From 928148457b76e43f8fef357849d432c175d60498 Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 11:36:51 +0200 Subject: [PATCH 1/9] Add the configuration necessary to publish SensitiveString as a NuGet package --- .github/workflows/build_and_test.yaml | 29 +++++++++ .github/workflows/publish.yaml | 44 +++++++++++++ src/SensitiveString/SensitiveString.csproj | 73 +++++++++++++++++++++- 3 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build_and_test.yaml create mode 100644 .github/workflows/publish.yaml diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml new file mode 100644 index 0000000..9b7c554 --- /dev/null +++ b/.github/workflows/build_and_test.yaml @@ -0,0 +1,29 @@ +name: Build and Test + +on: + push: + branches: [ main, develop ] + pull_request_target: + branches: [ main, develop ] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 8.0.x + + - name: Restore dependencies + run: dotnet restore + + - name: Build solution + run: dotnet build --configuration Release --no-restore + + - name: Run tests + run: dotnet test --no-restore \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..cb3c55a --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,44 @@ +name: Publish a NuGet Package + +on: + release: + types: [ published ] + +env: + BRANCH: main + +jobs: + build: + runs-on: windows-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 8.0.x + + - name: Restore dependencies + run: dotnet restore + + - name: Build solution + run: dotnet build --configuration Release --no-restore + + - name: Run tests + run: dotnet test --no-restore + + - shell: pwsh + name: Create SNK File + env: + SNK: ${{ secrets.snk }} + run: | + $snk = [Convert]::FromBase64String("$env:SNK") + Set-Content "src\SensitiveString\SensitiveString.snk" -Value $snk -AsByteStream + + - name: Build NuGet Package + run: dotnet pack src\SensitiveString\SensitiveString.csproj --configuration Publish -p:Repository=${{ github.repository }} -p:Branch=${{ env.BRANCH }} -p:Commit=${{ github.sha }} + + - name: Publish NuGet Package + run: dotnet nuget push src\SensitiveString\bin\Publish\SensitiveString.*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.nuget_api_key }} \ No newline at end of file diff --git a/src/SensitiveString/SensitiveString.csproj b/src/SensitiveString/SensitiveString.csproj index a696898..325759e 100644 --- a/src/SensitiveString/SensitiveString.csproj +++ b/src/SensitiveString/SensitiveString.csproj @@ -1 +1,72 @@ - \ No newline at end of file + + + + + netstandard2.0 + Debug;Release;Publish + AnyCPU + + + true + true + false + + true + snupkg + + + true + + true + + 0.1.0 + true + + SensitiveString + SensitiveString + SensitiveString + Introducing SensitiveString, your shield against inadvertent exposure of sensitive information in application logs and beyond. This lightweight NuGet package wraps strings in a protective layer, ensuring that sensitive data remains secure and inaccessible without explicit handling. Safeguard your users' privacy and your application's integrity effortlessly with SensitiveString. + Mariusz Schimke + Copyright © 2024 Mariusz Schimke + sensitive strings privacy + + https://github.com/$(Repository) + LICENSE.txt + false + + true + + true + git + https://github.com/$(Repository).git + $(Branch) + $(Commit) + + This initial package release is presented as a proof of concept. All comments and suggestions are warmly welcomed and encouraged to be reported as issues on GitHub. Your input is highly valued to help refine and improve this offering. + + See also https://github.com/$(Repository)/releases + + + + true + SensitiveString.snk + true + + + + true + + + + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + + + + + + \ No newline at end of file From f55f35a6149ac36d3dbc013733934cc884df3d0d Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:08:34 +0200 Subject: [PATCH 2/9] Add an examples assembly --- SensitiveString.sln | 9 ++++++++- src/SensitiveString.Examples/PersonDto.cs | 3 +++ src/SensitiveString.Examples/Program.cs | 15 +++++++++++++++ .../SensitiveString.Examples.csproj | 14 ++++++++++++++ src/SensitiveString/SensitiveString.csproj | 2 +- 5 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 src/SensitiveString.Examples/PersonDto.cs create mode 100644 src/SensitiveString.Examples/Program.cs create mode 100644 src/SensitiveString.Examples/SensitiveString.Examples.csproj diff --git a/SensitiveString.sln b/SensitiveString.sln index 4b60efe..8bb8cf6 100644 --- a/SensitiveString.sln +++ b/SensitiveString.sln @@ -14,6 +14,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{21EB174C-CED EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{654EFDB6-8ECD-42CB-A3D6-F7DE361A692B}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SensitiveString.Examples", "src\SensitiveString.Examples\SensitiveString.Examples.csproj", "{BA642BF0-1C73-469C-9902-FDDD301DA73C}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -40,6 +42,10 @@ Global {C0B98D42-F2BB-4D5D-A2C2-EA137D9FBF3F}.Debug|Any CPU.Build.0 = Debug|Any CPU {C0B98D42-F2BB-4D5D-A2C2-EA137D9FBF3F}.Release|Any CPU.ActiveCfg = Release|Any CPU {C0B98D42-F2BB-4D5D-A2C2-EA137D9FBF3F}.Release|Any CPU.Build.0 = Release|Any CPU + {BA642BF0-1C73-469C-9902-FDDD301DA73C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {BA642BF0-1C73-469C-9902-FDDD301DA73C}.Debug|Any CPU.Build.0 = Debug|Any CPU + {BA642BF0-1C73-469C-9902-FDDD301DA73C}.Release|Any CPU.ActiveCfg = Release|Any CPU + {BA642BF0-1C73-469C-9902-FDDD301DA73C}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(NestedProjects) = preSolution {BFACD806-7D36-4ED7-8FE1-E7457299A6E3} = {21EB174C-CED8-40DB-AD4E-E3BF9D9D3EC7} @@ -47,5 +53,6 @@ Global {EA5EA98A-75F8-422F-8858-F9857075584E} = {21EB174C-CED8-40DB-AD4E-E3BF9D9D3EC7} {C3B8ED7F-E680-4364-B9AE-C12019E782E3} = {21EB174C-CED8-40DB-AD4E-E3BF9D9D3EC7} {C0B98D42-F2BB-4D5D-A2C2-EA137D9FBF3F} = {654EFDB6-8ECD-42CB-A3D6-F7DE361A692B} + {BA642BF0-1C73-469C-9902-FDDD301DA73C} = {21EB174C-CED8-40DB-AD4E-E3BF9D9D3EC7} EndGlobalSection -EndGlobal \ No newline at end of file +EndGlobal diff --git a/src/SensitiveString.Examples/PersonDto.cs b/src/SensitiveString.Examples/PersonDto.cs new file mode 100644 index 0000000..72e3128 --- /dev/null +++ b/src/SensitiveString.Examples/PersonDto.cs @@ -0,0 +1,3 @@ +namespace SensitiveString.Examples; + +internal record PersonDto(string Name, SensitiveString PhoneNumber, SensitiveEmail Email); \ No newline at end of file diff --git a/src/SensitiveString.Examples/Program.cs b/src/SensitiveString.Examples/Program.cs new file mode 100644 index 0000000..993e460 --- /dev/null +++ b/src/SensitiveString.Examples/Program.cs @@ -0,0 +1,15 @@ +// See https://aka.ms/new-console-template for more information + +using SensitiveString; +using SensitiveString.Examples; + +var person = new PersonDto( + "John Doe", + "(800) 555‑0123".AsSensitive(), + "john.doe@example.com".AsSensitiveEmail() +); + + +Console.WriteLine($"Person info: {person}"); +Console.WriteLine($"Phone number: {person.PhoneNumber.Reveal()}"); +Console.WriteLine($"Email: {person.Email.Reveal()}"); \ No newline at end of file diff --git a/src/SensitiveString.Examples/SensitiveString.Examples.csproj b/src/SensitiveString.Examples/SensitiveString.Examples.csproj new file mode 100644 index 0000000..8c9e690 --- /dev/null +++ b/src/SensitiveString.Examples/SensitiveString.Examples.csproj @@ -0,0 +1,14 @@ + + + + Exe + net8.0 + enable + enable + + + + + + + diff --git a/src/SensitiveString/SensitiveString.csproj b/src/SensitiveString/SensitiveString.csproj index 325759e..796bfb1 100644 --- a/src/SensitiveString/SensitiveString.csproj +++ b/src/SensitiveString/SensitiveString.csproj @@ -2,7 +2,7 @@ - netstandard2.0 + net8.0 Debug;Release;Publish AnyCPU From 9910ff1ad8394989e91545d9099329984c9cb6bb Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:08:42 +0200 Subject: [PATCH 3/9] Update readme --- README.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8fc8396..6e38336 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,63 @@ # SensitiveString -A proof of concept to deliver a solution that mitigates the risk of sensitive information leaking into application logs +Introducing SensitiveString, your shield against inadvertent exposure of sensitive information in application logs and beyond. + +This lightweight NuGet package wraps strings in a protective layer, ensuring that sensitive data remains secure and inaccessible without explicit handling. + +Safeguard your users' privacy and your application's integrity effortlessly with SensitiveString. + +## Example + +Let's try to initialize and print a simple record with personal information: + +```c# +internal record PersonDto(string Name, SensitiveString PhoneNumber, SensitiveEmail Email); +``` + +```c# +using SensitiveString; + +var person = new PersonDto( + "John Doe", + "(800) 555‑0123".AsSensitive(), + "john.doe@example.com".AsSensitiveEmail() +); + +Console.WriteLine($"Person info: {person}"); +``` + +What we get in the console is: + +``` +Person info: PersonDto { Name = John Doe, PhoneNumber = ***, Email = ***@example.com } +``` + +Now let's try to access the original information: + +```c# +Console.WriteLine($"Phone number: {person.PhoneNumber.Reveal()}"); +Console.WriteLine($"Email: {person.Email.Reveal()}"); +``` + +And what we now get in the console is: + +``` +Phone number: (800) 555‑0123 +Email: john.doe@example.com +``` + +## How it works? + +The `SensitiveString` and `SensitiveEmail` types are straightforward string wrappers. Without special handling, their content remains hidden from standard stringifiers and serializers. So if you're afraid some sensitive data may leak into application logs when stringified implicitly, use one of these two types to prevent that. + +`SensitiveEmail` differs from `SensitiveString` only in how it masks the original value. If you prefer having emails fully masked rather than the login part before @, use the `SensitiveString` instead. + +## How to use it in REST APIs? + +In client-server communication we want the information in its original form present in the data being transmitted between the parties. Because, however, of how the types are designed, without explicit handling, serializers will output nothing but an empty object. + +Therefore, to use the type in DTOs, you'll need to extend the serializers in use with special converters to handle these types. Converters for the are part of this repository, but will soon be published + +## Disclaimer + +This is a proof of concept. If you find any issues using the package or have any thoughts on it, your comments reported as issues are more than welcome! + From 683a0d632c844ea701812be4814331e512b0fdd7 Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:23:00 +0200 Subject: [PATCH 4/9] Add comments --- src/SensitiveString/Json/JsonSerializerOptionsExtensions.cs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/SensitiveString/Json/JsonSerializerOptionsExtensions.cs b/src/SensitiveString/Json/JsonSerializerOptionsExtensions.cs index a9b3769..3139401 100644 --- a/src/SensitiveString/Json/JsonSerializerOptionsExtensions.cs +++ b/src/SensitiveString/Json/JsonSerializerOptionsExtensions.cs @@ -4,6 +4,12 @@ namespace SensitiveString.Json; public static class JsonSerializerOptionsExtensions { + /// + /// Adds and to the serializer options. + /// + /// + /// The serializer options to add sensitive string support to. + /// public static void AddSensitiveStringSupport(this JsonSerializerOptions options) { options.Converters.Add(new SensitiveStringJsonConverter()); From 5fd624bcc03357527254b97697cab54a20b35f3d Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:23:05 +0200 Subject: [PATCH 5/9] Update readme --- README.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6e38336..cf7b6b9 100644 --- a/README.md +++ b/README.md @@ -51,11 +51,59 @@ The `SensitiveString` and `SensitiveEmail` types are straightforward string wrap `SensitiveEmail` differs from `SensitiveString` only in how it masks the original value. If you prefer having emails fully masked rather than the login part before @, use the `SensitiveString` instead. -## How to use it in REST APIs? + + +## Serialization/deserialization In client-server communication we want the information in its original form present in the data being transmitted between the parties. Because, however, of how the types are designed, without explicit handling, serializers will output nothing but an empty object. -Therefore, to use the type in DTOs, you'll need to extend the serializers in use with special converters to handle these types. Converters for the are part of this repository, but will soon be published +Therefore, to use the type in DTOs, you'll need to extend your serializers in use with special converters to handle these types. Converters for the `System.Text.Json.JsonSerializer` are available in this repository and are part of the associated NuGet package. See below how serialization behaves with and without them. + +Let's use the same person object as in the example used earlier: + +```c# +using System.Text.Json; +... + +var serialized = JsonSerializer.Serialize(person); +Console.WriteLine($"Serialized: {serialized}"); +``` + +This is what we will get as the output: + +``` +Serialized: {"Name":"John Doe","PhoneNumber":{},"Email":{}} +``` + +As you can see, the sensitive strings are just empty JSON objects `{}`. + +Now let's add appropriate converters to serializer options: + +```c# +using System.Text.Json; +using SensitiveString.Json; +... + +var serializerOptions = new JsonSerializerOptions(); +serializerOptions.AddSensitiveStringSupport(); + +var serialized = JsonSerializer.Serialize(person, serializerOptions); +Console.WriteLine($"Serialized: {serialized}"); +``` + +Now the output is complete: + +``` +Serialized: {"Name":"John Doe","PhoneNumber":"(800) 555\u20110123","Email":"john.doe@example.com"} +``` + +The same options should be used for deserialization. + +## REST API + +To make sure your REST API handles the types correctly, call this method on startup: + + ## Disclaimer From d8c9c691c55aed785f420d3f36122b9e9c458d85 Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:23:57 +0200 Subject: [PATCH 6/9] Add JSON serialization example --- src/SensitiveString.Examples/Program.cs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/SensitiveString.Examples/Program.cs b/src/SensitiveString.Examples/Program.cs index 993e460..548436a 100644 --- a/src/SensitiveString.Examples/Program.cs +++ b/src/SensitiveString.Examples/Program.cs @@ -1,7 +1,7 @@ -// See https://aka.ms/new-console-template for more information - +using System.Text.Json; using SensitiveString; using SensitiveString.Examples; +using SensitiveString.Json; var person = new PersonDto( "John Doe", @@ -10,6 +10,15 @@ ); +// --- stringification --- Console.WriteLine($"Person info: {person}"); Console.WriteLine($"Phone number: {person.PhoneNumber.Reveal()}"); -Console.WriteLine($"Email: {person.Email.Reveal()}"); \ No newline at end of file +Console.WriteLine($"Email: {person.Email.Reveal()}"); + + +// --- JSON serialization --- +var serializerOptions = new JsonSerializerOptions(); +serializerOptions.AddSensitiveStringSupport(); + +var serialized = JsonSerializer.Serialize(person, serializerOptions); +Console.WriteLine($"Serialized: {serialized}"); \ No newline at end of file From f4cc866c916166961f7a4324a137db9b68028b19 Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:36:43 +0200 Subject: [PATCH 7/9] Update readme --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cf7b6b9..0ada5d7 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,19 @@ The same options should be used for deserialization. ## REST API -To make sure your REST API handles the types correctly, call this method on startup: +To make sure your web API handles the types correctly, call this on startup: + +```c# +builder.Services + .AddControllers() + .AddJsonOptions( + o => o.JsonSerializerOptions.AddSensitiveStringSupport() + ); + +builder.Services.ConfigureHttpJsonOptions( + o => o.SerializerOptions.AddSensitiveStringSupport() +); +``` From 766e0c36c480171f93c0e46eb4c5cb87ae290b34 Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:38:21 +0200 Subject: [PATCH 8/9] Add missing NuGet package references --- Directory.Packages.props | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Directory.Packages.props b/Directory.Packages.props index 522a7b9..b2c35c9 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -11,5 +11,7 @@ + + \ No newline at end of file From 11f8978c2aa5a05dc2f744be8a0e52d3524cc79b Mon Sep 17 00:00:00 2001 From: Mariusz Schimke Date: Thu, 11 Apr 2024 12:42:33 +0200 Subject: [PATCH 9/9] Upgrade NuGet packages --- Directory.Packages.props | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index b2c35c9..b5aad89 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -5,13 +5,22 @@ - + - - - - - - + + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + \ No newline at end of file