Merge pull request #23 from JakubPatkowski/fix-security-alerts

JakubPatkowski · web-flow · commit c65e3092972c · 2026-01-08T22:37:31.000+01:00
fix: security scanning alerts
diff --git a/src/TodoTaskAPI.API/Controllers/TodoController.cs b/src/TodoTaskAPI.API/Controllers/TodoController.cs
@@ -155,7 +155,7 @@ public async Task<ActionResult<ApiResponseDto<IEnumerable<TodoDto>>>> FindTodos(
         try
         {
             _logger.LogInformation("Starting todo search with parameters: ID: {Id}",
-                parameters.Id);
+                LogSanitizer.Sanitize(parameters.Id));
 
             // Call the FindTodosAsync method in the TodoService to retrieve the matching todos
             var todos = await _todoService.FindTodosAsync(parameters);
diff --git a/src/TodoTaskAPI.API/Middleware/RequestLoggingMiddleware.cs b/src/TodoTaskAPI.API/Middleware/RequestLoggingMiddleware.cs
@@ -64,8 +64,8 @@ public async Task InvokeAsync(HttpContext context)
                 // Log the response details, including the elapsed time.
                 _logger.LogInformation(
                      "Request {Method} {Path} completed in {ElapsedMilliseconds}ms with status code {StatusCode}",
-                     context.Request.Method,
-                     context.Request.Path,
+                     LogSanitizer.Sanitize(context.Request.Method),
+                     LogSanitizer.Sanitize(context.Request.Path),
                      stopwatch.ElapsedMilliseconds,
                      context.Response.StatusCode);
             }
diff --git a/src/TodoTaskAPI.Application/Services/TodoService.cs b/src/TodoTaskAPI.Application/Services/TodoService.cs
@@ -117,7 +117,7 @@ public async Task<IEnumerable<TodoDto>> FindTodosAsync(TodoSearchParametersDto p
         try
         {
             _logger.LogInformation("Starting todo search with parameters: ID: {Id}",
-                parameters.Id);
+                LogSanitizer.Sanitize(parameters.Id));
 
             // Validate parameters
             parameters.ValidateParameters();
diff --git a/src/TodoTaskAPI.Infrastructure/Repositories/TodoRepository.cs b/src/TodoTaskAPI.Infrastructure/Repositories/TodoRepository.cs
@@ -1,10 +1,10 @@
-﻿using System;
-using Microsoft.EntityFrameworkCore;
+﻿using Microsoft.EntityFrameworkCore;
 using TodoTaskAPI.Core.Entities;
 using TodoTaskAPI.Core.Interfaces;
 using TodoTaskAPI.Infrastructure.Data;
 using Microsoft.Extensions.Logging;
 using TodoTaskAPI.Core.Exceptions;
+using TodoTaskAPI.Core.Helpers;
 
 namespace TodoTaskAPI.Infrastructure.Repositories;
 
@@ -80,7 +80,7 @@ public async Task<IEnumerable<Todo>> FindTodosAsync(Guid? id = null, string? tit
         }
         catch (Exception ex)
         {
-            _logger.LogError(ex, "Error occurred while searching for todos. ID: {Id}", id);
+            _logger.LogError(ex, "Error occurred while searching for todos. ID: {Id}", LogSanitizer.Sanitize(id));
             throw;
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ public async Task<ActionResult<ApiResponseDto<IEnumerable<TodoDto>>>> FindTodos(`
`155`	`155`	`try`
`156`	`156`	`{`
`157`	`157`	`_logger.LogInformation("Starting todo search with parameters: ID: {Id}",`
`158`		`- parameters.Id);`
	`158`	`+ LogSanitizer.Sanitize(parameters.Id));`
`159`	`159`
`160`	`160`	`// Call the FindTodosAsync method in the TodoService to retrieve the matching todos`
`161`	`161`	`var todos = await _todoService.FindTodosAsync(parameters);`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ public async Task<IEnumerable<TodoDto>> FindTodosAsync(TodoSearchParametersDto p`
`117`	`117`	`try`
`118`	`118`	`{`
`119`	`119`	`_logger.LogInformation("Starting todo search with parameters: ID: {Id}",`
`120`		`- parameters.Id);`
	`120`	`+ LogSanitizer.Sanitize(parameters.Id));`
`121`	`121`
`122`	`122`	`// Validate parameters`
`123`	`123`	`parameters.ValidateParameters();`
Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`		`-using System;`
`2`		`-using Microsoft.EntityFrameworkCore;`
	`1`	`+using Microsoft.EntityFrameworkCore;`
`3`	`2`	`using TodoTaskAPI.Core.Entities;`
`4`	`3`	`using TodoTaskAPI.Core.Interfaces;`
`5`	`4`	`using TodoTaskAPI.Infrastructure.Data;`
`6`	`5`	`using Microsoft.Extensions.Logging;`
`7`	`6`	`using TodoTaskAPI.Core.Exceptions;`
	`7`	`+using TodoTaskAPI.Core.Helpers;`
`8`	`8`
`9`	`9`	`namespace TodoTaskAPI.Infrastructure.Repositories;`
`10`	`10`
`@@ -80,7 +80,7 @@ public async Task<IEnumerable<Todo>> FindTodosAsync(Guid? id = null, string? tit`
`80`	`80`	`}`
`81`	`81`	`catch (Exception ex)`
`82`	`82`	`{`
`83`		`- _logger.LogError(ex, "Error occurred while searching for todos. ID: {Id}", id);`
	`83`	`+ _logger.LogError(ex, "Error occurred while searching for todos. ID: {Id}", LogSanitizer.Sanitize(id));`
`84`	`84`	`throw;`
`85`	`85`	`}`
`86`	`86`	`}`