Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact constants that get inlined from variables into query in log #35724

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Redact constants that get inlined from variables into query in log #35724

wants to merge 18 commits into from
+533 −89

Conversation

cincuranet
Copy link
Contributor

@cincuranet cincuranet commented Mar 4, 2025
edited
Loading

This adds OriginallyParameter into SqlConstantExpression to detect a case when something that was originally a parameter in query was turned into inline value. This value should be then handled the same way as we do for parameters (regarding EnableSensitiveDataLogging).

The SQL generator is then generating two versions of query. The first is the standard one that will be sent to database and other is with inlined values redacted. Later, if sensitive logging is off, diagnostic logger will use it instead of regular DbCommand.CommandText.

Fixes #35757

@cincuranet cincuranet marked this pull request as ready for review March 7, 2025 11:37
@cincuranet cincuranet requested a review from a team as a code owner March 7, 2025 11:37
@cincuranet cincuranet requested a review from Copilot March 7, 2025 11:37
Copilot
Copilot AI reviewed Mar 7, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR introduces a new mechanism to mark constant SQL expressions that were originally parameters so that, when inlined into a query, they are handled like parameters with respect to sensitive data logging. Key changes include:

  • Adding an extra flag (“originallyParameter”) to the SqlConstantExpression and propagating it through various factory methods and visitors.
  • Updating multiple components (SQL generators, expression visitors, and diagnostic loggers) to use the new flag and to pass along a new “logCommandText” parameter for redacted logging.
  • Revising XML documentation and method signatures across the EF Core Relational components for consistency.

Reviewed Changes

File Description
src/EFCore.Relational/Query/SqlExpressions/SqlConstantExpression.cs Adds the “originallyParameter” flag to the constructors and updates ApplyTypeMapping/Quote.
src/EFCore.Relational/Query/QuerySqlGenerator.cs Updates SQL generation logic to pass the flag when composing the command text.
src/EFCore.Relational/Query/ISqlExpressionFactory.cs Modifies Constant method overloads to include the new parameter with a default value.
src/EFCore.Relational/Diagnostics/*.cs Introduces a new “logCommandText” parameter and revises log formatting in diagnostic events.
src/EFCore.Relational/Query/SqlNullabilityProcessor.cs Revises calls to Constant to include the originallyParameter flag (often set to true).
(Other files across the query translation and diagnostics areas) Propagates the new flag through SQL expression visitors and translators.

Copilot reviewed 57 out of 57 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (2)

src/EFCore.Relational/Query/SqlNullabilityProcessor.cs:131

  • [nitpick] Consider adding unit tests to verify that inline constant expressions flagged with 'originallyParameter: true' are correctly redacted when sensitive data logging is disabled.
processedValues.Add(_sqlExpressionFactory.Constant(value, value?.GetType() ?? typeof(object), originallyParameter: true, typeMapping: typeMapping));

src/EFCore.Relational/Diagnostics/Internal/RelationalCommandDiagnosticsLogger.cs:320

  • [nitpick] Consider adding tests to verify that the new 'logCommandText' parameter is used appropriately in scenarios where sensitive data logging is disabled, ensuring the redacted command text is correctly applied.
command.CommandText.TrimEnd());
roji
roji requested changes Mar 7, 2025
View reviewed changes
Copy link
Member

@roji roji left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks pretty good - see comments below.

Also, don't we need test coverage for this? Or did I miss it?

@cincuranet cincuranet force-pushed the query-log branch 4 times, most recently from 0ea1635 to 74f20da Compare March 10, 2025 10:01
@cincuranet cincuranet requested a review from roji March 12, 2025 11:21
@cincuranet cincuranet requested a review from Copilot March 12, 2025 11:22
Copilot
Copilot AI reviewed Mar 12, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces support for redacting inlined constant values during SQL generation. Key changes include:

  • Adding the InlinedRedacting test in the Relational.Specification.Tests project.
  • Extending SqlConstantExpression and its factory methods to support a new “sensitive” flag.
  • Updating logging and command construction APIs to propagate a redacted log command text.

Reviewed Changes

Copilot reviewed 40 out of 40 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
test/EFCore.Relational.Specification.Tests/Query/AdHocMiscellaneousQueryRelationalTestBase.cs Added tests for verifying redaction of inlined constants.
src/EFCore.Relational/Query/SqlExpressions/SqlConstantExpression.cs Updated constructors and the Quote method to accept a sensitive flag.
src/EFCore.Relational/Query/ISqlExpressionFactory.cs Introduced overloads for constant expressions with sensitivity support.
src/EFCore.Relational/Diagnostics/* Updated logging classes to include and propagate a redacted command text.
src/EFCore.Relational/Storage/IRelationalCommandTemplate.cs Added a LogCommandText property for redacted logging output.
src/EFCore.Relational/Query/QuerySqlGenerator.cs Modified SQL generation to take the sensitive flag into account.
src/EFCore.Relational/Storage/RelationalCommandBuilder.cs Updated command builder to support construction of redacted command text.
Comments suppressed due to low confidence (1)

src/EFCore.Relational/Query/SqlExpressions/SqlConstantExpression.cs:104

  • Ensure that the reflection usage for retrieving the constructor remains valid with any future updates to the constructor signature. Consider adding a unit test to verify that the expected constructor is always correctly obtained.
.GetConstructor([typeof(object), typeof(Type), typeof(bool), typeof(RelationalTypeMapping)])!,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@roji roji Awaiting requested review from roji

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redact inlined constants from log when sensitive logging is off
2 participants
@cincuranet @roji