Skip to content

Improve sensitive data detection when logging records #4658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 4, 2023
Merged

Improve sensitive data detection when logging records #4658

merged 8 commits into from
Nov 4, 2023

Conversation

@xakep139
Copy link
Contributor

@xakep139 xakep139 commented Nov 2, 2023
edited
Loading

This PR fixes an issue when our [LoggerMessage] source-gen was allowing this syntax without any warnings or errors:

record MyType
{
    [PrivateData]
    public required string Password { get; init; }
}

[LoggerMessage(LogLevel.Debug, "Command is {command}")]
static void LogCommand(ILogger logger, MyType command);

Now we'll emit an error if this happens.
Additionally, this PR fixes usages of [LogProperties] when it's applied on an argument of record type that has implicitly declared property via primary constructor and this property is annotated with a data classification attribute, e.g.:

record RecordWithSensitiveMembers(
    [PrivateData] string ArgFromPrimaryCtor); // <=== we need to redact the corresponding property

[LoggerMessage(LogLevel.Information)]
static partial void LogRecordMethod(
    ILogger logger,
    IRedactorProvider redactorProvider,
    [LogProperties] RecordWithSensitiveMembers data);

Ideally, this should be annotated as [property: PrivateData] string ArgFromPrimaryCtor, but usually folks don't do that (and some might not even know about that syntax).
Now we'll cover such cases and redact RecordWithSensitiveMembers.ArgFromPrimaryCtor in generated code.

Microsoft Reviewers: Open in CodeFlow

@ghost ghost assigned xakep139 Nov 2, 2023
@xakep139 xakep139 marked this pull request as ready for review November 3, 2023 14:47
xakep139
xakep139 commented Nov 3, 2023
View reviewed changes
.../Libraries/Microsoft.Extensions.Diagnostics.ResourceMonitoring.Tests/Linux/AcceptanceTest.cs
{
if (i.Name == ResourceUtilizationInstruments.CpuUtilization
|| i.Name == ResourceUtilizationInstruments.MemoryUtilization)
if (!ReferenceEquals(instrument.Meter.Scope, meterScope))
Copy link
Contributor Author

@xakep139 xakep139 Nov 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixes a flaky test: https://dev.azure.com/dnceng-public/public/_build/results?buildId=458782&view=ms.vss-test-web.build-test-results-tab&runId=10343638&resultId=100183&paneView=debug

xakep139
xakep139 commented Nov 3, 2023
View reviewed changes
...es/Microsoft.Extensions.Diagnostics.ResourceMonitoring.Tests/Windows/WindowsCountersTests.cs
InstrumentPublished = (instrument, listener) =>
{
listener.EnableMeasurementEvents(instrument);
if (ReferenceEquals(meter, instrument.Meter))
Copy link
Contributor Author

@xakep139 xakep139 Nov 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also fixes a flaky test: https://dev.azure.com/dnceng-public/public/_build/results?buildId=458782&view=ms.vss-test-web.build-test-results-tab&runId=10343638&resultId=100183&paneView=debug

xakep139
xakep139 commented Nov 3, 2023
View reviewed changes
src/Generators/Microsoft.Gen.Logging/Parsing/DiagDescriptors.cs
messageFormat: Resources.InvalidAttributeUsageMessage,
category: Category);

public static DiagnosticDescriptor RecordTypeSensitiveArgumentIsInTemplate { get; } = Make(
Copy link
Contributor Author

@xakep139 xakep139 Nov 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geeknoid @davidfowl should this be an error or rather warning?

dariusclay
dariusclay approved these changes Nov 3, 2023
View reviewed changes
@dotnet-comment-bot
Copy link
Collaborator

dotnet-comment-bot commented Nov 3, 2023

🎉 Good job! The coverage increased 🎉
Update MinCodeCoverage in the project files.

Project Expected Actual
Microsoft.AspNetCore.Diagnostics.Middleware 99 100
Microsoft.Extensions.Telemetry 92 93

Full code coverage report: https://dev.azure.com/dnceng-public/public/_build/results?buildId=459450&view=codecoverage-tab

geeknoid
geeknoid reviewed Nov 3, 2023
View reviewed changes
test/Generators/Microsoft.Gen.Logging/TestClasses/SensitiveRecordExtensions.cs

public record class BaseRecord
{
[PrivateData] public const string ConstFieldBase = Sensitive;
Copy link
Member

@geeknoid geeknoid Nov 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does it mean to apply this attribute to a const? Seems like we might need an analyzer to flag this as not desirable?

Copy link
Contributor Author

@xakep139 xakep139 Nov 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree it doesn't make sense, but I wanted to list all possible combinations (even if they don't make sense) to ensure that record's default ToString() implementation doesn't emit these values. I will file an issue for the analyzer shortly.

Copy link
Contributor Author

@xakep139 xakep139 Nov 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #4669

geeknoid
geeknoid reviewed Nov 3, 2023
View reviewed changes
src/Generators/Microsoft.Gen.Logging/Parsing/Parser.LogProperties.cs
private static readonly HashSet<TypeKind> _allowedTypeKinds = [TypeKind.Class, TypeKind.Struct, TypeKind.Interface];

private bool ProcessLogPropertiesForParameter(
internal bool ProcessLogPropertiesForParameter(
Copy link
Member

@geeknoid geeknoid Nov 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this internal for testing?

Copy link
Contributor Author

@xakep139 xakep139 Nov 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct

geeknoid
geeknoid reviewed Nov 3, 2023
View reviewed changes
src/Generators/Microsoft.Gen.Logging/Parsing/Parser.Records.cs

namespace Microsoft.Gen.Logging.Parsing
{
internal partial class Parser
Copy link
Member

@geeknoid geeknoid Nov 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this internal for testing? Otherwise it can be private.

Copy link
Contributor Author

@xakep139 xakep139 Nov 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parser class was internal even before my changes

@geeknoid geeknoid merged commit f8ddd93 into release/8.0 Nov 4, 2023
@geeknoid geeknoid deleted the xakep139/sensitive-record-logging-detection branch November 4, 2023 17:52
@joperezr joperezr mentioned this pull request Nov 6, 2023
Closed
RussKie
RussKie reviewed Nov 9, 2023
View reviewed changes
@github-actions github-actions bot locked and limited conversation to collaborators Dec 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dariusclay dariusclay dariusclay approved these changes

@geeknoid geeknoid geeknoid approved these changes

@omsoftdev omsoftdev Awaiting requested review from omsoftdev

@iliar-turdushev iliar-turdushev Awaiting requested review from iliar-turdushev

+2 more reviewers

@RussKie RussKie RussKie left review comments

@tekian tekian tekian approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@xakep139 xakep139

Labels

area-telemetry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@xakep139 @dotnet-comment-bot @tekian @dariusclay @RussKie @geeknoid