Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert #78: Log Injection #53

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

Devasy23
Copy link
Owner

Fixes https://github.com/Devasy23/FaceRec/security/code-scanning/78

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Copy link

@senior-dev-bot senior-dev-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback from Senior Dev Bot

API/route.py Outdated
Comment on lines 392 to 399

"""
logging.info('Deleting Employee')
logging.debug(f"Deleting for EmployeeCode: {EmployeeCode}")
sanitized_employee_code = re.sub(r'\D', '', str(EmployeeCode))
logging.debug(f"Deleting for EmployeeCode: {sanitized_employee_code}")
client2.find_one_and_delete(collection2, {'EmployeeCode': EmployeeCode})

return {'Message': 'Successfully Deleted'}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CODE REVIEW

Good job on sanitizing the EmployeeCode before logging! However, ensure that the original variable remains unchanged for further operations. Alternatively, consider logging the sanitized value conditionally based on the logging level to avoid unnecessary processing.

sanitized_employee_code = re.sub(r'\D', '', str(EmployeeCode))
if logging.getLogger().isEnabledFor(logging.DEBUG):
    logging.debug(f"Deleting for EmployeeCode: {sanitized_employee_code}")

Copy link

API/route.py Fixed Show fixed Hide fixed
pre-commit-ci bot and others added 2 commits September 18, 2024 16:06
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@Devasy23 Devasy23 linked an issue Sep 18, 2024 that may be closed by this pull request
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - Log Injection
1 participant