Update dependencies and create new session on reconnect rather than trying to recreate session #2375

marcschier · 2025-02-24T14:06:05Z

No description provided.

marcschier · 2025-02-25T10:59:11Z

/azp run

azure-pipelines · 2025-02-25T10:59:23Z

Azure Pipelines successfully started running 1 pipeline(s).

src/Azure.IIoT.OpcUa.Publisher/src/Stack/Services/OpcUaClient.cs

@@ -921,22 +969,25 @@
                                    {
                                        case SessionState.Connected: // only valid when connected.
                                            Debug.Assert(_reconnectHandler.State == SessionReconnectHandler.ReconnectState.Ready);
+                                            _logger.LogInformation("{Client}: Reconnecting session {Session} due to {Reason}...",
+                                                this, _sessionName, (context is ServiceResult sr) ? "error " + sr : "RESET");


To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the _sessionName variable to prevent log forging. This can be done using the String.Replace method to replace newline characters with an empty string.

The best way to fix the problem without changing existing functionality is to modify the logging statements to sanitize the _sessionName variable. This involves updating the logging statements on lines 973 and 979 to use a sanitized version of _sessionName.

src/Azure.IIoT.OpcUa.Publisher/src/Stack/Services/OpcUaClient.cs

-                                            _logger.LogInformation("{Client}: Reconnecting session {Session} due to {Reason}...",
-                                                this, _sessionName, (context is ServiceResult sr) ? "error " + sr : "RESET");
+                                            _logger.LogInformation("{Client}: Begin reconnecting session {Session}...",
+                                                this, _sessionName);


To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the _sessionName to prevent log forging. This can be done using the Replace method to ensure that no new lines are present in the user input.

Identify the lines where _sessionName is logged.

Sanitize _sessionName by replacing newline characters with an empty string before logging it.

Ensure that the sanitization does not alter the existing functionality of the application.

src/Azure.IIoT.OpcUa.Publisher/src/Stack/Services/OpcUaClient.cs

@@ -962,6 +1013,8 @@
                                    switch (currentSessionState)
                                    {
                                        case SessionState.Reconnecting:
+                                            _logger.LogInformation("{Client}: Completed reconnecting session {Session}...",
+                                                this, _sessionName);


To fix the problem, we need to sanitize the _sessionName variable before logging it. This can be done by removing any newline characters from the user input to prevent log forging. We will use the Replace method to remove newline characters from _sessionName before it is logged.

Identify the line where _sessionName is logged.

Sanitize _sessionName by replacing newline characters with an empty string.

Ensure that the sanitization does not alter the existing functionality of the code.

marcschier and others added 5 commits February 9, 2025 13:28

Update

1ce9fb1

Update dependencies to latest

a157bba

Update dependencies

e2944ab

Create instead of Recreate

c46b9b4

Update build script

faba186

marcschier requested a review from a team as a code owner February 24, 2025 14:06

marcschier added 3 commits February 24, 2025 15:07

revert to 12

71bd665

Update

eacf6d6

Update resource reporting

922146e

github-advanced-security bot found potential problems Feb 25, 2025

View reviewed changes

marcschier merged commit eee22fb into main Feb 25, 2025
4 of 7 checks passed

marcschier deleted the updates branch February 25, 2025 12:55

This was referenced Feb 25, 2025

Kepware reinitialize results in "System.ObjectDisposedException" #2373

Closed

Reconnecting does not work, client runs into infinite reconnect loop #2368

Closed

@@ -971,4 +971,5 @@
                                                         Debug.Assert(_reconnectHandler.State == SessionReconnectHandler.ReconnectState.Ready);
+                                                        var sanitizedSessionName = _sessionName?.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
                                                         _logger.LogInformation("{Client}: Reconnecting session {Session} due to {Reason}...",
-                                                            this, _sessionName, (context is ServiceResult sr) ? "error " + sr : "RESET");
+                                                            this, sanitizedSessionName, (context is ServiceResult sr) ? "error " + sr : "RESET");
@@ -978,3 +979,3 @@
                                                         _logger.LogInformation("{Client}: Begin reconnecting session {Session}...",
-                                                            this, _sessionName);
+                                                            this, sanitizedSessionName);
                                                         Debug.Assert(_session != null);

@@ -972,3 +972,3 @@
                                                         _logger.LogInformation("{Client}: Reconnecting session {Session} due to {Reason}...",
-                                                            this, _sessionName, (context is ServiceResult sr) ? "error " + sr : "RESET");
+                                                            this, _sessionName?.Replace(Environment.NewLine, ""), (context is ServiceResult sr) ? "error " + sr : "RESET");
@@ -978,3 +978,3 @@
                                                         _logger.LogInformation("{Client}: Begin reconnecting session {Session}...",
-                                                            this, _sessionName);
+                                                            this, _sessionName?.Replace(Environment.NewLine, ""));
                                                         Debug.Assert(_session != null);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies and create new session on reconnect rather than trying to recreate session #2375

Update dependencies and create new session on reconnect rather than trying to recreate session #2375

marcschier commented Feb 24, 2025

marcschier commented Feb 25, 2025

azure-pipelines bot commented Feb 25, 2025

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Update dependencies and create new session on reconnect rather than trying to recreate session #2375

Update dependencies and create new session on reconnect rather than trying to recreate session #2375

Conversation

marcschier commented Feb 24, 2025

marcschier commented Feb 25, 2025

azure-pipelines bot commented Feb 25, 2025