House cleaning #635
Merged
House cleaning #635
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.12.0 to 6.12.1. - [Release notes](https://github.com/fluentassertions/fluentassertions/releases) - [Changelog](https://github.com/fluentassertions/fluentassertions/blob/develop/AcceptApiChanges.ps1) - [Commits](fluentassertions/fluentassertions@6.12.0...6.12.1) --- updated-dependencies: - dependency-name: FluentAssertions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Firely.Fhir.Packages](https://github.com/FirelyTeam/Firely.Fhir.Packages) from 4.7.0 to 4.8.0. - [Release notes](https://github.com/FirelyTeam/Firely.Fhir.Packages/releases) - [Commits](FirelyTeam/Firely.Fhir.Packages@v4.7.0...v4.8.0) --- updated-dependencies: - dependency-name: Firely.Fhir.Packages dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Npgsql.EntityFrameworkCore.PostgreSQL](https://github.com/npgsql/efcore.pg) and [Npgsql](https://github.com/npgsql/npgsql). These dependencies needed to be updated together. Updates `Npgsql.EntityFrameworkCore.PostgreSQL` from 8.0.4 to 8.0.8 - [Release notes](https://github.com/npgsql/efcore.pg/releases) - [Commits](npgsql/efcore.pg@v8.0.4...v8.0.8) Updates `Npgsql` from 8.0.3 to 8.0.4 - [Release notes](https://github.com/npgsql/npgsql/releases) - [Commits](npgsql/npgsql@v8.0.3...v8.0.4) --- updated-dependencies: - dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Npgsql dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
It will make it easier on consumers concerning warnings. And the nullable parameters will express whether a null will be allowed.
Moving it to UdapEd. Also fixing up more compiler warnings.
…Assertions-6.12.1 Bump FluentAssertions from 6.12.0 to 6.12.1
…f7a557f0b7 Bump Npgsql.EntityFrameworkCore.PostgreSQL and Npgsql
….Fhir.Packages-4.8.0 Bump Firely.Fhir.Packages from 4.7.0 to 4.8.0
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| UdapDynamicClientRegistrationErrorDescriptions.UntrustedCertificate); | ||
| _logger.LogWarning("{Error}::{Description}", | ||
| UdapDynamicClientRegistrationErrors.UnapprovedSoftwareStatement, | ||
| UdapDynamicClientRegistrationErrorDescriptions.UntrustedCertificate); |
Check failure
Code scanning / CodeQL
Clear text storage of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we need to ensure that sensitive information, such as certificate thumbprints, is encrypted before being logged. We can use the System.Security.Cryptography.ProtectedData class to encrypt the thumbprints before logging them. This will ensure that even if the logs are accessed by unauthorized users, the sensitive information remains protected.
- Encrypt the thumbprints before appending them to the log message.
- Update the logging statements to include the encrypted thumbprints instead of the plain text ones.
- Add necessary imports for the encryption functionality.
Suggested changeset
1
Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs
| @@ -38,2 +38,3 @@ | ||
| using Udap.Util.Extensions; | ||
| using System.Security.Cryptography; | ||
| using static Udap.Model.UdapConstants; | ||
| @@ -42,2 +43,9 @@ | ||
|
|
||
| private string Encrypt(string data) | ||
| { | ||
| byte[] dataBytes = Encoding.UTF8.GetBytes(data); | ||
| byte[] encryptedBytes = ProtectedData.Protect(dataBytes, null, DataProtectionScope.CurrentUser); | ||
| return Convert.ToBase64String(encryptedBytes); | ||
| } | ||
|
|
||
| /// <summary> | ||
| @@ -305,3 +313,3 @@ | ||
| var sb = new StringBuilder(); | ||
| sb.AppendLine($"Client Thumbprint: {publicCert.Thumbprint}"); | ||
| sb.AppendLine($"Client Thumbprint: {Encrypt(publicCert.Thumbprint)}"); | ||
|
|
||
| @@ -310,3 +318,3 @@ | ||
| sb.AppendLine( | ||
| $"Intermediate Thumbprints: {string.Join(" | ", intermediateCertificates.Select(a => a.Thumbprint))}"); | ||
| $"Intermediate Thumbprints: {string.Join(" | ", intermediateCertificates.Select(a => Encrypt(a.Thumbprint)))}"); | ||
|
|
||
| @@ -314,3 +322,3 @@ | ||
|
|
||
| sb.AppendLine($"Anchor Certificate Thumbprints: {string.Join(" | ", anchorCertificates.Select(a => a.Thumbprint))}"); | ||
| sb.AppendLine($"Anchor Certificate Thumbprints: {string.Join(" | ", anchorCertificates.Select(a => Encrypt(a.Thumbprint)))}"); | ||
| _logger.LogWarning("{Message}", sb.ToString()); |
Copilot is powered by AI and may make mistakes. Always verify output.
Udap.Server/Security/Authentication/TieredOAuth/TieredOAuthAuthenticationHandler.cs
Fixed
Show fixed
Hide fixed
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
The idea is to build a functioning CdsHooks service that works with version 2.0 and another mode where it can run in a UDAP enabled experience.
This is experimental for testing what it would be like to integrate UDAP and CDS Hooks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Removed all warnings.
Adding more Cancellation Token plumbing.
Removed code that was UdapEd only, such as IAccessTokenProvider and AuthTokenHttpMessageHandler
Package updates