-
Notifications
You must be signed in to change notification settings - Fork 751
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve sensitive data detection when logging records #4658
Improve sensitive data detection when logging records #4658
Conversation
{ | ||
if (i.Name == ResourceUtilizationInstruments.CpuUtilization | ||
|| i.Name == ResourceUtilizationInstruments.MemoryUtilization) | ||
if (!ReferenceEquals(instrument.Meter.Scope, meterScope)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -40,7 +40,10 @@ public void WindowsCounters_Registers_Instruments() | |||
{ | |||
InstrumentPublished = (instrument, listener) => | |||
{ | |||
listener.EnableMeasurementEvents(instrument); | |||
if (ReferenceEquals(meter, instrument.Meter)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -231,4 +231,10 @@ internal sealed class DiagDescriptors : DiagDescriptorsBase | |||
title: Resources.InvalidAttributeUsageTitle, | |||
messageFormat: Resources.InvalidAttributeUsageMessage, | |||
category: Category); | |||
|
|||
public static DiagnosticDescriptor RecordTypeSensitiveArgumentIsInTemplate { get; } = Make( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@geeknoid @davidfowl should this be an error or rather warning?
🎉 Good job! The coverage increased 🎉
Full code coverage report: https://dev.azure.com/dnceng-public/public/_build/results?buildId=459450&view=codecoverage-tab |
|
||
public record class BaseRecord | ||
{ | ||
[PrivateData] public const string ConstFieldBase = Sensitive; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does it mean to apply this attribute to a const? Seems like we might need an analyzer to flag this as not desirable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree it doesn't make sense, but I wanted to list all possible combinations (even if they don't make sense) to ensure that record
's default ToString()
implementation doesn't emit these values. I will file an issue for the analyzer shortly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created #4669
@@ -20,12 +20,13 @@ internal partial class Parser | |||
{ | |||
private static readonly HashSet<TypeKind> _allowedTypeKinds = [TypeKind.Class, TypeKind.Struct, TypeKind.Interface]; | |||
|
|||
private bool ProcessLogPropertiesForParameter( | |||
internal bool ProcessLogPropertiesForParameter( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this internal for testing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct
|
||
namespace Microsoft.Gen.Logging.Parsing | ||
{ | ||
internal partial class Parser |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this internal for testing? Otherwise it can be private.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parser
class was internal
even before my changes
Co-authored-by: Darius Letterman <dcletterman@gmail.com>
This PR fixes an issue when our
[LoggerMessage]
source-gen was allowing this syntax without any warnings or errors:Now we'll emit an error if this happens.
Additionally, this PR fixes usages of
[LogProperties]
when it's applied on an argument of record type that has implicitly declared property via primary constructor and this property is annotated with a data classification attribute, e.g.:Ideally, this should be annotated as
[property: PrivateData] string ArgFromPrimaryCtor
, but usually folks don't do that (and some might not even know about that syntax).Now we'll cover such cases and redact
RecordWithSensitiveMembers.ArgFromPrimaryCtor
in generated code.Microsoft Reviewers: Open in CodeFlow