Merge pull request #533 from msalemcode/main

Mitigated CodeQL logging security Alerts
Azure · Aug 5, 2023 · f3fcf7c · f3fcf7c
2 parents de7bc3d + b697567
commit f3fcf7c
Show file tree

Hide file tree

Showing 13 changed files with 189 additions and 157 deletions.
diff --git a/src/AdminSite/Controllers/ApplicationConfigController.cs b/src/AdminSite/Controllers/ApplicationConfigController.cs
@@ -3,6 +3,7 @@
 using System.IO;
 using System.Linq;
 using System.Text.Json;
+using System.Web;
 using Marketplace.SaaS.Accelerator.DataAccess.Contracts;
 using Marketplace.SaaS.Accelerator.DataAccess.Entities;
 using Marketplace.SaaS.Accelerator.Services.Services;
@@ -21,8 +22,7 @@ namespace Marketplace.SaaS.Accelerator.AdminSite.Controllers;
 [ServiceFilter(typeof(RequestLoggerActionFilter))]
 public class ApplicationConfigController : BaseController
 {
-    private readonly ILogger<ApplicationConfigController> logger;
-
+    private readonly SaaSClientLogger<ApplicationConfigController> logger;
     private readonly ApplicationConfigService appConfigService;
 
     /// <summary>
@@ -31,9 +31,8 @@ public class ApplicationConfigController : BaseController
     private readonly IEmailTemplateRepository emailTemplateRepository;
 
     public ApplicationConfigController(
-        ApplicationConfigService appConfigService, 
-        ILogger<ApplicationConfigController> logger, 
-        IEmailTemplateRepository emailTemplateRepository)
+        ApplicationConfigService appConfigService,
+        IEmailTemplateRepository emailTemplateRepository, SaaSClientLogger<ApplicationConfigController> logger)
     {
         this.appConfigService = appConfigService;
         this.emailTemplateRepository = emailTemplateRepository;
@@ -198,4 +197,6 @@ public IActionResult PostUpload(List<IFormFile> files)
         return RedirectToAction("Index");
     }
 
+
+
 }
diff --git a/src/AdminSite/Controllers/ApplicationLogController.cs b/src/AdminSite/Controllers/ApplicationLogController.cs
@@ -14,21 +14,21 @@ namespace Marketplace.SaaS.Accelerator.AdminSite.Controllers;
 [ServiceFilter(typeof(KnownUserAttribute))]
 public class ApplicationLogController : BaseController
 {
-    private readonly ILogger<ApplicationLogController> logger;
+    private readonly SaaSClientLogger<ApplicationLogController> logger;
 
     private ApplicationLogService appLogService;
 
     private readonly IApplicationLogRepository appLogRepository;
 
-    public ApplicationLogController(IApplicationLogRepository applicationLogRepository, ILogger<ApplicationLogController> logger)
+    public ApplicationLogController(IApplicationLogRepository applicationLogRepository, SaaSClientLogger<ApplicationLogController> logger)
     {
         this.appLogRepository = applicationLogRepository;
         this.logger = logger;
         appLogService = new ApplicationLogService(this.appLogRepository);
     }
     public IActionResult Index()
     {
-        this.logger.LogInformation("Application Log Controller / Index");
+        this.logger.Info("Application Log Controller / Index");
         try
         {
             List<ApplicationLog> getAllAppLogData = this.appLogService.GetAllLogs().OrderByDescending(appLog => appLog.ActionTime).ToList();
@@ -37,8 +37,10 @@ public IActionResult Index()
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
+
+
 }
diff --git a/src/AdminSite/Controllers/BaseController.cs b/src/AdminSite/Controllers/BaseController.cs
@@ -1,4 +1,5 @@
 using System.Linq;
+using System.Web;
 using Marketplace.SaaS.Accelerator.Services.Models;
 using Marketplace.SaaS.Accelerator.Services.Utilities;
 using Microsoft.AspNetCore.Authentication;
@@ -16,6 +17,7 @@ public class BaseController : Controller
     /// <summary>
     /// Initializes a new instance of the <see cref="BaseController" /> class.
     /// </summary>
+    /// 
     public BaseController()
     {
         this.CheckAuthentication();
@@ -79,4 +81,5 @@ public IActionResult CheckAuthentication()
             return this.RedirectToAction("Index", "Home", new { });
         }
     }
+
 }
diff --git a/src/AdminSite/Controllers/HomeController.cs b/src/AdminSite/Controllers/HomeController.cs
diff --git a/src/AdminSite/Controllers/KnownUsersController.cs b/src/AdminSite/Controllers/KnownUsersController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Web;
 using Marketplace.SaaS.Accelerator.DataAccess.Contracts;
 using Marketplace.SaaS.Accelerator.DataAccess.Entities;
 using Marketplace.SaaS.Accelerator.Services.Utilities;
@@ -15,15 +16,15 @@ namespace Marketplace.SaaS.Accelerator.AdminSite.Controllers;
 public class KnownUsersController : BaseController
 {
     private readonly IKnownUsersRepository knownUsersRepository;
-    private readonly ILogger<OffersController> logger;
+    private readonly SaaSClientLogger<KnownUsersController> logger;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="KnownUsersController" /> class.
     /// </summary>
     /// <param name = "knownUsersRepository" > The known users repository.</param>
     /// <param name="logger">The logger.</param>
 
-    public KnownUsersController(IKnownUsersRepository knownUsersRepository, ILogger<OffersController> logger)
+    public KnownUsersController(IKnownUsersRepository knownUsersRepository, SaaSClientLogger<KnownUsersController> logger)
     {
         this.knownUsersRepository = knownUsersRepository;
         this.logger = logger;
@@ -35,15 +36,15 @@ public KnownUsersController(IKnownUsersRepository knownUsersRepository, ILogger<
     /// <returns>All known users.</returns>
     public IActionResult Index()
     {
-        this.logger.LogInformation("KnownUsers Controller / Index");
+        this.logger.Info("KnownUsers Controller / Index");
         try
         {
             var getAllKnownUsers = this.knownUsersRepository.GetAllKnownUsers();
             return this.View(getAllKnownUsers);
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -56,15 +57,17 @@ public IActionResult Index()
     public JsonResult SaveKnownUsers([FromBody] IEnumerable<KnownUsers> knownUsers)
     {
 
-        this.logger.LogInformation("KnownUsers Controller / SaveKnownUsers");
+        this.logger.Info("KnownUsers Controller / SaveKnownUsers");
         try
         {
             return Json(this.knownUsersRepository.SaveAllKnownUsers(knownUsers));
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return Json(string.Empty);
         }
     }
+
+
 }
diff --git a/src/AdminSite/Controllers/OffersController.cs b/src/AdminSite/Controllers/OffersController.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
+using System.Web;
 using Marketplace.SaaS.Accelerator.AdminSite.Models.Offers;
 using Marketplace.SaaS.Accelerator.DataAccess.Context;
 using Marketplace.SaaS.Accelerator.DataAccess.Contracts;
@@ -28,7 +29,7 @@ public class OffersController : BaseController
 
     private readonly IOfferAttributesRepository offersAttributeRepository;
 
-    private readonly ILogger<OffersController> logger;
+    private readonly SaaSClientLogger<OffersController> logger;
 
     private readonly OffersService offersService;
 
@@ -48,8 +49,7 @@ public OffersController(
         IApplicationConfigRepository applicationConfigRepository, 
         IUsersRepository usersRepository, 
         IValueTypesRepository valueTypesRepository, 
-        IOfferAttributesRepository offersAttributeRepository, 
-        ILogger<OffersController> logger)
+        IOfferAttributesRepository offersAttributeRepository, SaaSClientLogger<OffersController> logger)
     {
         this.applicationConfigRepository = applicationConfigRepository;
         this.usersRepository = usersRepository;
@@ -66,7 +66,7 @@ public OffersController(
     /// <returns>return All subscription.</returns>
     public IActionResult Index()
     {
-        this.logger.LogInformation("Offers Controller / Index");
+        this.logger.Info("Offers Controller / Index");
         try
         {
             this.TempData["ShowWelcomeScreen"] = "True";
@@ -90,7 +90,7 @@ public IActionResult Index()
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -104,7 +104,7 @@ public IActionResult Index()
     /// </returns>
     public IActionResult OfferDetails(Guid offerGuid)
     {
-        this.logger.LogInformation("Offers Controller / OfferDetails:  offerGuid {0}", offerGuid);
+        this.logger.Info("Offers Controller / OfferDetails:  offerGuid {offerGuid}");
 
         try
         {
@@ -133,7 +133,7 @@ public IActionResult OfferDetails(Guid offerGuid)
         }
         catch (Exception ex)
         {
-            this.logger.LogError("Message:{0} :: {1}   ", ex.Message, ex.InnerException);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -149,7 +149,7 @@ public IActionResult OfferDetails(Guid offerGuid)
     [ValidateAntiForgeryToken]
     public IActionResult OfferDetails(OfferModel offersData)
     {
-        this.logger.LogInformation("Offers Controller / OfferDetails:  offerGuid {0}", JsonSerializer.Serialize(offersData));
+        this.logger.Info(HttpUtility.HtmlEncode($"Offers Controller / OfferDetails:  offerGuid {JsonSerializer.Serialize(offersData)}"));
         try
         {
             var currentUserDetail = this.usersRepository.GetPartnerDetailFromEmail(this.CurrentUserEmailAddress);
@@ -193,7 +193,7 @@ public IActionResult OfferDetails(OfferModel offersData)
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -222,4 +222,6 @@ private static OfferAttributesModel MapOfferAttributesModel(OfferAttributes offe
         };
     }
 
+
+
 }
diff --git a/src/AdminSite/Controllers/PlansController.cs b/src/AdminSite/Controllers/PlansController.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
+using System.Web;
 using Marketplace.SaaS.Accelerator.DataAccess.Contracts;
 using Marketplace.SaaS.Accelerator.Services.Models;
 using Marketplace.SaaS.Accelerator.Services.Services;
@@ -36,7 +37,7 @@ public class PlansController : BaseController
 
     private readonly IOfferAttributesRepository offerAttributeRepository;
 
-    private readonly ILogger<PlansController> logger;
+    private readonly SaaSClientLogger<PlansController> logger;
 
     private PlanService plansService;
 
@@ -50,7 +51,7 @@ public class PlansController : BaseController
     /// <param name="offerAttributeRepository">The offer attribute repository.</param>
     /// <param name="offerRepository">The offer repository.</param>
     /// <param name="logger">The logger.</param>
-    public PlansController(ISubscriptionsRepository subscriptionRepository, IUsersRepository usersRepository, IApplicationConfigRepository applicationConfigRepository, IPlansRepository plansRepository, IOfferAttributesRepository offerAttributeRepository, IOffersRepository offerRepository, ILogger<PlansController> logger)
+    public PlansController(ISubscriptionsRepository subscriptionRepository, IUsersRepository usersRepository, IApplicationConfigRepository applicationConfigRepository, IPlansRepository plansRepository, IOfferAttributesRepository offerAttributeRepository, IOffersRepository offerRepository, SaaSClientLogger<PlansController> logger)
     {
         this.subscriptionRepository = subscriptionRepository;
         this.usersRepository = usersRepository;
@@ -68,7 +69,7 @@ public PlansController(ISubscriptionsRepository subscriptionRepository, IUsersRe
     /// <returns>return All subscription.</returns>
     public IActionResult Index()
     {
-        this.logger.LogInformation("Plans Controller / OfferDetails:  offerGuId");
+        this.logger.Info("Plans Controller / OfferDetails:  offerGuId");
         try
         {
             List<PlansModel> getAllPlansData = new List<PlansModel>();
@@ -82,7 +83,7 @@ public IActionResult Index()
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -96,7 +97,7 @@ public IActionResult Index()
     /// </returns>
     public IActionResult PlanDetails(Guid planGuId)
     {
-        this.logger.LogInformation("Plans Controller / PlanDetails:  planGuId {0}", planGuId);
+        this.logger.Info(HttpUtility.HtmlEncode($"Plans Controller / PlanDetails:  planGuId {planGuId}"));
         try
         {
             PlansModel plans = new PlansModel();
@@ -107,7 +108,7 @@ public IActionResult PlanDetails(Guid planGuId)
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.View("Error", ex);
         }
     }
@@ -123,7 +124,7 @@ public IActionResult PlanDetails(Guid planGuId)
     [ValidateAntiForgeryToken]
     public IActionResult PlanDetails(PlansModel plans)
     {
-        this.logger.LogInformation("Plans Controller / PlanDetails:  plans {0}", JsonSerializer.Serialize(plans));
+        this.logger.Info(HttpUtility.HtmlEncode($"Plans Controller / PlanDetails:  plans {JsonSerializer.Serialize(plans)}"));
         try
         {
             var currentUserDetail = this.usersRepository.GetPartnerDetailFromEmail(this.CurrentUserEmailAddress);
@@ -154,8 +155,10 @@ public IActionResult PlanDetails(PlansModel plans)
         }
         catch (Exception ex)
         {
-            this.logger.LogError(ex, ex.Message);
+            this.logger.LogError($"Message:{ex.Message} :: {ex.InnerException}");
             return this.PartialView("Error", ex);
         }
     }
+
+
 }