From c9ad7b6194e20b0cff1ac8f7800684b1c33537cc Mon Sep 17 00:00:00 2001 From: opejanovic Date: Sat, 21 Dec 2024 18:42:13 +0100 Subject: [PATCH] Enriching OracleParameterInfo with flag for PII data Added a new flag, MaskValueWhenLogging, to the OracleParameterInfo class. This flag is used to identify Oracle parameters containing Personally Identifiable Information (PII). When set to true, the parameter values can be masked in logs to enhance data security and compliance with privacy standards. --- src/Dapper.Oracle/OracleDynamicParameters.cs | 27 ++++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/Dapper.Oracle/OracleDynamicParameters.cs b/src/Dapper.Oracle/OracleDynamicParameters.cs index cfb6bc5..10c7029 100644 --- a/src/Dapper.Oracle/OracleDynamicParameters.cs +++ b/src/Dapper.Oracle/OracleDynamicParameters.cs @@ -1,4 +1,4 @@ -//// Based on Gist found here: https://gist.github.com/vijaysg/3096151 +//// Based on Gist found here: https://gist.github.com/vijaysg/3096151 using System; using System.Collections; @@ -109,6 +109,7 @@ public void AddDynamicParams(dynamic param) /// /// /// + /// a flag that this param contains sensitive data and it must be masked in case of logging values public void Add( string name, object value = null, @@ -121,7 +122,8 @@ public void Add( string sourceColumn = null, DataRowVersion? sourceVersion = null, OracleMappingCollectionType? collectionType = null, - int[] arrayBindSize = null) + int[] arrayBindSize = null, + bool maskValueWhenLogging = false) { Parameters[Clean(name)] = new OracleParameterInfo() { @@ -136,7 +138,8 @@ public void Add( SourceColumn = sourceColumn, SourceVersion = sourceVersion ?? DataRowVersion.Current, CollectionType = collectionType ?? OracleMappingCollectionType.None, - ArrayBindSize = arrayBindSize + ArrayBindSize = arrayBindSize, + MaskValueWhenLogging = maskValueWhenLogging }; } @@ -167,7 +170,7 @@ public T Get(string name) } return default(T); } - + return OracleValueConverter.Convert(val); } @@ -239,10 +242,10 @@ protected virtual void AddParameters(IDbCommand command, SqlMapper.Identity iden } OracleMethodHelper.SetOracleParameters(p, param); - + p.Direction = param.ParameterDirection; - - var val = param.Value; + + var val = param.Value; if (val != null && OracleTypeMapper.HasTypeHandler(val.GetType(), out var handler)) { @@ -251,7 +254,7 @@ protected virtual void AddParameters(IDbCommand command, SqlMapper.Identity iden else { p.Value = val ?? DBNull.Value; - + var s = val as string; if (s?.Length <= 4000) { @@ -262,8 +265,8 @@ protected virtual void AddParameters(IDbCommand command, SqlMapper.Identity iden { p.Size = param.Size.Value; } - } - + } + if (add) { command.Parameters.Add(p); @@ -320,6 +323,8 @@ public class OracleParameterInfo public OracleParameterMappingStatus Status { get; set; } public IDbDataParameter AttachedParam { get; set; } + + public bool MaskValueWhenLogging { get; set; } } /// @@ -328,4 +333,4 @@ public class OracleParameterInfo /// public IEnumerator GetEnumerator() => Parameters.GetEnumerator(); } -} \ No newline at end of file +}