyForTest
+            {
+                Name = "*Prop",
+                Options = new MaskOptions
+                {
+                    WildcardMatch = true
+                }
+            };
+        }
+        
+        [Params(10000)] public int N;
+
+        [Benchmark(Baseline = true)]
+        public bool Baseline()
+        {
+            var result = _maskProperty.Invoke("SomeProp");
+
+            return result;
+        }
+
+        [Benchmark(Baseline = false)]
+        public bool WithCaching()
+        {
+            var result = _maskProperty.Invoke("SomeProp");
+
+            return result;
+        }
+    }
+
+    public class MaskPropertyForTest : MaskProperty
+    {
+        public bool Invoke(string propertyName)
+        {
+            return PropertyNameMatchesWildcard(propertyName);
+        }
+
+        public bool InvokeOriginal(string propertyName)
+        {
+            if (Name[0] == '*')
+            {
+                if (Name[Name.Length - 1] == '*')
+                {
+                    var match = Name.Substring(1, Name.Length - 2);
+                    return propertyName.IndexOf(match, StringComparison.OrdinalIgnoreCase) > 0;
+                }
+                else
+                {
+                    var match = Name.Substring(1);
+                    return propertyName.EndsWith(match, StringComparison.OrdinalIgnoreCase);
+                }
+            }
+
+            if (Name[Name.Length - 1] == '*')
+            {
+                var match = Name.Substring(0, Name.Length - 2);
+                return propertyName.StartsWith(match, StringComparison.OrdinalIgnoreCase);
+            }
+
+            return false;
+        }
+    }
+}

test/Serilog.Enrichers.Sensitive.Tests.Benchmark/Program.cs

@@ -6,9 +6,10 @@ internal class Program
     {
         private static void Main(string[] args)
         {
-            BenchmarkRunner.Run<BenchmarkCompiledEmailRegex>();
-            BenchmarkRunner.Run<BenchmarkCompiledIbanRegex>();
-            BenchmarkRunner.Run<CreditCardMarkingBenchmarks>();
+            // BenchmarkRunner.Run<BenchmarkCompiledEmailRegex>();
+            // BenchmarkRunner.Run<BenchmarkCompiledIbanRegex>();
+            // BenchmarkRunner.Run<CreditCardMarkingBenchmarks>();
+            BenchmarkRunner.Run<BenchmarkWildcardPropertyMatch>();
         }
     }
 }

test/Serilog.Enrichers.Sensitive.Tests.Benchmark/Serilog.Enrichers.Sensitive.Tests.Benchmark.csproj

@@ -11,4 +11,8 @@
 		<PackageReference Include="BenchmarkDotNet" Version="0.13.2" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <ProjectReference Include="..\..\src\Serilog.Enrichers.Sensitive\Serilog.Enrichers.Sensitive.csproj" />
+	</ItemGroup>
+
 </Project>