Feature/843 revoke instance delegation2 #857

lovoll · 2024-10-23T14:20:29Z

Description

Related Issue(s)

Implementer API POST delegation/offered/revoke (så de som ga tilgang kan trekke tilbake delegeringer) #843

Developer/Reviewer Checklist

Your code builds clean without any errors or warnings
No changes to config/appsettings or environment variables created in separate linked PR
Manual testing done (required)
Relevant integration test added (required for functional changes)
Relevant automated test added (required for functional changes)
All integration tests run green

Documentation

User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

src/Altinn.AccessManagement.Core/Services/PolicyAdministrationPoint.cs

+                        string reasonPhrase = httpResponse.ReasonPhrase;
+                        _logger.LogError(
+                            "Writing of delegation policy at path: {policyPath} failed. Response Status Code:\n{status}. Response Reason Phrase:\n{reasonPhrase}",
+                            policyPath,


To fix the problem, we need to sanitize the policyPath before logging it. Specifically, we should remove any newline characters from the policyPath to prevent log forging. This can be done using the Replace method to remove newline characters.

src/Altinn.AccessManagement.Core/Services/PolicyAdministrationPoint.cs

+                bool validPath = DelegationHelper.TryGetDelegationPolicyPathFromInstanceRule(rules, out string path);
+                if (validPath)
+                {
+                    _logger.LogError(ex, "An exception occured while processing authorization rules for delegation on delegation policy path: {path}", path);


To fix the problem, we need to sanitize the path variable before logging it. Since the log entries are plain text, we should remove any newline characters from the path to prevent log forging. This can be done using the Replace method to remove newline characters.

Added Authorization removed for local test

src/Altinn.AccessManagement.Core/Models/AppsInstanceRevokeResponse.cs

sonarqubecloud · 2024-10-29T13:19:04Z

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
69.4% Coverage on New Code
1.6% Duplication on New Code

See analysis details on SonarCloud

lovoll added 5 commits October 23, 2024 14:51

Unsaved files

f6998c9

Push before stashrecovery

787f8d7

Stash recovery

1b53dd6

Removed RevokeAllEndpoint

8a51833

Removed unused method

9e2384e

github-advanced-security bot found potential problems Oct 23, 2024

View reviewed changes

Added test and fixed some duplicate code

2d58759

github-advanced-security bot found potential problems Oct 25, 2024

View reviewed changes

Fixed some code smells

ef12f7c

Added Authorization removed for local test

andreasisnes reviewed Oct 28, 2024

View reviewed changes

src/Altinn.AccessManagement.Core/Models/AppsInstanceRevokeResponse.cs Outdated Show resolved Hide resolved

jonkjetiloye approved these changes Oct 29, 2024

View reviewed changes

lovoll added 2 commits October 29, 2024 14:12

Merge and Typo fix comment

5d0ac8a

Unsaved changes missed from merge

6a1cc81

lovoll merged commit 5dbb8aa into main Oct 29, 2024
7 of 9 checks passed

lovoll deleted the feature/843-RevokeInstanceDelegation2 branch October 29, 2024 13:22

@@ -302,2 +302,3 @@
                             {
+                                string sanitizedPath = path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
                                 _logger.LogError(
@@ -305,3 +306,3 @@
                                     "An exception occured while processing authorization rules for delegation on delegation policy path: {path}",
-                                    path);
+                                    sanitizedPath);
                             }
@@ -344,3 +345,4 @@
                             {
-                                _logger.LogError(ex, "An exception occured while processing authorization rules for delegation on delegation policy path: {path}", path);
+                                string sanitizedPath = path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
+                                _logger.LogError(ex, "An exception occured while processing authorization rules for delegation on delegation policy path: {path}", sanitizedPath);
                             }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/843 revoke instance delegation2 #857

Feature/843 revoke instance delegation2 #857

lovoll commented Oct 23, 2024 •

edited

Loading

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

sonarqubecloud bot commented Oct 29, 2024

Feature/843 revoke instance delegation2 #857

Feature/843 revoke instance delegation2 #857

Conversation

lovoll commented Oct 23, 2024 • edited Loading

Description

Related Issue(s)

Developer/Reviewer Checklist

Documentation

sonarqubecloud bot commented Oct 29, 2024

Quality Gate passed

lovoll commented Oct 23, 2024 •

edited

Loading