Skip to content

Commit

Permalink
Fix CodeQL warnings: Log entries created from user input
Browse files Browse the repository at this point in the history
  • Loading branch information
@pmachapman
pmachapman committed Dec 2, 2024
1 parent 681bff7 commit 3a0dcc4
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 12 deletions.
34 changes: 22 additions & 12 deletions src/SIL.XForge.Scripture/Services/MachineProjectService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,13 +157,16 @@ await projectSecrets.UpdateAsync(
{
// This will occur if the project is deleted while the job is running
string message =
$"Build DataNotFoundException occurred for project {buildConfig.ProjectId} running in background job.";
$"Build DataNotFoundException occurred for project {buildConfig.ProjectId.Sanitize()}"
+ " running in background job.";
logger.LogWarning(e, message);
}
catch (Exception e)
{
// Log the error and report to bugsnag
string message = $"Build exception occurred for project {buildConfig.ProjectId} running in background job.";
string message =
$"Build exception occurred for project {buildConfig.ProjectId.Sanitize()}"
+ " running in background job.";
logger.LogError(e, message);
exceptionHandler.ReportException(e);

Expand Down Expand Up @@ -268,7 +271,7 @@ CancellationToken cancellationToken
string translationEngineId = GetTranslationEngineId(projectSecret, preTranslate);
if (string.IsNullOrWhiteSpace(translationEngineId))
{
logger.LogInformation($"No Translation Engine Id specified for project {sfProjectId}");
logger.LogInformation($"No Translation Engine Id specified for project {sfProjectId.Sanitize()}");
return;
}

Expand Down Expand Up @@ -320,7 +323,9 @@ projectSecret.ServalData is not null
catch (ServalApiException e) when (e.StatusCode == StatusCodes.Status404NotFound)
{
// If the file was already deleted, just log a message
string message = $"Corpus {corpusId} in project {sfProjectId} was missing or already deleted.";
string message =
$"Corpus {corpusId.Sanitize()} in project {sfProjectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(e, message);
}
}
Expand All @@ -335,7 +340,9 @@ projectSecret.ServalData is not null
catch (ServalApiException e) when (e.StatusCode == StatusCodes.Status404NotFound)
{
// If the file was already deleted, just log a message
string message = $"File {fileId} in project {sfProjectId} was missing or already deleted.";
string message =
$"File {fileId.Sanitize()} in project {sfProjectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(e, message);
}
}
Expand All @@ -349,7 +356,8 @@ projectSecret.ServalData is not null
{
// If the file was already deleted, just log a message
string message =
$"Translation Engine {translationEngineId} in project {sfProjectId} was missing or already deleted.";
$"Translation Engine {translationEngineId.Sanitize()} in project {sfProjectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(e, message);
}

Expand Down Expand Up @@ -825,7 +833,8 @@ CancellationToken cancellationToken
{
// If the file was already deleted, just log a message
string message =
$"Corpus {servalCorpusFile.CorpusId} in project {projectId} was missing or already deleted.";
$"Corpus {servalCorpusFile.CorpusId.Sanitize()} in project {projectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(e, message);
}

Expand All @@ -837,7 +846,8 @@ CancellationToken cancellationToken
{
// If the file was already deleted, just log a message
string message =
$"File {servalCorpusFile.FileId} in project {projectId} was missing or already deleted.";
$"File {servalCorpusFile.FileId.Sanitize()} in project {projectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(e, message);
}
}
Expand Down Expand Up @@ -1289,7 +1299,7 @@ CancellationToken cancellationToken
string translationEngineId = GetTranslationEngineId(projectSecret, preTranslate);
if (string.IsNullOrWhiteSpace(translationEngineId))
{
logger.LogInformation($"No Translation Engine Id specified for project {sfProjectId}");
logger.LogInformation($"No Translation Engine Id specified for project {sfProjectId.Sanitize()}");
return;
}

Expand All @@ -1316,15 +1326,15 @@ await translationEnginesClient.DeleteCorpusAsync(
if (e.StatusCode == StatusCodes.Status404NotFound)
{
message =
$"Translation Engine {translationEngineId} for project {sfProjectId}"
$"Translation Engine {translationEngineId.Sanitize()} for project {sfProjectId.Sanitize()}"
+ " was missing or already deleted.";
logger.LogInformation(message);
}
else
{
message =
$"Ignored exception while deleting translation engine {translationEngineId}"
+ $" for project {sfProjectId}.";
$"Ignored exception while deleting translation engine {translationEngineId.Sanitize()}"
+ " for project {sfProjectId.Sanitize()}.";
logger.LogError(e, message);
}
}
Expand Down
8 changes: 8 additions & 0 deletions src/SIL.XForge/Utils/StringUtils.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ public static string ComputeMd5Hash(string message)
return sb.ToString().ToLower();
}

/// <summary>
/// Sanitizes a string for logging.
/// </summary>
/// <param name="value">The string value.</param>
/// <returns>The string sanitized for logging.</returns>
/// <remarks>This extension method resolves CodeQL <c>cs/log-forging</c>.</remarks>
public static string Sanitize(this string value) => value.ReplaceLineEndings(string.Empty);

public static string ToCamelCase(this string str) => CamelCaseNamingStrategy.GetPropertyName(str, false);

public static bool ValidateId(string id) => ObjectId.TryParse(id, out _);
Expand Down

0 comments on commit 3a0dcc4

Please sign in to comment.