Skip to content

Fix CodeQL warning: Log entries created from user input#3726

Merged
RaymondLuong3 merged 1 commit intomasterfrom
fix/codeql
Mar 6, 2026
Merged

Fix CodeQL warning: Log entries created from user input#3726
RaymondLuong3 merged 1 commit intomasterfrom
fix/codeql

Conversation

@pmachapman
Copy link
Collaborator

@pmachapman pmachapman commented Mar 3, 2026
edited by irahopkinson
Loading

devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 3, 2026
View reviewed changes
Copy link

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 3, 2026
View reviewed changes
src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs Fixed
projectSFId ??= _projectDoc?.Id ?? "unknown";
userId ??= _userSecret?.Id ?? "unknown";
_logger.LogInformation($"SyncLog ({projectSFId} {userId}): {message}");
_logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {message}");

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a user-provided value.
This log entry depends on a user-provided value.
This log entry depends on a user-provided value.
This log entry depends on a user-provided value.
This log entry depends on a user-provided value.
This log entry depends on a user-provided value.

Copilot Autofix

AI 6 days ago

General approach: Ensure that any data that can originate from user input is normalized before being written to logs. For plain-text logs, this typically means removing or replacing control characters that can break the log format, especially \r and \n. We should also avoid changing log message structure so existing analysis still works. Since the vulnerable sink is the Log method in ParatextSyncRunner, we can centralize the fix by sanitizing both the interpolated IDs and the message written to _syncMetrics.Log.

Best concrete fix for this code:

  1. Keep the existing Sanitize() calls on projectSFId and userId in the _logger.LogInformation(...) call; these already reduce risk.
  2. Additionally sanitize the message parameter at the start of Log to remove newline sequences and carriage returns. Use simple string.Replace calls, as recommended, to strip Environment.NewLine, \r, and \n.
  3. Use this sanitized message both for the structured logger call and when adding to _syncMetrics.Log. This ensures that any content derived from user input cannot inject extra log lines into either the normal log output or the metrics log.
  4. Implement the sanitization locally in ParatextSyncRunner.Log to minimize impact on existing functionality and avoid broad changes. No new dependencies are required.

Concretely, in src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs, update Log so that:

  • It normalizes message into a new variable sanitizedMessage by stripping newlines.
  • It uses sanitizedMessage in _logger.LogInformation and in _syncMetrics.Log.Add(...).

No other files need edits for this specific alert, because the sink is centralized in this logging method.

Suggested changeset 1
src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs b/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs
--- a/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs
+++ b/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs
@@ -2190,8 +2190,12 @@
     {
         projectSFId ??= _projectDoc?.Id ?? "unknown";
         userId ??= _userSecret?.Id ?? "unknown";
-        _logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {message}");
-        _syncMetrics.Log.Add($"{DateTime.UtcNow:u} {message}");
+        string sanitizedMessage = message
+            .Replace(Environment.NewLine, string.Empty)
+            .Replace("\r", string.Empty)
+            .Replace("\n", string.Empty);
+        _logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {sanitizedMessage}");
+        _syncMetrics.Log.Add($"{DateTime.UtcNow:u} {sanitizedMessage}");
     }
 
     private void LogMetric(string message) => Log(message);
EOF
@@ -2190,8 +2190,12 @@
{
projectSFId ??= _projectDoc?.Id ?? "unknown";
userId ??= _userSecret?.Id ?? "unknown";
_logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {message}");
_syncMetrics.Log.Add($"{DateTime.UtcNow:u} {message}");
string sanitizedMessage = message
.Replace(Environment.NewLine, string.Empty)
.Replace("\r", string.Empty)
.Replace("\n", string.Empty);
_logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {sanitizedMessage}");
_syncMetrics.Log.Add($"{DateTime.UtcNow:u} {sanitizedMessage}");
}

private void LogMetric(string message) => Log(message);
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Copy link
Collaborator

@marksvc marksvc Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a bit confused about what the github warning is about; I wonder if it is pointing out a need to sanitize message.

@pmachapman pmachapman force-pushed the fix/codeql branch 2 times, most recently from d0e8357 to f7f04fc Compare March 3, 2026 23:01
@codecov
Copy link

codecov bot commented Mar 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.33%. Comparing base (6ef8e7b) to head (c5f11b2).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3726   +/-   ##
=======================================
  Coverage   81.33%   81.33%           
=======================================
  Files         620      620           
  Lines       39037    39037           
  Branches     6364     6359    -5     
=======================================
  Hits        31749    31749           
  Misses       6304     6304           
  Partials      984      984

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@marksvc marksvc self-assigned this Mar 5, 2026
marksvc
marksvc approved these changes Mar 5, 2026
View reviewed changes
src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs Fixed
projectSFId ??= _projectDoc?.Id ?? "unknown";
userId ??= _userSecret?.Id ?? "unknown";
_logger.LogInformation($"SyncLog ({projectSFId} {userId}): {message}");
_logger.LogInformation($"SyncLog ({projectSFId.Sanitize()} {userId.Sanitize()}): {message}");
Copy link
Collaborator

@marksvc marksvc Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a bit confused about what the github warning is about; I wonder if it is pointing out a need to sanitize message.

@RaymondLuong3 RaymondLuong3 merged commit 13dc661 into master Mar 6, 2026
21 of 22 checks passed
@RaymondLuong3 RaymondLuong3 deleted the fix/codeql branch March 6, 2026 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@marksvc marksvc marksvc approved these changes

Assignees

@marksvc marksvc

Labels

testing not required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pmachapman @marksvc @RaymondLuong3