feat: reduce warning

[berviantoleo]

No description provided.

To address the vulnerability, sanitize the message input by removing newline (\n) and carriage return (\r) characters before logging. This can be accomplished with message.Replace("\r", "").Replace("\n", ""), which will prevent attackers from injecting new log lines. Only the log statements that include the user-provided value (here, lines 35 and 37) need to have the sanitized message. We should not alter the message value when sending to Service Bus, only sanitizing for logging. No extra dependencies are necessary; these are standard string methods in C#.

Changes summary

• Files/regions to change:
  • File: BervProject.WebApi.Boilerplate/Services/Azure/AzureQueueServices.cs
  • Affected lines: 35, 37 (only the log output, not the message sending)
• What is needed:
  • Sanitize user input for logs: .Replace("\r", "").Replace("\n", "").

---

To mitigate log forging risks, any user-supplied data written to logs should be sanitized. In this context, sanitation involves removing newline and carriage return characters from user input before logging it, to prevent malicious users from introducing line breaks and forging log entries. The best fix is to sanitize the message variable in the logger statements within SendMessage. The changes should only apply to the log statements, so that the message sent to the queue is unaffected.

We will:

• Replace both logger statements in SendMessage to use a sanitized version of message (with \r and \n removed).
• Implement the sanitation inline (e.g., message.Replace("\r", "").Replace("\n", "") or using a helper method if preferred).
• No new methods are strictly necessary since this is a simple transformation.
• No new imports are needed.

Edits are required only in BervProject.WebApi.Boilerplate/Services/Azure/AzureQueueServices.cs.

---

To fix this problem, user input (message) should be sanitized before being inserted into log messages. The recommended approach for plain text logs is to strip or replace lines breaks and other control characters from the logged value to prevent any attempt at log forging via user input. The minimal fix is to replace line breaks (\r, \n, Environment.NewLine) in the message string with empty strings or visible delimiters before passing to the log. This should be done directly in the relevant log statement on line 72 (_logger.LogDebug(...)) of AzureStorageQueueService.cs.

Steps needed:

• In AzureStorageQueueService.cs, update the log statement on line 72 to log a sanitized version of message, where line breaks are removed.
• The sanitization can be done inline, e.g. message.Replace("\r", "").Replace("\n", ""), or with Environment.NewLine.
• No need to create a new method or make changes elsewhere since it only affects log output.

---

To fix the problem, user input to logs should be sanitized before being written. For plain text log files, this means stripping or replacing newlines and carriage returns to ensure the message cannot create additional log entries or break the log structure. The best way to do this is to use string.Replace for \r and \n to remove or substitute these characters from the user-supplied message before logging. This should be done immediately before including the value in log entries.

In this specific case, the changes needed:

• In BervProject.WebApi.Boilerplate/Services/Azure/TopicServices.cs, within the SendTopic method, sanitize the message variable before it is included in the log entries. This can be done with a local variable holding a 'loggable' message in which any \r and \n have been stripped.
• Both occurrences of message in log lines (lines 35 and 37) should use this sanitized/loggable version.

No new external dependencies are needed; only built-in string methods are required.

---

To prevent log forging based on untrusted user input, all user-supplied strings written to logs must be sanitized. For plain text logs, this usually means ensuring that newlines (\n, \r, and any platform-specific line-endings) are stripped or replaced. The most reliable approach is to use string.Replace (possibly chained for both \r and \n, as in .NET strings can mix both) on the input at the time of logging.

Specifically, in TopicServices.cs, lines 35 and 37 log the raw message. Both should be modified to log a sanitized version of message where all newline characters are replaced or removed. It is recommended to define a local variable in the method (or even a private static method for sanitization for reuse and clarity) to hold the sanitized string and use it in logging.

Changes are required only within BervProject.WebApi.Boilerplate/Services/Azure/TopicServices.cs in the SendTopic method, replacing log calls to safely log sanitized user input.

---

[codecov]

Codecov Report

❌ Patch coverage is 51.22807% with 139 lines in your changes missing coverage. Please review.
✅ Project coverage is 25.41%. Comparing base (5a3288c) to head (e75d1fc).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...late/Services/Azure/ServiceBusTopicSubscription.cs	0.00%	35 Missing ⚠️
...lerplate/Services/Azure/ServiceBusQueueConsumer.cs	0.00%	33 Missing ⚠️
...erplate/Services/Azure/AzureTableStorageService.cs	0.00%	18 Missing ⚠️
...erplate/Services/Azure/AzureStorageQueueService.cs	58.33%	12 Missing and 3 partials ⚠️
...t.WebApi.Boilerplate/Services/Azure/BlobService.cs	64.51%	10 Missing and 1 partial ⚠️
BervProject.WebApi.Boilerplate/Entities/Note.cs	0.00%	6 Missing ⚠️
...WebApi.Boilerplate/ConfigModel/AWSConfiguration.cs	0.00%	4 Missing ⚠️
BervProject.WebApi.Boilerplate/Entities/Book.cs	0.00%	3 Missing ⚠️
...rvProject.WebApi.Boilerplate/Entities/Publisher.cs	0.00%	3 Missing ⚠️
BervProject.WebApi.Boilerplate/Program.cs	0.00%	3 Missing ⚠️
... and 7 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2980      +/-   ##
==========================================
+ Coverage   25.20%   25.41%   +0.20%     
==========================================
  Files          40       40              
  Lines         730      724       -6     
  Branches       20       21       +1     
==========================================
  Hits          184      184              
+ Misses        542      536       -6     
  Partials        4        4              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.