Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigated CodeQL logging security Alerts #533

Merged
merged 23 commits into from
Aug 5, 2023
Merged

Mitigated CodeQL logging security Alerts #533

merged 23 commits into from
Aug 5, 2023

Conversation

msalemcode
Copy link
Contributor

This PR to fix CodeQL logging security alerts.
1- Centralize logging to use a common library under services
2- Adding Encoding methods to encode user input to prevent sql injection
3- Prevent Exposure of private information

dstarr
dstarr reviewed Jul 27, 2023
View reviewed changes
Copy link
Contributor

@dstarr dstarr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of questions.

@santhoshb-msft santhoshb-msft linked an issue Jul 27, 2023 that may be closed by this pull request
Library upgrades #516
Closed
@santhoshb-msft santhoshb-msft added the enhancement A request for new functionality or improvement label Jul 27, 2023
@santhoshb-msft
Copy link
Contributor

@msalemcode there seems to be some conflicts, could you please resolve them?

@msalemcode msalemcode closed this Aug 2, 2023
@msalemcode msalemcode force-pushed the main branch 2 times, most recently from 65a7b01 to de7bc3d Compare August 2, 2023 18:43
@msalemcode msalemcode reopened this Aug 2, 2023
code4clouds
code4clouds approved these changes Aug 4, 2023
View reviewed changes
Copy link
Contributor

@code4clouds code4clouds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments.

src/AdminSite/Controllers/BaseController.cs
@@ -1,4 +1,5 @@
using System.Linq;
using System.Web;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you add a code that requires the System.Web?

src/AdminSite/Controllers/KnownUsersController.cs
@@ -1,5 +1,6 @@
using System;
using System.Collections.Generic;
using System.Web;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you add a code that requires the System.Web?

src/Services/Utilities/SaaSClientLogger.cs
{
/// <summary>
/// The logger.
/// </summary>
private readonly ILogger<MeteredBillingApiService> logger;
private ILogger<T> logger;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

readonly made sense on the old code... If this is not going to be re-assigned later, it makes sense to have it.

@msalemcode msalemcode merged commit f3fcf7c into Azure:main Aug 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstarr dstarr dstarr left review comments

@code4clouds code4clouds code4clouds approved these changes

@santhoshb-msft santhoshb-msft Awaiting requested review from santhoshb-msft

Assignees

@dstarr dstarr

Labels
enhancement A request for new functionality or improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Library upgrades
4 participants
@msalemcode @santhoshb-msft @dstarr @code4clouds