Skip to content

Fix code scanning alert #78: Log Injection #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Devasy wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix code scanning alert #78: Log Injection #53

Devasy wants to merge 4 commits into from

Conversation

@Devasy
Copy link
Owner

@Devasy Devasy commented Sep 18, 2024

Fixes https://github.com/Devasy23/FaceRec/security/code-scanning/78

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@Devasy @github-advanced-security
Fix code scanning alert #78: Log Injection
004ca5d 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
senior-dev-bot[bot]
senior-dev-bot bot reviewed Sep 18, 2024
View reviewed changes
Copy link

@senior-dev-bot senior-dev-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback from Senior Dev Bot

API/route.py
Comment on lines 392 to 399
"""
logging.info('Deleting Employee')
logging.debug(f"Deleting for EmployeeCode: {EmployeeCode}")
sanitized_employee_code = re.sub(r'\D', '', str(EmployeeCode))
logging.debug(f"Deleting for EmployeeCode: {sanitized_employee_code}")
client2.find_one_and_delete(collection2, {'EmployeeCode': EmployeeCode})

return {'Message': 'Successfully Deleted'}
Copy link

@senior-dev-bot senior-dev-bot bot Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CODE REVIEW

Good job on sanitizing the EmployeeCode before logging! However, ensure that the original variable remains unchanged for further operations. Alternatively, consider logging the sanitized value conditionally based on the logging level to avoid unnecessary processing.

sanitized_employee_code = re.sub(r'\D', '', str(EmployeeCode))
if logging.getLogger().isEnabledFor(logging.DEBUG):
    logging.debug(f"Deleting for EmployeeCode: {sanitized_employee_code}")

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 18, 2024
View reviewed changes
pre-commit-ci bot and others added 2 commits September 18, 2024 16:06
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
f5c954e 
for more information, see https://pre-commit.ci
@Devasy @github-advanced-security
Apply code scanning fix for log injection
08af9a5 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@Devasy Devasy linked an issue Sep 18, 2024 that may be closed by this pull request
Fix code scanning alert - Log Injection #52
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@senior-dev-bot senior-dev-bot[bot] senior-dev-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - Log Injection

2 participants

@Devasy