Skip to content

Commit 52d73ce

Browse files
erlendellefsenerlendellefsen
authored
fix(security): prevent log forging and update tooling (#52)
- Sanitize user input before logging to prevent log forging attacks - Add explicit least-privilege permissions to CI/CD workflow - Upgrade CSharpier 0.30.6 → 1.2.5 (new CLI syntax) - Remove unused dotnet-ef tool
1 parent c5e35fb commit 52d73ce

6 files changed

Lines changed: 16 additions & 16 deletions

File tree

.config/dotnet-tools.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@
33
"isRoot": true,
44
"tools": {
55
"csharpier": {
6-
"version": "0.30.6",
6+
"version": "1.2.5",
77
"commands": [
8-
"dotnet-csharpier"
8+
"csharpier"
99
],
1010
"rollForward": false
1111
}

.github/workflows/ci-cd.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ jobs:
4242
- name: Check formatting
4343
run: |
4444
dotnet tool restore
45-
dotnet csharpier . --check
45+
dotnet csharpier check .
4646
4747
- name: Build
4848
run: dotnet build --no-restore --configuration Release

JsonApiToolkit.Tests/Extensions/IncludeFilterParserTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -352,8 +352,8 @@ public void SeparateIncludeFilters_WithTooDeepNesting_ThrowsException()
352352
var includePaths = new List<string> { "a.b.c.d" };
353353

354354
// Act & Assert
355-
var exception = Assert.Throws<JsonApiBadRequestException>(
356-
() => IncludeFilterParser.SeparateIncludeFilters(filters, includePaths)
355+
var exception = Assert.Throws<JsonApiBadRequestException>(() =>
356+
IncludeFilterParser.SeparateIncludeFilters(filters, includePaths)
357357
);
358358

359359
Assert.Contains("Filter depth exceeds maximum", exception.Message);

JsonApiToolkit.Tests/Extensions/QueryHelpersTests.cs

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,8 @@ public void ConvertToPropertyType_WithValidEnumIgnoreCase_ConvertsCorrectly()
2424
[Fact]
2525
public void ConvertToPropertyType_WithInvalidEnum_ThrowsArgumentException()
2626
{
27-
var exception = Assert.Throws<FormatException>(
28-
() => QueryHelpers.ConvertToPropertyType("InvalidStatus", typeof(TestStatus))
27+
var exception = Assert.Throws<FormatException>(() =>
28+
QueryHelpers.ConvertToPropertyType("InvalidStatus", typeof(TestStatus))
2929
);
3030

3131
Assert.Contains(
@@ -45,8 +45,8 @@ public void ConvertToPropertyType_WithNullableEnum_ConvertsCorrectly()
4545
[Fact]
4646
public void ConvertToPropertyType_WithEmptyStringForEnum_ThrowsArgumentException()
4747
{
48-
var exception = Assert.Throws<FormatException>(
49-
() => QueryHelpers.ConvertToPropertyType("", typeof(TestStatus))
48+
var exception = Assert.Throws<FormatException>(() =>
49+
QueryHelpers.ConvertToPropertyType("", typeof(TestStatus))
5050
);
5151

5252
Assert.Contains("Invalid enum value '' for type 'TestStatus'", exception.Message);
@@ -71,8 +71,8 @@ public void ConvertToPropertyType_WithInt_ConvertsCorrectly()
7171
[Fact]
7272
public void ConvertToPropertyType_WithInvalidInt_ThrowsFormatException()
7373
{
74-
var exception = Assert.Throws<FormatException>(
75-
() => QueryHelpers.ConvertToPropertyType("not-a-number", typeof(int))
74+
var exception = Assert.Throws<FormatException>(() =>
75+
QueryHelpers.ConvertToPropertyType("not-a-number", typeof(int))
7676
);
7777

7878
Assert.Contains(

JsonApiToolkit.Tests/JsonApiToolkit.Tests.csproj

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
<Project Sdk="Microsoft.NET.Sdk">
2-
32
<PropertyGroup>
43
<TargetFramework>net9.0</TargetFramework>
54
<ImplicitUsings>enable</ImplicitUsings>
@@ -24,5 +23,4 @@
2423
<ItemGroup>
2524
<ProjectReference Include="..\JsonApiToolkit\JsonApiToolkit.csproj" />
2625
</ItemGroup>
27-
2826
</Project>

JsonApiToolkit/JsonApiToolkit.csproj

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
<Project Sdk="Microsoft.NET.Sdk">
2-
32
<PropertyGroup>
43
<TargetFramework>net9.0</TargetFramework>
54
<ImplicitUsings>enable</ImplicitUsings>
@@ -15,7 +14,7 @@
1514
<RepositoryUrl>https://github.com/intility/Intility.JsonApiToolkit</RepositoryUrl>
1615
<RepositoryType>git</RepositoryType>
1716
<PackageReadmeFile>README.md</PackageReadmeFile>
18-
17+
1918
<!-- Generate XML documentation -->
2019
<GenerateDocumentationFile>true</GenerateDocumentationFile>
2120
</PropertyGroup>
@@ -25,7 +24,10 @@
2524
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.3.0" />
2625
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.2" />
2726
<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="9.0.2" />
28-
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.2" />
27+
<PackageReference
28+
Include="Microsoft.Extensions.DependencyInjection.Abstractions"
29+
Version="9.0.2"
30+
/>
2931
</ItemGroup>
3032
<ItemGroup>
3133
<None Include="README.md" Pack="true" PackagePath="\" />

0 commit comments

Comments
 (0)