Skip to content

Commit f4a3b90

Browse files
Potential fix for code scanning alert no. 99: Log entries created from user input (#258)
* Potential fix for code scanning alert no. 99: Log entries created from user input Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update SanitizeForLog to handle nullable input safely SanitizeForLog now accepts a nullable string and returns an empty string if the input is null, preventing possible null reference exceptions and improving log safety. --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent b336511 commit f4a3b90

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

src/GitHubActions.Gates.Framework/FunctionHandlers/WebHookHandler.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,18 @@ namespace GitHubActions.Gates.Framework.FunctionHandlers
1212
{
1313
public class WebHookHandler
1414
{
15+
// Removes carriage return and newline characters to prevent log forging
16+
private static string SanitizeForLog(string? input)
17+
{
18+
return input == null ? string.Empty : input.Replace("\r", "").Replace("\n", "");
19+
}
1520
protected const string DeploymentProtectionRuleEventName = "deployment_protection_rule";
1621
protected virtual async Task<IActionResult> ProcessWebHook(HttpRequest req, ILogger log, string ProcessingQueueName)
1722
{
1823
var ghEvent = req.Headers["X-GitHub-Event"].FirstOrDefault();
1924
var id = req.Headers["X-GitHub-Delivery"].FirstOrDefault();
2025

21-
log.LogInformation($"EventReceiver Begin: [{ghEvent}] ${id}");
26+
log.LogInformation($"EventReceiver Begin: [{SanitizeForLog(ghEvent)}] {SanitizeForLog(id)}");
2227

2328
// No need to waste resources something is definitely missing
2429
if (string.IsNullOrWhiteSpace(ghEvent))

0 commit comments

Comments
 (0)