The latest articles on DEV Community by Sang Au (@auvansangit). https://dev.to/auvansangit https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F112595%2F023ff313-8e56-4088-8f1e-c5379e0183a2.jpg https://dev.to/auvansangit en Sang Au Fri, 29 Jul 2022 08:38:40 +0000 https://dev.to/auvansangit/prevent-sensitive-data-exposure-in-log-with-serilog-1pk7 https://dev.to/auvansangit/prevent-sensitive-data-exposure-in-log-with-serilog-1pk7 <h2> 1. Problem </h2> <p>Writing log when developing the application will help the developer to easy debugging and tracing. But writing a good log is not enough, because some sensitive data maybe exposed in log such as: password, account number or something like that.</p> <h2> 2. Idea </h2> <p>To prevent this issue, we need to replace all sensitive words to any mask character.<br> The purpose of this article is help you implement the simple Sensitive data destructing policy with Serilog - one of common logger extension in .NET Core. By applying this policy you can prevent the sensitive data exposure in you log. It's enough, let's go through the code...</p> <h2> 3. Implementation </h2> <h3> 3.1. Tech stack </h3> <ul> <li>.NET Core (on this article, I use .NET 6.0)</li> <li>Serilog</li> </ul> <h2> 3.2 Show the code </h2> <ul> <li>To implement the Destructing Policy we need to implement the interface <strong>IDestructuringPolicy</strong> from namespace <strong>Serilog.Core</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">SensitiveDataDestructuringPolicy</span> <span class="p">:</span> <span class="n">IDestructuringPolicy</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">bool</span> <span class="nf">TryDestructure</span><span class="p">(</span><span class="kt">object</span> <span class="k">value</span><span class="p">,</span> <span class="n">ILogEventPropertyValueFactory</span> <span class="n">propertyValueFactory</span><span class="p">,</span> <span class="k">out</span> <span class="n">LogEventPropertyValue</span> <span class="n">result</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">NotImplementedException</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Now, we need to define a mask value (such as * character) and list of sensitive keywords </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">mask</span> <span class="p">=</span> <span class="s">"******"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">sensitiveKeywords</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;</span> <span class="p">{</span> <span class="s">"Password"</span><span class="p">,</span> <span class="s">"NewPassword"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>Actually, we should define the list of sensitive keywords some where such as Configuration file.</p> <ul> <li>We will lookup all <strong>Log Event Properties</strong>, if we found any sensitive keyword in the log object, we will create a new <strong>Log Event Property</strong> with the mask value and add the new this property to the new list of <strong>Log Event Properties</strong>, for non sensitive keyword, we also create a new <strong>Log Event Property</strong>, but keep the original value. After that, just return the result.</li> </ul> <p>Bellow is complete code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">Microsoft.Extensions.Configuration</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Serilog.Core</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Serilog.Events</span><span class="p">;</span> <span class="k">using</span> <span class="nn">System.Reflection</span><span class="p">;</span> <span class="k">namespace</span> <span class="nn">Microsoft.Extensions.Logging</span><span class="p">;</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SensitiveDataDestructuringPolicy</span> <span class="p">:</span> <span class="n">IDestructuringPolicy</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="kt">string</span> <span class="n">DEFAULT_MASK_VALUE</span> <span class="p">=</span> <span class="s">"******"</span><span class="p">;</span> <span class="k">private</span> <span class="k">const</span> <span class="kt">string</span> <span class="n">SENSITIVE_KEYWORDS_SECTION</span> <span class="p">=</span> <span class="s">"Logging:SensitiveData:Keywords"</span><span class="p">;</span> <span class="k">private</span> <span class="k">const</span> <span class="kt">string</span> <span class="n">MASK_VALUE</span> <span class="p">=</span> <span class="s">"Logging:SensitiveData:Mask"</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IConfiguration</span> <span class="n">_configuration</span><span class="p">;</span> <span class="k">public</span> <span class="nf">SensitiveDataDestructuringPolicy</span><span class="p">(</span><span class="n">IConfiguration</span> <span class="n">configuration</span><span class="p">)</span> <span class="p">{</span> <span class="n">_configuration</span> <span class="p">=</span> <span class="n">configuration</span> <span class="p">??</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">ArgumentNullException</span><span class="p">(</span><span class="k">nameof</span><span class="p">(</span><span class="n">configuration</span><span class="p">));</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">bool</span> <span class="nf">TryDestructure</span><span class="p">(</span><span class="kt">object</span> <span class="k">value</span><span class="p">,</span> <span class="n">ILogEventPropertyValueFactory</span> <span class="n">propertyValueFactory</span><span class="p">,</span> <span class="k">out</span> <span class="n">LogEventPropertyValue</span> <span class="n">result</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">sensitiveKeywords</span> <span class="p">=</span> <span class="n">_configuration</span><span class="p">.</span><span class="n">GetValue</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">[</span><span class="k">]&gt;</span><span class="p">(</span><span class="n">SENSITIVE_KEYWORDS_SECTION</span><span class="p">)</span> <span class="p">??</span> <span class="n">Array</span><span class="p">.</span><span class="n">Empty</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">maskValue</span> <span class="p">=</span> <span class="n">_configuration</span><span class="p">.</span><span class="n">GetValue</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;(</span><span class="n">MASK_VALUE</span><span class="p">)</span> <span class="p">??</span> <span class="n">DEFAULT_MASK_VALUE</span><span class="p">;</span> <span class="k">if</span> <span class="p">(!</span><span class="n">sensitiveKeywords</span><span class="p">.</span><span class="nf">Any</span><span class="p">())</span> <span class="p">{</span> <span class="n">result</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StructureValue</span><span class="p">(</span><span class="k">new</span> <span class="n">LogEventProperty</span><span class="p">[]</span> <span class="p">{</span> <span class="p">});</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="kt">var</span> <span class="n">props</span> <span class="p">=</span> <span class="k">value</span><span class="p">.</span><span class="nf">GetType</span><span class="p">().</span><span class="nf">GetTypeInfo</span><span class="p">().</span><span class="n">DeclaredProperties</span><span class="p">;</span> <span class="kt">var</span> <span class="n">logEventProperties</span> <span class="p">=</span> <span class="k">new</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">LogEventProperty</span><span class="p">&gt;();</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">propertyInfo</span> <span class="k">in</span> <span class="n">props</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">sensitiveKeywords</span><span class="p">.</span><span class="nf">Any</span><span class="p">(</span><span class="n">x</span> <span class="p">=&gt;</span> <span class="n">x</span><span class="p">.</span><span class="nf">Equals</span><span class="p">(</span><span class="n">propertyInfo</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">StringComparison</span><span class="p">.</span><span class="n">InvariantCultureIgnoreCase</span><span class="p">)))</span> <span class="p">{</span> <span class="n">logEventProperties</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="k">new</span> <span class="nf">LogEventProperty</span><span class="p">(</span><span class="n">propertyInfo</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">propertyValueFactory</span><span class="p">.</span><span class="nf">CreatePropertyValue</span><span class="p">(</span><span class="n">maskValue</span><span class="p">)));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">logEventProperties</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="k">new</span> <span class="nf">LogEventProperty</span><span class="p">(</span><span class="n">propertyInfo</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">propertyValueFactory</span><span class="p">.</span><span class="nf">CreatePropertyValue</span><span class="p">(</span><span class="n">propertyInfo</span><span class="p">.</span><span class="nf">GetValue</span><span class="p">(</span><span class="k">value</span><span class="p">))));</span> <span class="p">}</span> <span class="p">}</span> <span class="n">result</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StructureValue</span><span class="p">(</span><span class="n">logEventProperties</span><span class="p">);</span> <span class="k">return</span> <span class="k">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Finally, add the <strong>SensitiveDataDestructuringPolicy</strong> to the <strong>loggerConfiguration</strong> as below: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="err">#</span> <span class="n">Rest</span> <span class="n">of</span> <span class="n">code</span> <span class="p">.</span><span class="nf">UseSerilog</span><span class="p">((</span><span class="n">context</span><span class="p">,</span> <span class="n">services</span><span class="p">,</span> <span class="n">configuration</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">loggerConfiguration</span> <span class="p">=</span> <span class="n">configuration</span> <span class="p">.</span><span class="n">ReadFrom</span><span class="p">.</span><span class="nf">Configuration</span><span class="p">(</span><span class="n">context</span><span class="p">.</span><span class="n">Configuration</span><span class="p">)</span> <span class="p">.</span><span class="n">Enrich</span><span class="p">.</span><span class="nf">FromLogContext</span><span class="p">()</span> <span class="p">.</span><span class="n">Enrich</span><span class="p">.</span><span class="nf">WithProperty</span><span class="p">(</span><span class="s">"Application"</span><span class="p">,</span> <span class="n">context</span><span class="p">.</span><span class="n">HostingEnvironment</span><span class="p">.</span><span class="n">ApplicationName</span><span class="p">)</span> <span class="p">.</span><span class="n">Enrich</span><span class="p">.</span><span class="nf">WithProperty</span><span class="p">(</span><span class="s">"Environment"</span><span class="p">,</span> <span class="n">context</span><span class="p">.</span><span class="n">HostingEnvironment</span><span class="p">.</span><span class="n">EnvironmentName</span><span class="p">)</span> <span class="p">.</span><span class="n">MinimumLevel</span><span class="p">.</span><span class="nf">Information</span><span class="p">();</span> <span class="n">loggerConfiguration</span><span class="p">.</span><span class="n">Destructure</span><span class="p">.</span><span class="n">With</span><span class="p">&lt;</span><span class="n">SensitiveDataDestructuringPolicy</span><span class="p">&gt;();</span> <span class="p">});</span> </code></pre> </div> <h2> 4. Concluding </h2> <p>By applying the <strong>SensitiveDataDestructuringPolicy</strong>, you will make the log safer, that help to prevent the sensitive data exposing while tracing log.</p> <p><em>Notes: The sample above just a very simple example, and you can modify, optimize to fit with your project.</em></p> <p><em>This article was originally published at: <a href="https://sangau.me/prevent-sensitive-data-exposure-in-log-with-serilog" rel="noopener noreferrer">https://sangau.me/prevent-sensitive-data-exposure-in-log-with-serilog</a></em></p> csharp security dotnet Sang Au Thu, 05 Sep 2019 00:41:15 +0000 https://dev.to/auvansangit/the-first-github-actions-373h https://dev.to/auvansangit/the-first-github-actions-373h <h1> 1. Introduction </h1> <p><a href="https://github.com/features/actions" rel="noopener noreferrer">GitHub Actions</a> makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.</p> <p>To get more details about Github Actions you can see <a href="https://help.github.com/en/articles/about-github-actions" rel="noopener noreferrer">About GitHub Actions</a></p> <h1> 2. Let's start </h1> <p>Make sure that you had to register Github Actions beta program and also receive the approval email from Github like "You’re in! Get started with GitHub Actions beta"...</p> <p>In this tutorial, I use my repository called <a href="https://github.com/sisa-cafe/react-starter-kit" rel="noopener noreferrer">React Starter Kit</a>.</p> <p><strong><em>Don't talk any more, go go go...</em></strong></p> <h3> Step 1: Go to your repository and click on the "Actions" tab </h3> <h3> Step 2: Click the button "Set up a workflow yourself" </h3> <p>You will see the template like bellow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI</span> <span class="na">on</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">push</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run a one-line script</span> <span class="na">run</span><span class="pi">:</span> <span class="s">echo Hello, world!</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run a multi-line script</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo Add other actions to build,</span> <span class="s">echo test, and deploy your project.</span> </code></pre> </div> <h3> Step 3: Edit the template </h3> <p>Following the <a href="https://help.github.com/en/articles/workflow-syntax-for-github-actions" rel="noopener noreferrer">Workflow syntax for GitHub Actions</a><br> and <a href="https://github.com/actions/setup-node" rel="noopener noreferrer">Set up your GitHub Actions workflow with a specific version of node.js</a></p> <p>I edit my first actions like bellow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI</span> <span class="na">on</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">push</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-18.04</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">node_version</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">10</span><span class="pi">,</span> <span class="nv">12</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Use Node.js ${{ matrix.node_version }}</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">${{ matrix.node_version }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">yarn install, yarn lint, yarn test, yarn build</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">yarn install</span> <span class="s">yarn lint</span> <span class="s">yarn test</span> <span class="s">yarn build</span> </code></pre> </div> <p>Explanation:<br> In the configuration above</p> <ul> <li>Github Actions will trigger on <code>push</code> event on any branch</li> <li>It will use Ubuntu 18.04 <code>runs-on: ubuntu-18.04</code> </li> <li>It will run 2 times on 2 node versions: <code>node_version: [10, 12]</code> </li> <li>It will use <code>yarn</code> to run instead of <code>npm</code> </li> <li>It will run <code>yarn install</code>, <code>yarn lint</code>, <code>yarn test</code>, <code>yarn build</code> </li> </ul> <p>For further command please refer to the <a href="https://help.github.com/en/articles/workflow-syntax-for-github-actions" rel="noopener noreferrer">Workflow syntax for GitHub Actions</a></p> <h3> Step 4: Waiting and getting the result! </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvcvbapnhxj5mnfjer7rp.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvcvbapnhxj5mnfjer7rp.PNG" alt="Github Actions build result" width="800" height="203"></a></p> <p>It works fine!!!</p> <h1> 3. In conclusion </h1> <p>So easy to create the simple pipeline with Github Actions. It will help you build your project without using any external CI/CD like Circle CI or something like that.</p> git react devops webdev Sang Au Wed, 01 May 2019 04:55:56 +0000 https://dev.to/auvansang/my-simple-site-sangau-me-150n https://dev.to/auvansang/my-simple-site-sangau-me-150n <h3> This is my personal site and, I use the following technology to built it: </h3> <ul> <li>React</li> <li>Typescript</li> <li>Material-UI</li> <li>GitHub pages</li> <li>Travis CI</li> </ul> <h3> Could you give me some ideas about it! </h3> <p>Repo: <a href="https://github.com/auvansang/sangau">GitHub</a></p> react typescript materialui