chore(codeql): fix codeql findings

eclipse-tractusx · Feb 29, 2024 · 04c1ffc · 04c1ffc
1 parent 58a8af8
commit 04c1ffc
Show file tree

Hide file tree

Showing 22 changed files with 226 additions and 137 deletions.
diff --git a/src/administration/Administration.Service/BusinessLogic/UserBusinessLogic.cs b/src/administration/Administration.Service/BusinessLogic/UserBusinessLogic.cs
@@ -123,13 +123,13 @@ private async IAsyncEnumerable<string> CreateOwnCompanyUsersInternalAsync(IEnume
 
         var companyDisplayName = await _userProvisioningService.GetIdentityProviderDisplayName(companyNameIdpAliasData.IdpAlias).ConfigureAwait(false);
 
-        await foreach (var (_, userName, password, error) in _userProvisioningService.CreateOwnCompanyIdpUsersAsync(companyNameIdpAliasData, userCreationInfoIdps).ConfigureAwait(false))
+        await foreach (var (companyUserId, userName, password, error) in _userProvisioningService.CreateOwnCompanyIdpUsersAsync(companyNameIdpAliasData, userCreationInfoIdps).ConfigureAwait(false))
         {
             var email = emailData[userName];
 
             if (error != null)
             {
-                _logger.LogError(error, "Error while creating user {UserName} ({Email})", userName, email);
+                _logger.LogError(error, "Error while creating user {companyUserId}", companyUserId);
                 continue;
             }
 
@@ -148,7 +148,7 @@ private async IAsyncEnumerable<string> CreateOwnCompanyUsersInternalAsync(IEnume
             }
             catch (Exception e)
             {
-                _logger.LogError(e, "Error sending email to {Email} after creating user {UserName}", email, userName);
+                _logger.LogError(e, "Error sending email after creating user {companyUserId}", companyUserId);
             }
 
             yield return email;
@@ -220,7 +220,7 @@ public async Task<Guid> CreateOwnCompanyIdpUserAsync(Guid identityProviderId, Us
         }
         catch (Exception e)
         {
-            _logger.LogError(e, "Error sending email to {Email} after creating user {UserName}", userCreationInfo.Email, userCreationInfo.UserName);
+            _logger.LogError(e, "Error sending email after creating user {CompanyUserId}", result.CompanyUserId);
         }
 
         return result.CompanyUserId;

diff --git a/src/administration/Administration.Service/BusinessLogic/UserRolesBusinessLogic.cs b/src/administration/Administration.Service/BusinessLogic/UserRolesBusinessLogic.cs
@@ -202,13 +202,14 @@ await _provisioningManager.AssignClientRolesToCentralUserAsync(iamUserId, client
             // Assign the roles in keycloak, check if all roles were added foreach client, if not throw an exception with the client and the roles that were not assigned. 
             .Select(assigned => (
                 Client: assigned.Client,
-                UnassingedRoles: rolesToAdd.ExceptBy(assigned.Roles, toAdd => toAdd.CompanyUserRoleText)))
+                UnassingedRoles: rolesToAdd.ExceptBy(assigned.Roles, toAdd => toAdd.CompanyUserRoleText),
+                Error: assigned.Error))
             .Where(x => x.UnassingedRoles.Any())
             .IfAny(async unassigned =>
                 throw new ServiceException($"The following roles could not be added to the clients: \n {string.Join(
                         "\n",
                         await unassigned
-                            .Select(item => $"Client: {item.Client}, Roles: {string.Join(", ", item.UnassingedRoles.Select(r => r.CompanyUserRoleText))}")
+                            .Select(item => $"Client: {item.Client}, Roles: {string.Join(", ", item.UnassingedRoles.Select(r => r.CompanyUserRoleText))}, Error: {item.Error?.Message}")
                             .ToListAsync()
                             .ConfigureAwait(false))}"))
             .ConfigureAwait(false);

diff --git a/src/keycloak/Keycloak.Library/AuthenticationManagement/KeycloakClient.cs b/src/keycloak/Keycloak.Library/AuthenticationManagement/KeycloakClient.cs
@@ -116,25 +116,31 @@ public async Task CreateAuthenticationExecutionConfigurationAsync(string realm,
             .PostJsonAsync(authenticatorConfig, cancellationToken)
             .ConfigureAwait(false);
 
-    public async Task LowerAuthenticationExecutionPriorityAsync(string realm, string executionId) =>
+    public async Task LowerAuthenticationExecutionPriorityAsync(string realm, string executionId)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/authentication/executions/")
             .AppendPathSegment(executionId, true)
             .AppendPathSegment("/lower-priority")
-            .PostAsync(new StringContent(""))
+            .PostAsync(stringContent)
             .ConfigureAwait(false);
+    }
 
-    public async Task RaiseAuthenticationExecutionPriorityAsync(string realm, string executionId) =>
+    public async Task RaiseAuthenticationExecutionPriorityAsync(string realm, string executionId)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/authentication/executions/")
             .AppendPathSegment(executionId, true)
             .AppendPathSegment("/raise-priority")
-            .PostAsync(new StringContent(""))
+            .PostAsync(stringContent)
             .ConfigureAwait(false);
+    }
 
     public async Task CreateAuthenticationFlowAsync(string realm, AuthenticationFlow authenticationFlow, CancellationToken cancellationToken = default) =>
         await (await GetBaseUrlAsync(realm, cancellationToken).ConfigureAwait(false))
@@ -316,25 +322,31 @@ public async Task DeleteRequiredActionAsync(string realm, string requiredActionA
             .DeleteAsync()
             .ConfigureAwait(false);
 
-    public async Task LowerRequiredActionPriorityAsync(string realm, string requiredActionAlias) =>
+    public async Task LowerRequiredActionPriorityAsync(string realm, string requiredActionAlias)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/authentication/required-actions/")
             .AppendPathSegment(requiredActionAlias, true)
             .AppendPathSegment("/lower-priority")
-            .PostAsync(new StringContent(""))
+            .PostAsync(stringContent)
             .ConfigureAwait(false);
+    }
 
-    public async Task RaiseRequiredActionPriorityAsync(string realm, string requiredActionAlias) =>
+    public async Task RaiseRequiredActionPriorityAsync(string realm, string requiredActionAlias)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/authentication/required-actions/")
             .AppendPathSegment(requiredActionAlias, true)
             .AppendPathSegment("/raise-priority")
-            .PostAsync(new StringContent(""))
+            .PostAsync(stringContent)
             .ConfigureAwait(false);
+    }
 
     public async Task<IEnumerable<IDictionary<string, object>>> GetUnregisteredRequiredActionsAsync(string realm) =>
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))

diff --git a/src/keycloak/Keycloak.Library/ClientAttributeCertificate/KeycloakClient.cs b/src/keycloak/Keycloak.Library/ClientAttributeCertificate/KeycloakClient.cs
@@ -53,17 +53,21 @@ public async Task<byte[]> GetKeyStoreForClientAsync(string realm, string clientI
         .ReceiveBytes()
         .ConfigureAwait(false);
 
-    public async Task<Certificate> GenerateCertificateWithNewKeyPairAsync(string realm, string clientId, string attribute) => await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
-        .AppendPathSegment("/admin/realms/")
-        .AppendPathSegment(realm, true)
-        .AppendPathSegment("/clients/")
-        .AppendPathSegment(clientId, true)
-        .AppendPathSegment("/certificates/")
-        .AppendPathSegment(attribute, true)
-        .AppendPathSegment("/generate")
-        .PostAsync(new StringContent(""))
-        .ReceiveJson<Certificate>()
-        .ConfigureAwait(false);
+    public async Task<Certificate> GenerateCertificateWithNewKeyPairAsync(string realm, string clientId, string attribute)
+    {
+        using var stringContent = new StringContent("");
+        return await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
+            .AppendPathSegment("/admin/realms/")
+            .AppendPathSegment(realm, true)
+            .AppendPathSegment("/clients/")
+            .AppendPathSegment(clientId, true)
+            .AppendPathSegment("/certificates/")
+            .AppendPathSegment(attribute, true)
+            .AppendPathSegment("/generate")
+            .PostAsync(stringContent)
+            .ReceiveJson<Certificate>()
+            .ConfigureAwait(false);
+    }
 
     public async Task<byte[]> GenerateCertificateWithNewKeyPairAndGetKeyStoreAsync(string realm, string clientId, string attribute, KeyStoreConfig keyStoreConfig) => await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
         .AppendPathSegment("/admin/realms/")

diff --git a/src/keycloak/Keycloak.Library/Clients/KeycloakClient.cs b/src/keycloak/Keycloak.Library/Clients/KeycloakClient.cs
@@ -99,16 +99,19 @@ public async Task DeleteClientAsync(string realm, string clientId) =>
             .DeleteAsync()
             .ConfigureAwait(false);
 
-    public async Task<Credentials> GenerateClientSecretAsync(string realm, string clientId) =>
-        await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
+    public async Task<Credentials> GenerateClientSecretAsync(string realm, string clientId)
+    {
+        using var stringContent = new StringContent("");
+        return await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/clients/")
             .AppendPathSegment(clientId, true)
             .AppendPathSegment("/client-secret")
-            .PostJsonAsync(new StringContent(""))
+            .PostJsonAsync(stringContent)
             .ReceiveJson<Credentials>()
             .ConfigureAwait(false);
+    }
 
     public async Task<Credentials> GetClientSecretAsync(string realm, string clientId) =>
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
@@ -130,17 +133,19 @@ public async Task<IEnumerable<ClientScope>> GetDefaultClientScopesAsync(string r
             .GetJsonAsync<IEnumerable<ClientScope>>()
             .ConfigureAwait(false);
 
-    public async Task UpdateDefaultClientScopeAsync(string realm, string clientId, string clientScopeId) =>
+    public async Task UpdateDefaultClientScopeAsync(string realm, string clientId, string clientScopeId)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/clients/")
             .AppendPathSegment(clientId, true)
             .AppendPathSegment("/default-client-scopes/")
             .AppendPathSegment(clientScopeId, true)
-            .PutAsync(new StringContent(""))
+            .PutAsync(stringContent)
             .ConfigureAwait(false);
-
+    }
     public async Task DeleteDefaultClientScopeAsync(string realm, string clientId, string clientScopeId) =>
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
@@ -326,16 +331,19 @@ public async Task<IEnumerable<ClientScope>> GetOptionalClientScopesAsync(string
             .GetJsonAsync<IEnumerable<ClientScope>>()
             .ConfigureAwait(false);
 
-    public async Task UpdateOptionalClientScopeAsync(string realm, string clientId, string clientScopeId) =>
+    public async Task UpdateOptionalClientScopeAsync(string realm, string clientId, string clientScopeId)
+    {
+        using var stringContent = new StringContent("");
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/clients/")
             .AppendPathSegment(clientId, true)
             .AppendPathSegment("/optional-client-scopes/")
             .AppendPathSegment(clientScopeId, true)
-            .PutAsync(new StringContent(""))
+            .PutAsync(stringContent)
             .ConfigureAwait(false);
+    }
 
     public async Task DeleteOptionalClientScopeAsync(string realm, string clientId, string clientScopeId) =>
         await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
@@ -348,27 +356,33 @@ public async Task DeleteOptionalClientScopeAsync(string realm, string clientId,
             .DeleteAsync()
             .ConfigureAwait(false);
 
-    public async Task<GlobalRequestResult> PushClientRevocationPolicyAsync(string realm, string clientId) =>
-        await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
+    public async Task<GlobalRequestResult> PushClientRevocationPolicyAsync(string realm, string clientId)
+    {
+        using var stringContent = new StringContent("");
+        return await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/clients/")
             .AppendPathSegment(clientId, true)
             .AppendPathSegment("/push-revocation")
-            .PostAsync(new StringContent(""))
+            .PostAsync(stringContent)
             .ReceiveJson<GlobalRequestResult>()
             .ConfigureAwait(false);
+    }
 
-    public async Task<Client> GenerateClientRegistrationAccessTokenAsync(string realm, string clientId) =>
-        await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
+    public async Task<Client> GenerateClientRegistrationAccessTokenAsync(string realm, string clientId)
+    {
+        using var stringContent = new StringContent("");
+        return await (await GetBaseUrlAsync(realm).ConfigureAwait(false))
             .AppendPathSegment("/admin/realms/")
             .AppendPathSegment(realm, true)
             .AppendPathSegment("/clients/")
             .AppendPathSegment(clientId, true)
             .AppendPathSegment("/registration-access-token")
-            .PostJsonAsync(new StringContent(""))
+            .PostJsonAsync(stringContent)
             .ReceiveJson<Client>()
             .ConfigureAwait(false);
+    }
 
     // [Obsolete("Not working yet")] - seems to work fine?
     public async Task<User> GetUserForServiceAccountAsync(string realm, string clientId) =>