Skip to content

Commit bca7bf3

Browse files
committed
Fix code scanning alerts (log forgery)
1 parent c0aee33 commit bca7bf3

File tree

3 files changed

+10
-3
lines changed

3 files changed

+10
-3
lines changed

src/JsonApiDotNetCore/Middleware/JsonApiMiddleware.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,8 @@ public async Task InvokeAsync(HttpContext httpContext, IControllerResourceMappin
9292
{
9393
string timingResults = CodeTimingSessionManager.Current.GetResults();
9494
string url = httpContext.Request.GetDisplayUrl();
95-
logger.LogInformation($"Measurement results for {httpContext.Request.Method} {url}:{Environment.NewLine}{timingResults}");
95+
string method = httpContext.Request.Method.Replace(Environment.NewLine, "");
96+
logger.LogInformation($"Measurement results for {method} {url}:{Environment.NewLine}{timingResults}");
9697
}
9798
}
9899

src/JsonApiDotNetCore/Serialization/Request/JsonApiReader.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,9 @@ public JsonApiReader(IJsonApiOptions options, IDocumentAdapter documentAdapter,
4040
ArgumentGuard.NotNull(httpRequest);
4141

4242
string requestBody = await ReceiveRequestBodyAsync(httpRequest);
43+
string method = httpRequest.Method.Replace(Environment.NewLine, "");
4344

44-
_traceWriter.LogMessage(() => $"Received {httpRequest.Method} request at '{httpRequest.GetEncodedUrl()}' with body: <<{requestBody}>>");
45+
_traceWriter.LogMessage(() => $"Received {method} request at '{httpRequest.GetEncodedUrl()}' with body: <<{requestBody}>>");
4546

4647
return GetModel(requestBody);
4748
}

src/JsonApiDotNetCore/Serialization/Response/JsonApiWriter.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,12 @@ public async Task WriteAsync(object? model, HttpContext httpContext)
6363
}
6464

6565
_traceWriter.LogMessage(() =>
66-
$"Sending {httpContext.Response.StatusCode} response for {httpContext.Request.Method} request at '{httpContext.Request.GetEncodedUrl()}' with body: <<{responseBody}>>");
66+
{
67+
string method = httpContext.Request.Method.Replace(Environment.NewLine, "");
68+
string url = httpContext.Request.GetEncodedUrl();
69+
70+
return $"Sending {httpContext.Response.StatusCode} response for {method} request at '{url}' with body: <<{responseBody}>>";
71+
});
6772

6873
await SendResponseBodyAsync(httpContext.Response, responseBody);
6974
}

0 commit comments

Comments
 (0)