Skip to content

Sanitize logs#3316

Merged
pmaytak merged 5 commits intodevfrom
pmaytak/log
Sep 26, 2025
Merged

Sanitize logs#3316
pmaytak merged 5 commits intodevfrom
pmaytak/log

Conversation

@pmaytak
Copy link
Collaborator

@pmaytak pmaytak commented Sep 23, 2025
edited
Loading

No description provided.

@pmaytak pmaytak added this to the 8.15.0 milestone Sep 23, 2025
@pmaytak pmaytak requested a review from a team as a code owner September 23, 2025 06:35
@pmaytak
Copy link
Collaborator Author

pmaytak commented Sep 23, 2025

This test with verbose logging enabled. Not much difference for latency, slight increase in allocations. Verbose logging is not expected to be enabled in production full time.

Sanitized ShowPII Method Mean Ratio Error StdDev P90 P95 P100 Gen0 Gen1 Allocated Alloc Ratio
False False JsonWebTokenHandler_ValidateTokenAsync 36.33 μs 1.00 0.158 μs 0.351 μs 36.81 μs 36.93 μs 37.32 μs 0.6104 0.1831 10.05 KB 1.00
True False JsonWebTokenHandler_ValidateTokenAsync 36.74 μs 1.01 0.097 μs 0.212 μs 37.02 μs 37.07 μs 37.31 μs 0.6104 0.1831 10.46 KB 1.04
False True JsonWebTokenHandler_ValidateTokenAsync 36.94 μs 1.00 0.136 μs 0.293 μs 37.33 μs 37.45 μs 37.50 μs 0.6104 0.3052 10.2 KB 1.00
True True JsonWebTokenHandler_ValidateTokenAsync 36.84 μs 0.997 0.193 μs 0.427 μs 37.38 μs 37.51 μs 37.75 μs 0.6104 0.1831 10.6 KB 1.04

@github-actions
Copy link

github-actions bot commented Sep 23, 2025

Summary

Summary
Generated on: 9/23/2025 - 6:56:01 AM
Coverage date: 9/23/2025 - 6:42:14 AM - 9/23/2025 - 6:55:18 AM
Parser: MultiReport (72x Cobertura)
Assemblies: 1
Classes: 10
Files: 3
Line coverage: 80.3% (931 of 1159)
Covered lines: 931
Uncovered lines: 228
Coverable lines: 1159
Total lines: 906
Branch coverage: 67.8% (342 of 504)
Covered branches: 342
Total branches: 504
Method coverage: Feature is only available for sponsors

Coverage

Microsoft.IdentityModel.JsonWebTokens - 80.3%
Name Line Branch
Microsoft.IdentityModel.JsonWebTokens 80.3% 67.8%
Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities 100%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA
DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA
DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJwsRegex_0		 81.4% 67.6%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3
CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3
CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJwsRegex_0		 81.4% 67.6%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>FE89C4BBA95BC726
BBFA730D496EDD9355321BE5DAEE79F3CE10E7FA17DC7FA64__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>FE89C4BBA95BC726
BBFA730D496EDD9355321BE5DAEE79F3CE10E7FA17DC7FA64__CreateJwsRegex_0		 81.4% 67.6%

Copilot AI reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements log sanitization functionality to prevent log injection attacks by escaping potentially harmful characters in log messages. The changes ensure that control characters like newlines, carriage returns, and tabs are properly encoded when logging both PII and non-PII data.

  • Adds a new Sanitize method that encodes control characters to prevent log injection
  • Updates logging methods to apply sanitization to both PII and non-PII strings
  • Enhances TestLogger with optional log saving capability for better test control

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/Microsoft.IdentityModel.Logging/LogHelper.cs Implements core sanitization logic and integrates it into existing logging methods
test/Microsoft.IdentityModel.Logging.Tests/LogHelperTests.cs Adds comprehensive tests for sanitization functionality covering PII and non-PII scenarios
test/Microsoft.IdentityModel.Logging.Tests/TestLogger.cs Adds constructor parameter to control log saving behavior for testing

keegan-caruso
keegan-caruso reviewed Sep 24, 2025
View reviewed changes
@pmaytak
Copy link
Collaborator Author

pmaytak commented Sep 24, 2025
edited
Loading

With logging enabled:

Sanitize Method Mean Error StdDev P90 P95 P100 Ratio Gen0 Gen1 Allocated Alloc Ratio
False JsonWebTokenHandler_ValidateTokenAsyncWithTVP 36.49 μs 0.182 μs 0.399 μs 36.97 μs 37.01 μs 37.17 μs 1.00 0.6104 0.3052 10.2 KB 1.00
True JsonWebTokenHandler_ValidateTokenAsyncWithTVP 36.70 μs 0.126 μs 0.267 μs 37.05 μs 37.12 μs 37.44 μs 1.00 0.6104 0.1831 10.6 KB 1.04

With logging disabled:
Without Sanitize:

Method Mean Error StdDev P90 P95 P100 Ratio Gen0 Allocated Alloc Ratio
JsonWebTokenHandler_ValidateTokenAsyncWithTVP 31.39 μs 0.053 μs 0.115 μs 31.50 μs 31.57 μs 31.68 μs 1.00 0.4272 7.25 KB 1.00

With Sanitize method in code base (Sanitize is not called, so allocations are the same):

Method Mean Error StdDev P90 P95 P100 Ratio Gen0 Allocated Alloc Ratio
JsonWebTokenHandler_ValidateTokenAsyncWithTVP 31.50 μs 0.104 μs 0.225 μs 31.84 μs 31.86 μs 31.91 μs 1.00 0.4272 7.25 KB 1.00

mdchennu
mdchennu reviewed Sep 24, 2025
View reviewed changes
@pmaytak
Add .NET 6.x setup to GitHub Actions workflow
6077d38 
Added setup step for .NET 6.x in workflow.
@github-actions
Copy link

github-actions bot commented Sep 24, 2025

Summary

Summary
Generated on: 9/24/2025 - 11:43:31 PM
Coverage date: 9/24/2025 - 11:29:09 PM - 9/24/2025 - 11:42:48 PM
Parser: MultiReport (72x Cobertura)
Assemblies: 1
Classes: 10
Files: 3
Line coverage: 80.3% (931 of 1159)
Covered lines: 931
Uncovered lines: 228
Coverable lines: 1159
Total lines: 908
Branch coverage: 67.8% (342 of 504)
Covered branches: 342
Total branches: 504
Method coverage: Feature is only available for sponsors

Coverage

Microsoft.IdentityModel.JsonWebTokens - 80.3%
Name Line Branch
Microsoft.IdentityModel.JsonWebTokens 80.3% 67.8%
Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities 100%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated 80.3% 67.8%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA
DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA
DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJwsRegex_0		 81.4% 67.6%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3
CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3
CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJwsRegex_0		 81.4% 67.6%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>FE89C4BBA95BC726
BBFA730D496EDD9355321BE5DAEE79F3CE10E7FA17DC7FA64__CreateJweRegex_1		 79.2% 68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>FE89C4BBA95BC726
BBFA730D496EDD9355321BE5DAEE79F3CE10E7FA17DC7FA64__CreateJwsRegex_0		 81.4% 67.6%

@pmaytak pmaytak mentioned this pull request Sep 25, 2025
Closed
@pmaytak pmaytak merged commit 637fae3 into dev Sep 26, 2025
6 checks passed
@pmaytak pmaytak deleted the pmaytak/log branch September 26, 2025 04:42
This was referenced Oct 7, 2025
Closed
Closed
Merged
keegan-caruso
keegan-caruso reviewed Oct 19, 2025
View reviewed changes
@keegan-caruso
Copy link
Contributor

keegan-caruso commented Oct 19, 2025
edited
Loading

#3341 optimizes performance for this change for NET8+ targets.

Copilot AI mentioned this pull request Nov 18, 2025
Closed
5 tasks
This was referenced Nov 20, 2025
Closed
Closed
Closed
Merged
This was referenced Feb 16, 2026
Open
Open
Closed
Open
Closed
Merged
Open
Open
Open
Open
Open
Open
Merged
Open
Open
Closed
Closed
This was referenced Feb 23, 2026
Open
Closed
Closed
Closed
Open
Open
Open
Open
Closed
This was referenced Mar 2, 2026
Open
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keegan-caruso keegan-caruso keegan-caruso left review comments

Copilot code review Copilot Copilot left review comments

@mdchennu mdchennu mdchennu approved these changes

+1 more reviewer

@jennyf19 jennyf19 jennyf19 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

8.15.0

Development

Successfully merging this pull request may close these issues.

5 participants

@pmaytak @keegan-caruso @jennyf19 @mdchennu