Merge pull request #3 from Evilazaro/alert-autofix-44

Evilazaro · web-flow · commit 7b7976068e8f · 2026-04-14T13:55:54.000-05:00
Potential fix for code scanning alert no. 44: Log entries created from user input
diff --git a/src/eShop.Orders.API/Services/OrderService.cs b/src/eShop.Orders.API/Services/OrderService.cs
@@ -425,18 +425,20 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance
             throw new ArgumentException("Order ID cannot be null or empty", nameof(orderId));
         }
 
+        var safeOrderIdForLog = orderId.Replace("\r", string.Empty).Replace("\n", string.Empty);
+
         using var activity = _activitySource.StartActivity("DeleteOrder", ActivityKind.Internal);
         activity?.SetTag("order.id", orderId);
 
         try
         {
-            _logger.LogInformation("Deleting order with ID: {OrderId}", orderId);
+            _logger.LogInformation("Deleting order with ID: {OrderId}", safeOrderIdForLog);
 
             // First verify the order exists
             var order = await _orderRepository.GetOrderByIdAsync(orderId, cancellationToken);
             if (order == null)
             {
-                _logger.LogWarning("Order with ID {OrderId} not found for deletion", orderId);
+                _logger.LogWarning("Order with ID {OrderId} not found for deletion", safeOrderIdForLog);
                 return false;
             }
 
@@ -446,13 +448,13 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance
             if (deleted)
             {
                 activity?.SetStatus(ActivityStatusCode.Ok);
-                _logger.LogInformation("Order {OrderId} deleted successfully", orderId);
+                _logger.LogInformation("Order {OrderId} deleted successfully", safeOrderIdForLog);
                 _ordersDeletedCounter.Add(1, new TagList { { "order.status", "success" } });
             }
             else
             {
                 activity?.SetStatus(ActivityStatusCode.Error, "Failed to delete order");
-                _logger.LogWarning("Failed to delete order {OrderId}", orderId);
+                _logger.LogWarning("Failed to delete order {OrderId}", safeOrderIdForLog);
             }
 
             return deleted;
@@ -467,7 +469,7 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance
                 { "exception.type", ex.GetType().FullName ?? ex.GetType().Name },
                 { "order.id", orderId }
             }));
-            _logger.LogError(ex, "Failed to delete order {OrderId}", orderId);
+            _logger.LogError(ex, "Failed to delete order {OrderId}", safeOrderIdForLog);
             throw;
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -425,18 +425,20 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance`
`425`	`425`	`throw new ArgumentException("Order ID cannot be null or empty", nameof(orderId));`
`426`	`426`	`}`
`427`	`427`
	`428`	`+ var safeOrderIdForLog = orderId.Replace("\r", string.Empty).Replace("\n", string.Empty);`
	`429`	`+`
`428`	`430`	`using var activity = _activitySource.StartActivity("DeleteOrder", ActivityKind.Internal);`
`429`	`431`	`activity?.SetTag("order.id", orderId);`
`430`	`432`
`431`	`433`	`try`
`432`	`434`	`{`
`433`		`- _logger.LogInformation("Deleting order with ID: {OrderId}", orderId);`
	`435`	`+ _logger.LogInformation("Deleting order with ID: {OrderId}", safeOrderIdForLog);`
`434`	`436`
`435`	`437`	`// First verify the order exists`
`436`	`438`	`var order = await _orderRepository.GetOrderByIdAsync(orderId, cancellationToken);`
`437`	`439`	`if (order == null)`
`438`	`440`	`{`
`439`		`- _logger.LogWarning("Order with ID {OrderId} not found for deletion", orderId);`
	`441`	`+ _logger.LogWarning("Order with ID {OrderId} not found for deletion", safeOrderIdForLog);`
`440`	`442`	`return false;`
`441`	`443`	`}`
`442`	`444`
`@@ -446,13 +448,13 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance`
`446`	`448`	`if (deleted)`
`447`	`449`	`{`
`448`	`450`	`activity?.SetStatus(ActivityStatusCode.Ok);`
`449`		`- _logger.LogInformation("Order {OrderId} deleted successfully", orderId);`
	`451`	`+ _logger.LogInformation("Order {OrderId} deleted successfully", safeOrderIdForLog);`
`450`	`452`	`_ordersDeletedCounter.Add(1, new TagList { { "order.status", "success" } });`
`451`	`453`	`}`
`452`	`454`	`else`
`453`	`455`	`{`
`454`	`456`	`activity?.SetStatus(ActivityStatusCode.Error, "Failed to delete order");`
`455`		`- _logger.LogWarning("Failed to delete order {OrderId}", orderId);`
	`457`	`+ _logger.LogWarning("Failed to delete order {OrderId}", safeOrderIdForLog);`
`456`	`458`	`}`
`457`	`459`
`458`	`460`	`return deleted;`
`@@ -467,7 +469,7 @@ public async Task<bool> DeleteOrderAsync(string orderId, CancellationToken cance`
`467`	`469`	`{ "exception.type", ex.GetType().FullName ?? ex.GetType().Name },`
`468`	`470`	`{ "order.id", orderId }`
`469`	`471`	`}));`
`470`		`- _logger.LogError(ex, "Failed to delete order {OrderId}", orderId);`
	`472`	`+ _logger.LogError(ex, "Failed to delete order {OrderId}", safeOrderIdForLog);`
`471`	`473`	`throw;`
`472`	`474`	`}`
`473`	`475`	`}`