Skip to content

Commit 7827027

Browse files
akustnakustn
authored
Ensure user input contains no new lines (#204)
1 parent 2fd1952 commit 7827027

File tree

3 files changed

+28
-17
lines changed

3 files changed

+28
-17
lines changed

api/Controllers/PlantDataController.cs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
using api.Database.Models;
44
using api.Services;
55
using api.Utilities;
6+
using Api.Utilities;
67
using Microsoft.AspNetCore.Authorization;
78
using Microsoft.AspNetCore.Mvc;
89

@@ -192,21 +193,22 @@ public async Task<ActionResult<BlobStorageLocation>> DownloadUriFromInspectionId
192193
[FromRoute] string inspectionId
193194
)
194195
{
196+
inspectionId = Sanitize.SanitizeUserInput(inspectionId);
195197
try
196198
{
197199
var plantData = await plantDataService.ReadByInspectionId(inspectionId);
198200
if (plantData == null)
199201
{
200202
logger.LogWarning(
201-
"No plant data found for InspectionId: {InspectionId}",
203+
"No plant data found for InspectionId: {inspectionId}",
202204
inspectionId
203205
);
204206
return NotFound($"Could not find plant data with inspection id {inspectionId}");
205207
}
206208

207209
var anonymizerWorkflowStatus = plantData.AnonymizerWorkflowStatus;
208210
logger.LogInformation(
209-
"Anonymization workflow status for InspectionId: {InspectionId} is {Status}",
211+
"Anonymization workflow status for InspectionId: {inspectionId} is {Status}",
210212
inspectionId,
211213
anonymizerWorkflowStatus
212214
);
@@ -216,7 +218,7 @@ [FromRoute] string inspectionId
216218
case WorkflowStatus.ExitSuccess:
217219
var plantDataJson = JsonSerializer.Serialize(plantData, _jsonSerializerOptions);
218220
logger.LogInformation(
219-
"Full Plant Data for InspectionId: {InspectionId}: {PlantData}",
221+
"Full Plant Data for InspectionId: {inspectionId}: {PlantData}",
220222
inspectionId,
221223
plantDataJson
222224
);

api/Controllers/WorkflowsController.cs

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
using api.Database.Models;
33
using api.MQTT;
44
using api.Services;
5+
using Api.Utilities;
56
using Microsoft.AspNetCore.Authorization;
67
using Microsoft.AspNetCore.Mvc;
78

@@ -83,23 +84,22 @@ public async Task<ActionResult<PlantDataResponse>> AnonymizerDone(
8384
[FromBody] AnonymizerDoneNotification notification
8485
)
8586
{
87+
var inspectionId = Sanitize.SanitizeUserInput(notification.InspectionId);
8688
// TODO: Update plantData with information that the Anonymizer is Done
8789
logger.LogInformation(
8890
"Completed anonymization of plantData with inspection id {id}",
89-
notification.InspectionId
91+
inspectionId
9092
);
9193

92-
var plantData = await plantDataService.ReadByInspectionId(notification.InspectionId);
94+
var plantData = await plantDataService.ReadByInspectionId(inspectionId);
9395
if (plantData == null)
9496
{
95-
return NotFound(
96-
$"Could not find plantData with inspection id {notification.InspectionId}"
97-
);
97+
return NotFound($"Could not find plantData with inspection id {inspectionId}");
9898
}
9999

100100
var message = new SaraVisualizationAvailableMessage
101101
{
102-
InspectionId = notification.InspectionId,
102+
InspectionId = inspectionId,
103103
StorageAccount = plantData.AnonymizedBlobStorageLocation.StorageAccount,
104104
BlobContainer = plantData.AnonymizedBlobStorageLocation.BlobContainer,
105105
BlobName = plantData.AnonymizedBlobStorageLocation.BlobName,
@@ -108,7 +108,7 @@ [FromBody] AnonymizerDoneNotification notification
108108
mqttMessageService.OnSaraVisualizationAvailable(message);
109109

110110
var updatedPlantData = await plantDataService.UpdateAnonymizerWorkflowStatus(
111-
notification.InspectionId,
111+
inspectionId,
112112
WorkflowStatus.ExitSuccess
113113
);
114114

@@ -127,24 +127,23 @@ public async Task<ActionResult<PlantDataResponse>> ConstantLevelOilerCompleted(
127127
[FromBody] ConstantLevelOilerDoneNotification notification
128128
)
129129
{
130+
var inspectionId = Sanitize.SanitizeUserInput(notification.InspectionId);
130131
// TODO: Update plantData with information that the CLO is Done
131132
logger.LogInformation(
132133
"Completed Constant Level Oiler analysis for plantData with inspection id {id} and oil level {oilLevel}",
133-
notification.InspectionId,
134+
inspectionId,
134135
notification.OilLevel
135136
);
136137

137-
var plantData = await plantDataService.ReadByInspectionId(notification.InspectionId);
138+
var plantData = await plantDataService.ReadByInspectionId(inspectionId);
138139
if (plantData == null)
139140
{
140-
return NotFound(
141-
$"Could not find plantData with inspection id {notification.InspectionId}"
142-
);
141+
return NotFound($"Could not find plantData with inspection id {inspectionId}");
143142
}
144143

145144
var message = new SaraAnalysisResultMessage
146145
{
147-
InspectionId = notification.InspectionId,
146+
InspectionId = inspectionId,
148147
AnalysisType = Analysis.TypeToString(AnalysisType.ConstantLevelOiler),
149148
RegressionResult = notification.OilLevel,
150149
StorageAccount = plantData.VisualizedBlobStorageLocation.StorageAccount,
@@ -170,7 +169,7 @@ public ActionResult FencillaDone([FromBody] FencillaDoneNotification notificatio
170169
// TODO: Update plantData with information that Fencilla is Done
171170
logger.LogInformation(
172171
"Completed Fencilla analysis for plantData with inspection id {id} and break found is {IsBreak} with confidence {Confidence}",
173-
notification.InspectionId,
172+
Sanitize.SanitizeUserInput(notification.InspectionId),
174173
notification.IsBreak,
175174
notification.Confidence
176175
);

api/Utilities/SanitizedInput.cs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
namespace Api.Utilities
2+
{
3+
public static class Sanitize
4+
{
5+
public static string SanitizeUserInput(string inputString)
6+
{
7+
return inputString.Replace("\n", "").Replace("\r", "");
8+
}
9+
}
10+
}

0 commit comments

Comments
 (0)