Update Microsoft.Security.Utilities.Core from v1.17.0 to v1.18.0

nguerrera · nguerrera · commit d0bcce139b0c · 2025-05-29T14:18:27.000-05:00
Release Notes: https://github.com/microsoft/security-utilities/blob/release/v1.18.0/docs/ReleaseHistory.md
diff --git a/src/Agent.Sdk/Agent.Sdk.csproj b/src/Agent.Sdk/Agent.Sdk.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Security.Utilities.Core" Version="1.17.0" />
+    <PackageReference Include="Microsoft.Security.Utilities.Core" Version="1.18.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="System.IO.FileSystem.AccessControl" Version="6.0.0-preview.5.21301.5" />
     <PackageReference Include="System.Management" Version="4.7.0" />
diff --git a/src/Agent.Sdk/SecretMasking/ILoggedSecretMasker.cs b/src/Agent.Sdk/SecretMasking/ILoggedSecretMasker.cs
@@ -3,21 +3,21 @@
 
 using System;
 
-using Microsoft.TeamFoundation.DistributedTask.Logging;
-
 namespace Agent.Sdk.SecretMasking
 {
     /// <summary>
     /// Extended ISecretMasker interface that adds support for logging the origin of
     /// regexes, encoders and literal secret values.
     /// </summary>
-    public interface ILoggedSecretMasker : ISecretMasker, IDisposable
+    public interface ILoggedSecretMasker : IDisposable
     {
-        static int MinSecretLengthLimit { get; }
+        int MinSecretLength { get; set; }
 
-        void AddRegex(String pattern, string origin);
-        void AddValue(String value, string origin);
-        void AddValueEncoder(ValueEncoder encoder, string origin);
+        void AddRegex(string pattern, string origin);
+        void AddValue(string value, string origin);
+        void AddValueEncoder(Func<string, string> encoder, string origin);
+        string MaskSecrets(string input);
+        void RemoveShortSecretsFromDictionary();
         void SetTrace(ITraceWriter trace);
     }
 }
diff --git a/src/Agent.Sdk/SecretMasking/IRawSecretMasker.cs b/src/Agent.Sdk/SecretMasking/IRawSecretMasker.cs
@@ -0,0 +1,21 @@
+﻿// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+using System;
+
+namespace Agent.Sdk.SecretMasking
+{
+    /// <summary>
+    /// Rerpresents a raw secret masker without the features that <see
+    /// cref="ILoggedSecretMasker"/> adds.
+    /// </summary>
+    public interface IRawSecretMasker : IDisposable
+    {
+        int MinSecretLength { get; set; }
+
+        void AddRegex(string pattern);
+        void AddValue(string value);
+        void AddValueEncoder(Func<string, string> encoder);
+        string MaskSecrets(string input);
+        void RemoveShortSecretsFromDictionary();
+    }
+}
diff --git a/src/Agent.Sdk/SecretMasking/LegacySecretMasker.cs b/src/Agent.Sdk/SecretMasking/LegacySecretMasker.cs
@@ -0,0 +1,54 @@
+﻿// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+using System;
+
+using Microsoft.TeamFoundation.DistributedTask.Logging;
+
+namespace Agent.Sdk.SecretMasking
+{
+    /// <summary>
+    /// Legacy secret masker that dispatches to <see cref="SecretMasker"/> from
+    /// 'Microsoft.TeamFoundation.DistributedTask.Logging'.
+    /// </summary>
+    public sealed class LegacySecretMasker : IRawSecretMasker
+    {
+        private SecretMasker _secretMasker = new();
+
+        public int MinSecretLength
+        {
+            get => _secretMasker.MinSecretLength;
+            set => _secretMasker.MinSecretLength = value;
+        }
+
+        public void AddRegex(string pattern)
+        {
+            _secretMasker.AddRegex(pattern);
+        }
+
+        public void AddValue(string value)
+        {
+            _secretMasker.AddValue(value);
+        }
+
+        public void AddValueEncoder(Func<string, string> encoder)
+        {
+            _secretMasker.AddValueEncoder(x => encoder(x));
+        }
+
+        public void Dispose()
+        {
+            _secretMasker?.Dispose();
+            _secretMasker = null;
+        }
+
+        public string MaskSecrets(string input)
+        {
+            return _secretMasker.MaskSecrets(input);
+        }
+
+        public void RemoveShortSecretsFromDictionary()
+        {
+            _secretMasker.RemoveShortSecretsFromDictionary();
+        }
+    }
+}
diff --git a/src/Agent.Sdk/SecretMasking/LoggedSecretMasker.cs b/src/Agent.Sdk/SecretMasking/LoggedSecretMasker.cs
@@ -3,31 +3,28 @@
 // Licensed under the MIT License.
 using System;
 
-using Microsoft.TeamFoundation.DistributedTask.Logging;
-
 namespace Agent.Sdk.SecretMasking
 {
     /// <summary>
     /// Extended secret masker service that allows specifying the origin of any
-    /// masking operation. It works by wrapping an existing ISecretMasker
+    /// masking operation. It works by wrapping an existing IRawSecretMasker
     /// implementation and an optionally settable ITraceWriter instance for
     /// secret origin logging operations. In the agent today, this class can be
-    /// initialized with two distinct ISecretMasker implementations, the one
+    /// initialized with two distinct IRawSecretMasker implementations, the one
     /// that ships in VSO itself, and the official Microsoft open source secret
     /// masker, implemented at https://github/microsoft/security-utilities.
     /// </summary>
     public class LoggedSecretMasker : ILoggedSecretMasker
     {
-        private ISecretMasker _secretMasker;
+        private IRawSecretMasker _secretMasker;
         private ITraceWriter _trace;
 
-
         private void Trace(string msg)
         {
             this._trace?.Info(msg);
         }
 
-        public LoggedSecretMasker(ISecretMasker secretMasker)
+        public LoggedSecretMasker(IRawSecretMasker secretMasker)
         {
             this._secretMasker = secretMasker;
         }
@@ -111,18 +108,17 @@ public void RemoveShortSecretsFromDictionary()
             _secretMasker.RemoveShortSecretsFromDictionary();
         }
 
-        public void AddValueEncoder(ValueEncoder encoder)
+        public void AddValueEncoder(Func<string, string> encoder)
         {
             this._secretMasker.AddValueEncoder(encoder);
         }
 
-
         /// <summary>
         /// Overloading of AddValueEncoder method with additional logic for logging origin of provided secret
         /// </summary>
         /// <param name="encoder"></param>
         /// <param name="origin"></param>
-        public void AddValueEncoder(ValueEncoder encoder, string origin)
+        public void AddValueEncoder(Func<string, string> encoder, string origin)
         {
             this.Trace($"Setting up value for origin: {origin}");
             if (encoder == null)
@@ -134,18 +130,11 @@ public void AddValueEncoder(ValueEncoder encoder, string origin)
             AddValueEncoder(encoder);
         }
 
-        public LoggedSecretMasker Clone()
-        {
-            return new LoggedSecretMasker(this._secretMasker.Clone());
-        }
-
         public string MaskSecrets(string input)
         {
             return this._secretMasker.MaskSecrets(input);
         }
 
-        ISecretMasker ISecretMasker.Clone() => this.Clone();
-
         public void Dispose()
         {
             Dispose(true);
diff --git a/src/Agent.Sdk/SecretMasking/OssSecretMasker.cs b/src/Agent.Sdk/SecretMasking/OssSecretMasker.cs
@@ -5,12 +5,10 @@
 using System.Text.RegularExpressions;
 using Microsoft.Security.Utilities;
 
-using ISecretMasker = Microsoft.TeamFoundation.DistributedTask.Logging.ISecretMasker;
-using ValueEncoder = Microsoft.TeamFoundation.DistributedTask.Logging.ValueEncoder;
 
 namespace Agent.Sdk.SecretMasking;
 
-public sealed class OssSecretMasker : ISecretMasker, IDisposable
+public sealed class OssSecretMasker : IRawSecretMasker
 {
     private SecretMasker _secretMasker;
 
@@ -24,10 +22,6 @@ public OssSecretMasker(IEnumerable<RegexPattern> patterns)
         _secretMasker.DefaultRegexRedactionToken = "***";
     }
 
-    private OssSecretMasker(OssSecretMasker copy)
-    {
-        _secretMasker = copy._secretMasker.Clone();
-    }
 
     /// <summary>
     /// This property allows to set the minimum length of a secret for masking
@@ -70,13 +64,11 @@ public void AddValue(string test)
     /// <summary>
     /// This implementation assumes no more than one thread is adding regexes, values, or encoders at any given time.
     /// </summary>
-    public void AddValueEncoder(ValueEncoder encoder)
+    public void AddValueEncoder(Func<string, string> encoder)
     {
        _secretMasker.AddLiteralEncoder(x => encoder(x));
     }
 
-    public OssSecretMasker Clone() => new OssSecretMasker(this);
-
     public void Dispose()
     {
         _secretMasker?.Dispose();
@@ -152,6 +144,4 @@ public void RemoveShortSecretsFromDictionary()
             }
         }
     }
-
-    ISecretMasker ISecretMasker.Clone() => this.Clone();
 }
diff --git a/src/Agent.Worker/ContainerOperationProvider.cs b/src/Agent.Worker/ContainerOperationProvider.cs
@@ -298,7 +298,7 @@ private async Task<string> GetAcrPasswordFromAADToken(IExecutionContext executio
             }
 
             // Mark retrieved password as secret
-            HostContext.SecretMasker.AddValue(AcrPassword);
+            HostContext.SecretMasker.AddValue(AcrPassword, origin: "AcrPassword");
 
             return AcrPassword;
         }
diff --git a/src/Agent.Worker/ExpressionManager.cs b/src/Agent.Worker/ExpressionManager.cs
@@ -52,7 +52,14 @@ public ConditionResult Evaluate(IExecutionContext executionContext, IExpressionN
             ConditionResult result = new ConditionResult();
             var expressionTrace = new TraceWriter(Trace, hostTracingOnly ? null : executionContext);
 
-            result.Value = tree.Evaluate<bool>(trace: expressionTrace, secretMasker: HostContext.SecretMasker, state: executionContext);
+            // NOTE: We pass null for the secretMasker here because the trace
+            // that we pass will handle secret masking as will upstream
+            // exception handlers. It would therefore be redundant for
+            // IExpressionNode.Evaluate to perform secret masking. Furthermore,
+            // IExpressionNode.Evaluate requires an implementation of the server
+            // ISecretMasker interface that the agent secret masker does not
+            // implement as the agent secret masker cannot support cloning.
+            result.Value = tree.Evaluate<bool>(trace: expressionTrace, secretMasker: null, state: executionContext);
             result.Trace = expressionTrace.Trace;
 
             return result;
diff --git a/src/Microsoft.VisualStudio.Services.Agent/HostContext.cs b/src/Microsoft.VisualStudio.Services.Agent/HostContext.cs
@@ -23,8 +23,6 @@
 using Agent.Sdk.Util;
 using Microsoft.TeamFoundation.DistributedTask.Logging;
 using Microsoft.Security.Utilities;
-using LegacySecretMasker = Microsoft.TeamFoundation.DistributedTask.Logging.SecretMasker;
-using ISecretMasker = Microsoft.TeamFoundation.DistributedTask.Logging.ISecretMasker;
 
 namespace Microsoft.VisualStudio.Services.Agent
 {
@@ -179,7 +177,7 @@ private ILoggedSecretMasker CreateSecretMasker()
             bool enableNewMaskerAndRegexes = AgentKnobs.EnableNewMaskerAndRegexes.GetValue(this).AsBoolean();
 
 #pragma warning disable CA2000 // Dispose objects before losing scope. False positive: LoggedSecretMasker takes ownership.
-            ISecretMasker rawSecretMasker;
+            IRawSecretMasker rawSecretMasker;
             if (enableNewMaskerAndRegexes)
             {
                 rawSecretMasker = new OssSecretMasker(WellKnownRegexPatterns.PreciselyClassifiedSecurityKeys);
diff --git a/src/Microsoft.VisualStudio.Services.Agent/TraceManager.cs b/src/Microsoft.VisualStudio.Services.Agent/TraceManager.cs
@@ -5,7 +5,7 @@
 using System;
 using System.Collections.Concurrent;
 using System.Diagnostics;
-using Microsoft.TeamFoundation.DistributedTask.Logging;
+using Agent.Sdk.SecretMasking;
 
 namespace Microsoft.VisualStudio.Services.Agent
 {
@@ -20,14 +20,14 @@ public sealed class TraceManager : ITraceManager
         private readonly ConcurrentDictionary<string, Tracing> _sources = new ConcurrentDictionary<string, Tracing>(StringComparer.OrdinalIgnoreCase);
         private readonly HostTraceListener _hostTraceListener;
         private TraceSetting _traceSetting;
-        private ISecretMasker _secretMasker;
+        private ILoggedSecretMasker _secretMasker;
 
-        public TraceManager(HostTraceListener traceListener, ISecretMasker secretMasker)
+        public TraceManager(HostTraceListener traceListener, ILoggedSecretMasker secretMasker)
             : this(traceListener, new TraceSetting(), secretMasker)
         {
         }
 
-        public TraceManager(HostTraceListener traceListener, TraceSetting traceSetting, ISecretMasker secretMasker)
+        public TraceManager(HostTraceListener traceListener, TraceSetting traceSetting, ILoggedSecretMasker secretMasker)
         {
             // Validate and store params.
             ArgUtil.NotNull(traceListener, nameof(traceListener));
diff --git a/src/Microsoft.VisualStudio.Services.Agent/Tracing.cs b/src/Microsoft.VisualStudio.Services.Agent/Tracing.cs
@@ -8,16 +8,16 @@
 using System.Diagnostics;
 using System.Runtime.CompilerServices;
 using Agent.Sdk;
-using Microsoft.TeamFoundation.DistributedTask.Logging;
+using Agent.Sdk.SecretMasking;
 
 namespace Microsoft.VisualStudio.Services.Agent
 {
     public sealed class Tracing : ITraceWriter, IDisposable
     {
-        private ISecretMasker _secretMasker;
+        private ILoggedSecretMasker _secretMasker;
         private TraceSource _traceSource;
 
-        public Tracing(string name, ISecretMasker secretMasker, SourceSwitch sourceSwitch, HostTraceListener traceListener)
+        public Tracing(string name, ILoggedSecretMasker secretMasker, SourceSwitch sourceSwitch, HostTraceListener traceListener)
         {
             ArgUtil.NotNull(secretMasker, nameof(secretMasker));
             _secretMasker = secretMasker;
diff --git a/src/Test/L0/HostContextL0.cs b/src/Test/L0/HostContextL0.cs
@@ -229,6 +229,23 @@ public void NonSecrets_LegacyMasker_NotMasked(string input, string expected)
             TestSecretMasking(input, expected, useNewMaskerAndRegexes: false);
         }
 
+        [Theory]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Common")]
+        [MemberData(nameof(SecretsRequiringNewMasker_NewMasker))]
+        public void UserSecretsThatMatchOSSRules_NewMasker_MaskWithStarsNotId(string secret, string expectedIfNotAlsoALiteral)
+        {
+            _ = expectedIfNotAlsoALiteral; // Unused since this is not the expectatation in this case.
+
+            string input = $"The secret is '{secret}', mask it with stars even if it matches a rule.";
+            string expected = "The secret is '***', mask it with stars even if it matches a rule.";
+
+            TestSecretMasking(input,
+                              expected,
+                              useNewMaskerAndRegexes: true,
+                              values: new[] { secret });
+        }
+
         public sealed class SecretCases : TheoryData<string, string>
         {
             public SecretCases((string, string)[] cases, bool useNewMaskerAndRegexes, bool requireNewMaskerAndRegexes = false)
@@ -262,7 +279,7 @@ private void TestSecretMasking(string input, string expected, bool useNewMaskerA
                     {
                         foreach (string value in values)
                         {
-                            _hc.SecretMasker.AddValue(value);
+                            _hc.SecretMasker.AddValue(value, origin: "Test");
                         }
                     }
 
diff --git a/src/Test/L0/Plugin/RepositoryPluginL0.cs b/src/Test/L0/Plugin/RepositoryPluginL0.cs
diff --git a/src/Test/L0/SecretMaskerTests/LoggedSecretMaskerL0.cs b/src/Test/L0/SecretMaskerTests/LoggedSecretMaskerL0.cs
diff --git a/src/Test/L0/SecretMaskerTests/SecretMaskerL0.cs b/src/Test/L0/SecretMaskerTests/SecretMaskerL0.cs
diff --git a/src/Test/L0/TestHostContext.cs b/src/Test/L0/TestHostContext.cs
diff --git a/src/Test/L0/Worker/ExpressionManagerL0.cs b/src/Test/L0/Worker/ExpressionManagerL0.cs

Original file line number	Diff line number	Diff line change
`@@ -3,31 +3,28 @@`
`3`	`3`	`// Licensed under the MIT License.`
`4`	`4`	`using System;`
`5`	`5`
`6`		`-using Microsoft.TeamFoundation.DistributedTask.Logging;`
`7`		`-`
`8`	`6`	`namespace Agent.Sdk.SecretMasking`
`9`	`7`	`{`
`10`	`8`	`/// <summary>`
`11`	`9`	`/// Extended secret masker service that allows specifying the origin of any`
`12`		`- /// masking operation. It works by wrapping an existing ISecretMasker`
	`10`	`+ /// masking operation. It works by wrapping an existing IRawSecretMasker`
`13`	`11`	`/// implementation and an optionally settable ITraceWriter instance for`
`14`	`12`	`/// secret origin logging operations. In the agent today, this class can be`
`15`		`- /// initialized with two distinct ISecretMasker implementations, the one`
	`13`	`+ /// initialized with two distinct IRawSecretMasker implementations, the one`
`16`	`14`	`/// that ships in VSO itself, and the official Microsoft open source secret`
`17`	`15`	`/// masker, implemented at https://github/microsoft/security-utilities.`
`18`	`16`	`/// </summary>`
`19`	`17`	`public class LoggedSecretMasker : ILoggedSecretMasker`
`20`	`18`	`{`
`21`		`- private ISecretMasker _secretMasker;`
	`19`	`+ private IRawSecretMasker _secretMasker;`
`22`	`20`	`private ITraceWriter _trace;`
`23`	`21`
`24`		`-`
`25`	`22`	`private void Trace(string msg)`
`26`	`23`	`{`
`27`	`24`	`this._trace?.Info(msg);`
`28`	`25`	`}`
`29`	`26`
`30`		`- public LoggedSecretMasker(ISecretMasker secretMasker)`
	`27`	`+ public LoggedSecretMasker(IRawSecretMasker secretMasker)`
`31`	`28`	`{`
`32`	`29`	`this._secretMasker = secretMasker;`
`33`	`30`	`}`
`@@ -111,18 +108,17 @@ public void RemoveShortSecretsFromDictionary()`
`111`	`108`	`_secretMasker.RemoveShortSecretsFromDictionary();`
`112`	`109`	`}`
`113`	`110`
`114`		`- public void AddValueEncoder(ValueEncoder encoder)`
	`111`	`+ public void AddValueEncoder(Func<string, string> encoder)`
`115`	`112`	`{`
`116`	`113`	`this._secretMasker.AddValueEncoder(encoder);`
`117`	`114`	`}`
`118`	`115`
`119`		`-`
`120`	`116`	`/// <summary>`
`121`	`117`	`/// Overloading of AddValueEncoder method with additional logic for logging origin of provided secret`
`122`	`118`	`/// </summary>`
`123`	`119`	`/// <param name="encoder"></param>`
`124`	`120`	`/// <param name="origin"></param>`
`125`		`- public void AddValueEncoder(ValueEncoder encoder, string origin)`
	`121`	`+ public void AddValueEncoder(Func<string, string> encoder, string origin)`
`126`	`122`	`{`
`127`	`123`	`this.Trace($"Setting up value for origin: {origin}");`
`128`	`124`	`if (encoder == null)`
`@@ -134,18 +130,11 @@ public void AddValueEncoder(ValueEncoder encoder, string origin)`
`134`	`130`	`AddValueEncoder(encoder);`
`135`	`131`	`}`
`136`	`132`
`137`		`- public LoggedSecretMasker Clone()`
`138`		`- {`
`139`		`- return new LoggedSecretMasker(this._secretMasker.Clone());`
`140`		`- }`
`141`		`-`
`142`	`133`	`public string MaskSecrets(string input)`
`143`	`134`	`{`
`144`	`135`	`return this._secretMasker.MaskSecrets(input);`
`145`	`136`	`}`
`146`	`137`
`147`		`- ISecretMasker ISecretMasker.Clone() => this.Clone();`
`148`		`-`
`149`	`138`	`public void Dispose()`
`150`	`139`	`{`
`151`	`140`	`Dispose(true);`
Original file line number	Diff line number	Diff line change
`@@ -5,12 +5,10 @@`
`5`	`5`	`using System.Text.RegularExpressions;`
`6`	`6`	`using Microsoft.Security.Utilities;`
`7`	`7`
`8`		`-using ISecretMasker = Microsoft.TeamFoundation.DistributedTask.Logging.ISecretMasker;`
`9`		`-using ValueEncoder = Microsoft.TeamFoundation.DistributedTask.Logging.ValueEncoder;`
`10`	`8`
`11`	`9`	`namespace Agent.Sdk.SecretMasking;`
`12`	`10`
`13`		`-public sealed class OssSecretMasker : ISecretMasker, IDisposable`
	`11`	`+public sealed class OssSecretMasker : IRawSecretMasker`
`14`	`12`	`{`
`15`	`13`	`private SecretMasker _secretMasker;`
`16`	`14`
`@@ -24,10 +22,6 @@ public OssSecretMasker(IEnumerable<RegexPattern> patterns)`
`24`	`22`	`_secretMasker.DefaultRegexRedactionToken = "***";`
`25`	`23`	`}`
`26`	`24`
`27`		`- private OssSecretMasker(OssSecretMasker copy)`
`28`		`- {`
`29`		`- _secretMasker = copy._secretMasker.Clone();`
`30`		`- }`
`31`	`25`
`32`	`26`	`/// <summary>`
`33`	`27`	`/// This property allows to set the minimum length of a secret for masking`
`@@ -70,13 +64,11 @@ public void AddValue(string test)`
`70`	`64`	`/// <summary>`
`71`	`65`	`/// This implementation assumes no more than one thread is adding regexes, values, or encoders at any given time.`
`72`	`66`	`/// </summary>`
`73`		`- public void AddValueEncoder(ValueEncoder encoder)`
	`67`	`+ public void AddValueEncoder(Func<string, string> encoder)`
`74`	`68`	`{`
`75`	`69`	`_secretMasker.AddLiteralEncoder(x => encoder(x));`
`76`	`70`	`}`
`77`	`71`
`78`		`- public OssSecretMasker Clone() => new OssSecretMasker(this);`
`79`		`-`
`80`	`72`	`public void Dispose()`
`81`	`73`	`{`
`82`	`74`	`_secretMasker?.Dispose();`
`@@ -152,6 +144,4 @@ public void RemoveShortSecretsFromDictionary()`
`152`	`144`	`}`
`153`	`145`	`}`
`154`	`146`	`}`
`155`		`-`
`156`		`- ISecretMasker ISecretMasker.Clone() => this.Clone();`
`157`	`147`	`}`
Original file line number	Diff line number	Diff line change
`@@ -298,7 +298,7 @@ private async Task<string> GetAcrPasswordFromAADToken(IExecutionContext executio`
`298`	`298`	`}`
`299`	`299`
`300`	`300`	`// Mark retrieved password as secret`
`301`		`- HostContext.SecretMasker.AddValue(AcrPassword);`
	`301`	`+ HostContext.SecretMasker.AddValue(AcrPassword, origin: "AcrPassword");`
`302`	`302`
`303`	`303`	`return AcrPassword;`
`304`	`304`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`using System;`
`6`	`6`	`using System.Collections.Concurrent;`
`7`	`7`	`using System.Diagnostics;`
`8`		`-using Microsoft.TeamFoundation.DistributedTask.Logging;`
	`8`	`+using Agent.Sdk.SecretMasking;`
`9`	`9`
`10`	`10`	`namespace Microsoft.VisualStudio.Services.Agent`
`11`	`11`	`{`
`@@ -20,14 +20,14 @@ public sealed class TraceManager : ITraceManager`
`20`	`20`	`private readonly ConcurrentDictionary<string, Tracing> _sources = new ConcurrentDictionary<string, Tracing>(StringComparer.OrdinalIgnoreCase);`
`21`	`21`	`private readonly HostTraceListener _hostTraceListener;`
`22`	`22`	`private TraceSetting _traceSetting;`
`23`		`- private ISecretMasker _secretMasker;`
	`23`	`+ private ILoggedSecretMasker _secretMasker;`
`24`	`24`
`25`		`- public TraceManager(HostTraceListener traceListener, ISecretMasker secretMasker)`
	`25`	`+ public TraceManager(HostTraceListener traceListener, ILoggedSecretMasker secretMasker)`
`26`	`26`	`: this(traceListener, new TraceSetting(), secretMasker)`
`27`	`27`	`{`
`28`	`28`	`}`
`29`	`29`
`30`		`- public TraceManager(HostTraceListener traceListener, TraceSetting traceSetting, ISecretMasker secretMasker)`
	`30`	`+ public TraceManager(HostTraceListener traceListener, TraceSetting traceSetting, ILoggedSecretMasker secretMasker)`
`31`	`31`	`{`
`32`	`32`	`// Validate and store params.`
`33`	`33`	`ArgUtil.NotNull(traceListener, nameof(traceListener));`