File tree Expand file tree Collapse file tree 1 file changed +3
-1
lines changed Expand file tree Collapse file tree 1 file changed +3
-1
lines changed Original file line number Diff line number Diff line change @@ -42,7 +42,7 @@ public async Task InvokeAsync(HttpContext context)
4242 {
4343 string role = context . Request . Query [ "role" ] ;
4444
45- // BAD: User input logged as-is
45+ // BAD: User input logged as-is (cs/log-forging)
4646 _logger . LogWarning ( role + " log in requested." ) ;
4747
4848 // GOOD: User input logged with new-lines removed
@@ -62,9 +62,11 @@ public async Task InvokeAsync(HttpContext context)
6262 _logger . LogWarning ( role ? . Replace ( Environment . NewLine , "" ) + " log in requested" ) ;
6363 }
6464
65+ // ISSUE: cast to enum so should be sanitized (cs/cleartext-storage-of-sensitive-information)
6566 var accountKey = AccountRegistrationEventType . AccountCreated ;
6667 _logger . LogInformation ( $ "InvokeAsync called for event: { accountKey } ") ;
6768
69+ // GOOD: enum value
6870 _logger . LogInformation ( $ "InvokeAsync called for event: { AccountRegistrationEventType . AccountCreated } ") ;
6971
7072
You can’t perform that action at this time.
0 commit comments