From f0989d18c2890c92ba75c143bb7011fa9fd6e045 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 19:41:48 +0000 Subject: [PATCH 1/7] chore(deps): bump io.nlopez.compose.rules:detekt from 0.4.3 to 0.4.12 Bumps [io.nlopez.compose.rules:detekt](https://github.com/mrmans0n/compose-rules) from 0.4.3 to 0.4.12. - [Release notes](https://github.com/mrmans0n/compose-rules/releases) - [Commits](https://github.com/mrmans0n/compose-rules/compare/v0.4.3...v0.4.12) --- updated-dependencies: - dependency-name: io.nlopez.compose.rules:detekt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 29ffdd36..352d57fc 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -39,7 +39,7 @@ gradle-frontend = { module = "org.siouan:frontend-jdk17", version.ref = "fronten # Detekt gradle-detekt = { module = "io.gitlab.arturbosch.detekt:detekt-gradle-plugin", version.ref = "detekt" } -detekt-compose = { module = "io.nlopez.compose.rules:detekt", version = "0.4.3" } +detekt-compose = { module = "io.nlopez.compose.rules:detekt", version = "0.4.12" } detekt-compose2 = { module = "ru.kode:detekt-rules-compose", version = "1.3.0" } detekt-formatting = { module = "io.gitlab.arturbosch.detekt:detekt-formatting", version.ref = "detekt" } From 44d23de514ddbfeff4e319005f24d8726b912200 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 19:31:12 +0200 Subject: [PATCH 2/7] Fix code scanning alert no. 173: Log Injection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Yuniel Acosta Pérez <33158051+yacosta738@users.noreply.github.com> --- .../com/lyra/app/users/application/UserRegistrator.kt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt b/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt index 7871a8e5..1d9d3d0a 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt @@ -24,7 +24,8 @@ class UserRegistrator( } suspend fun registerNewUser(registerUserCommand: RegisterUserCommand): ApiDataResponse { - log.info("Registering new user with email: {}", registerUserCommand.email) + val sanitizedEmail = sanitizeInput(registerUserCommand.email) + log.info("Registering new user with email: {}", sanitizedEmail) return try { val user = registerUserCommand.toUser() val createdUser = userCreator.create(user) @@ -61,5 +62,9 @@ class UserRegistrator( companion object { private val log = LoggerFactory.getLogger(UserRegistrator::class.java) + + private fun sanitizeInput(input: String): String { + return input.replace("\n", "").replace("\r", "") + } } } From 26b190bca78424b316b37fbdbc965056b74dbfba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 19:33:47 +0200 Subject: [PATCH 3/7] Fix code scanning alert no. 174: Log Injection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Yuniel Acosta Pérez <33158051+yacosta738@users.noreply.github.com> --- .../app/users/infrastructure/http/UserRegisterController.kt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt index 32f5d487..3e5edd42 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt @@ -30,7 +30,8 @@ class UserRegisterController(private val userRegistrator: UserRegistrator) { @PostMapping("/register") suspend fun registerUser(@Validated @RequestBody registerUserRequest: RegisterUserRequest): ResponseEntity> { - log.info("Registering new user with email: {}", registerUserRequest.email) + val sanitizedEmail = registerUserRequest.email.replace(Regex("[\\r\\n]"), "") + log.info("Registering new user with email: {}", sanitizedEmail) return try { val response = userRegistrator.registerNewUser(registerUserRequest.toRegisterUserCommand()) mapRegistrationResult(response) From ce6d89d4f47d6a2590940e31ad5b87271eb32a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 19:34:09 +0200 Subject: [PATCH 4/7] Fix code scanning alert no. 167: Log Injection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Yuniel Acosta Pérez <33158051+yacosta738@users.noreply.github.com> --- .../authentication/application/AuthenticateUserQueryHandler.kt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/authentication/application/AuthenticateUserQueryHandler.kt b/apps/backend/src/main/kotlin/com/lyra/app/authentication/application/AuthenticateUserQueryHandler.kt index 5edf2b79..1fa7ad9b 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/authentication/application/AuthenticateUserQueryHandler.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/authentication/application/AuthenticateUserQueryHandler.kt @@ -24,7 +24,8 @@ class AuthenticateUserQueryHandler(private val authenticator: UserAuthenticatorS * @return The response of the query. */ override suspend fun handle(query: AuthenticateUserQuery): AccessToken { - log.info("Authenticating user with username: {}", query.username) + val sanitizedUsername = query.username.replace("\n", "").replace("\r", "") + log.info("Authenticating user with username: {}", sanitizedUsername) val username = Username(query.username) val password = Credential(CredentialId(UUID.randomUUID()), query.password) return authenticator.authenticate(username, password) From 45374762bbb7e2f4a10f806e9ce5798627a055cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:28:45 +0200 Subject: [PATCH 5/7] fix: code scanning alert no. 317: Log Injection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Yuniel Acosta Pérez <33158051+yacosta738@users.noreply.github.com> --- .../app/users/infrastructure/http/UserRegisterController.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt index 3e5edd42..5b8a5689 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt @@ -30,7 +30,7 @@ class UserRegisterController(private val userRegistrator: UserRegistrator) { @PostMapping("/register") suspend fun registerUser(@Validated @RequestBody registerUserRequest: RegisterUserRequest): ResponseEntity> { - val sanitizedEmail = registerUserRequest.email.replace(Regex("[\\r\\n]"), "") + val sanitizedEmail = registerUserRequest.email.replace(Regex("[^a-zA-Z0-9@._-]"), "") log.info("Registering new user with email: {}", sanitizedEmail) return try { val response = userRegistrator.registerNewUser(registerUserRequest.toRegisterUserCommand()) From b4a1013e20eaedf13968e0b007f34d1ddd7e6b94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:36:09 +0200 Subject: [PATCH 6/7] fix: code scanning alert no. 174: Log Injection #352 --- .../app/users/infrastructure/http/UserRegisterController.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt index 5b8a5689..b9468e83 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/users/infrastructure/http/UserRegisterController.kt @@ -8,6 +8,7 @@ import com.lyra.app.users.infrastructure.http.request.RegisterUserRequest import io.swagger.v3.oas.annotations.Operation import io.swagger.v3.oas.annotations.responses.ApiResponse import io.swagger.v3.oas.annotations.responses.ApiResponses +import org.apache.commons.text.StringEscapeUtils import org.slf4j.LoggerFactory import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity @@ -30,8 +31,7 @@ class UserRegisterController(private val userRegistrator: UserRegistrator) { @PostMapping("/register") suspend fun registerUser(@Validated @RequestBody registerUserRequest: RegisterUserRequest): ResponseEntity> { - val sanitizedEmail = registerUserRequest.email.replace(Regex("[^a-zA-Z0-9@._-]"), "") - log.info("Registering new user with email: {}", sanitizedEmail) + log.info("Registering new user with email: {}", StringEscapeUtils.escapeJava(registerUserRequest.email)) return try { val response = userRegistrator.registerNewUser(registerUserRequest.toRegisterUserCommand()) mapRegistrationResult(response) From f527add96eb65a926a714e0946dab82e1258dac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yuniel=20Acosta=20P=C3=A9rez?= <33158051+yacosta738@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:39:07 +0200 Subject: [PATCH 7/7] fix: code scanning alert no. 173: Log Injection #351 --- .../com/lyra/app/users/application/UserRegistrator.kt | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt b/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt index 1d9d3d0a..0f488b75 100644 --- a/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt +++ b/apps/backend/src/main/kotlin/com/lyra/app/users/application/UserRegistrator.kt @@ -10,6 +10,7 @@ import com.lyra.common.domain.Service import com.lyra.common.domain.bus.event.EventBroadcaster import com.lyra.common.domain.bus.event.EventPublisher import com.lyra.common.domain.error.BusinessRuleValidationException +import org.apache.commons.text.StringEscapeUtils import org.slf4j.LoggerFactory @Service @@ -24,8 +25,10 @@ class UserRegistrator( } suspend fun registerNewUser(registerUserCommand: RegisterUserCommand): ApiDataResponse { - val sanitizedEmail = sanitizeInput(registerUserCommand.email) - log.info("Registering new user with email: {}", sanitizedEmail) + log.info( + "Registering new user with email: {}", + StringEscapeUtils.escapeJava(registerUserCommand.email), + ) return try { val user = registerUserCommand.toUser() val createdUser = userCreator.create(user) @@ -62,9 +65,5 @@ class UserRegistrator( companion object { private val log = LoggerFactory.getLogger(UserRegistrator::class.java) - - private fun sanitizeInput(input: String): String { - return input.replace("\n", "").replace("\r", "") - } } }