How to mask password exist in json string?

Question

I am working on .net core c# logging project for my API response. The output is JSON format with the response contains sensitive info (eg. password)

I am stuck when the response output contains more complex Json structure with an array, whose items are complex objects, each with an "id" property and the keyword denoting the sensitive field, appears as value of that "id" field (see example below).

For the below output, How do I to replace the password value to 'XXXX' using RegEx if the value of the "id" contains the word 'password' . eg...there are value required to be masked below...

{
    "type": "CatalogResourceRequest",
    "description": null,
    "reasons": null,
    "data": {
        "customProperties": [
            {
                
                "data": {
                    "id": "CloneFrom",
                    "is_hidden": false,
                    "value": "TMPLABC"
                }
            },
            {
                
                "data": {
                    "id": "Debug",
                    "is_hidden": false,
                    "value": false
                }
            },
            {
                "data": {
                    "id": "abc_password",
                    "is_hidden": false,
                    "value": "This_Is_Password_To_Be_Masked"
            },

                "data": {
                    "id": "password_of_user1",
                    "is_hidden": false,
                    "value": "This_Is_Password_To_Be_Masked_Also"
                        }           
        }                   
    ]
    }
}

Answer 1

Here is a working demo by using Json.Net:

[HttpGet]
public IActionResult Index()
{
    var data = System.IO.File.ReadAllText("test.json");
    var json = ToObject(data);
     

    return Ok(json);
}
public object ToObject(string json)
{
    if (string.IsNullOrEmpty(json))
        return null;
    return ToObject(JToken.Parse(json));
}

public object ToObject(JToken token)
{
    switch (token.Type)
    {
        case JTokenType.Object:
            return token.Children<JProperty>()
                        .ToDictionary(prop => prop.Name,
                                        prop => ToObject(prop.Value),
                                        StringComparer.OrdinalIgnoreCase);
        case JTokenType.Array:
            return token.Select(ToObject).ToList();
        case JTokenType.Null:
            return null;
        default:
            if(((JValue)token).Value.ToString().Contains("password"))
            {
                ViewBag.Id = true;
                return ((JValue)token).Value;
            }
            if(((JProperty)token.Parent).Name== "value" && ViewBag.Id!=null)
            {
                if(ViewBag.Id)
                {
                    ViewBag.Id = false;
                    return "XXXXX";
                }
                return ((JValue)token).Value;
            }
            return ((JValue)token).Value;
    }
}

BTW,your provided json is not correct,it should be like below:

{
  "type": "CatalogResourceRequest",
  "description": null,
  "reasons": null,
  "data": {
    "customProperties": [
      {

        "data": {
          "id": "CloneFrom",
          "is_hidden": false,
          "value": "TMPLABC"
        }
      },
      {

        "data": {
          "id": "Debug",
          "is_hidden": false,
          "value": false
        }
      },
      {
        "data": {
          "id": "abc_password",
          "is_hidden": false,
          "value": "This_Is_Password_To_Be_Masked"
        }
      },
      {
        "data": {
          "id": "password_of_user1",
          "is_hidden": false,
          "value": "This_Is_Password_To_Be_Masked_Also"
        }
      }
    ]
  }
}