Skip to content

chore(core): upgrade to .NET 9 and apply various fixes and improvements #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
engineering87 merged 19 commits into from
Aug 24, 2025
Merged

chore(core): upgrade to .NET 9 and apply various fixes and improvements #59

engineering87 merged 19 commits into from
Aug 24, 2025

Conversation

@engineering87
Copy link
Owner

@engineering87 engineering87 commented Aug 24, 2025

No description provided.

@engineering87
chore(deps): update dependencies to latest versions
366eb27
@engineering87
chore(ci): explicitly set read permission for GitHub Action
4e98134
@engineering87
chore(deps): update dependencies to latest versions
66120f7
@engineering87
Merge branch 'develop' of https://github.com/engineering87/WART into …
7f161fd 
…develop
@engineering87
fix(logging): sanitize structured logging to prevent log injection
36bf999
@engineering87
fix(logging): sanitize structured logging to prevent log injection
ee76e32
@engineering87
chore(deps): update dependencies to latest versions
d3ff4df
@engineering87
chore(deps): update dependencies to latest versions
c79b78d
@engineering87
docs: update README to include GitHub Sponsors badge and sponsorship …
54890f0 
…info
@engineering87
chore(deps): update dependencies to latest versions
fac6df3
@engineering87
Merge branch 'develop' of https://github.com/engineering87/WART into …
cbd9f0a 
…develop
@engineering87
refactor(controller): use request snapshot from HttpContext.Items in …
4b154f8 
…OnActionExecuted
@engineering87
refactor(worker): improve WartEventWorker robustness and clarity
caad3ad
@engineering87
refactor(middleware): fix pipeline order and consolidate endpoint map…
fb6d3ab 
…ping
@engineering87
perf(middleware): enable response compression and standardize pipelin…
afefa7e 
…e order
@engineering87
feat(wart-event): unify timestamps
6d5854b
@engineering87
refactor(hubs,worker): partition connection tracking per hub and some…
1ae1dc6 
… other optimization
@engineering87
docs(readme): improve documentation
ba724ec
@engineering87
chore(core): upgrade to .NET 9 and apply various fixes and improvements
dd4ac22
@github-advanced-security
Copy link

github-advanced-security bot commented Aug 24, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 24, 2025
View reviewed changes
src/WART-Core/Hubs/WartHubBase.cs

_logger?.LogInformation($"Connection {Context.ConnectionId} added to group {groupName}");
_logger?.LogInformation("Connection {ConnectionId} added to group {GroupName}",
Context.ConnectionId, LogSanitizer.Sanitize(groupName));

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI 4 months ago

To fully mitigate log forging risks as per CodeQL's guidance and best practices, we should:

  • Ensure that user input used in logging is not only stripped of control characters, but also of curly braces ({} and }), which are special in Microsoft logging templates and may cause confusion or malformed logs.
  • Optionally, clearly delimit user input (e.g., quote or bracket it) in logs.

Edit required:

  • Update LogSanitizer.Sanitize in src/WART-Core/Utilities/LogSanitizer.cs to remove { and } characters from input strings, in addition to control characters.
  • No changes needed in how Sanitize is used in WartHubBase.cs, since it is already applied.

No additional dependencies are required.

Suggested changeset 1
src/WART-Core/Utilities/LogSanitizer.cs
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/WART-Core/Utilities/LogSanitizer.cs b/src/WART-Core/Utilities/LogSanitizer.cs
--- a/src/WART-Core/Utilities/LogSanitizer.cs
+++ b/src/WART-Core/Utilities/LogSanitizer.cs
@@ -16,7 +16,7 @@
             if (string.IsNullOrEmpty(input)) return input;
 
             return new string(input
-                .Where(c => !char.IsControl(c))
+                .Where(c => !char.IsControl(c) && c != '{' && c != '}')
                 .ToArray());
         }
     }
EOF
@@ -16,7 +16,7 @@
if (string.IsNullOrEmpty(input)) return input;

return new string(input
.Where(c => !char.IsControl(c))
.Where(c => !char.IsControl(c) && c != '{' && c != '}')
.ToArray());
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
@engineering87 engineering87 merged commit 7b0dbd9 into main Aug 24, 2025
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@engineering87