Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      .Net Core: configure programmatically

      using System;
      using System.Collections;
      using System.Collections.Generic;
      using Microsoft.AspNetCore.Builder;
      using Microsoft.AspNetCore.Hosting;
      using Microsoft.Extensions.Configuration;
      using Microsoft.Extensions.DependencyInjection;
      using Microsoft.Extensions.Logging;
      using Microsoft.Extensions.Options;
      using Microsoft.AspNetCore;
      
      namespace MvcApp
      {
          public class ProgramLogging
          {
              public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
                  WebHost.CreateDefaultBuilder(args)
                      .ConfigureLogging((hostingContext, logging) => // Sensitive
                      {
                          // ...
                      })
                      .UseStartup<StartupLogging>();
          }
          
          public class StartupLogging
          {
              public void ConfigureServices(IServiceCollection services)
              {
                  services.AddLogging(logging => // Sensitive
                  {
                      // ...
                  });
              }
      
              public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
              {
                  IConfiguration config = null;
                  LogLevel level = LogLevel.Critical;
                  Boolean includeScopes = false;
                  Func<string,Microsoft.Extensions.Logging.LogLevel,bool> filter = null;
                  Microsoft.Extensions.Logging.Console.IConsoleLoggerSettings consoleSettings = null;
                  Microsoft.Extensions.Logging.AzureAppServices.AzureAppServicesDiagnosticsSettings azureSettings = null;
                  Microsoft.Extensions.Logging.EventLog.EventLogSettings eventLogSettings = null;
      
                  // An issue will be raised for each call to an ILoggerFactory extension methods adding loggers.
                  loggerFactory.AddAzureWebAppDiagnostics(); // Sensitive
                  loggerFactory.AddAzureWebAppDiagnostics(azureSettings); // Sensitive
                  loggerFactory.AddConsole(); // Sensitive
                  loggerFactory.AddConsole(level); // Sensitive
                  loggerFactory.AddConsole(level, includeScopes); // Sensitive
                  loggerFactory.AddConsole(filter); // Sensitive
                  loggerFactory.AddConsole(filter, includeScopes); // Sensitive
                  loggerFactory.AddConsole(config); // Sensitive
                  loggerFactory.AddConsole(consoleSettings); // Sensitive
                  loggerFactory.AddDebug(); // Sensitive
                  loggerFactory.AddDebug(level); // Sensitive
                  loggerFactory.AddDebug(filter); // Sensitive
                  loggerFactory.AddEventLog(); // Sensitive
                  loggerFactory.AddEventLog(eventLogSettings); // Sensitive
                  loggerFactory.AddEventLog(level); // Sensitive
                  loggerFactory.AddEventSourceLogger(); // Sensitive
      
                  IEnumerable<ILoggerProvider> providers = null;
                  LoggerFilterOptions filterOptions1 = null;
                  IOptionsMonitor<LoggerFilterOptions> filterOptions2 = null;
                  
                  LoggerFactory factory = new LoggerFactory(); // Sensitive
                  new LoggerFactory(providers); // Sensitive
                  new LoggerFactory(providers, filterOptions1); // Sensitive
                  new LoggerFactory(providers, filterOptions2); // Sensitive
              }
          }
      }
      

      Log4Net

      using System;
      using System.IO;
      using System.Xml;
      using log4net.Appender;
      using log4net.Config;
      using log4net.Repository;
      
      namespace Logging
      {
          class Log4netLogging
          {
              void Foo(ILoggerRepository repository, XmlElement element, FileInfo configFile, Uri configUri, Stream configStream,
              IAppender appender, params IAppender[] appenders) {
                  log4net.Config.XmlConfigurator.Configure(repository); // Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, element); // Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configFile); // Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configUri); // Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configStream); // Sensitive
                  log4net.Config.XmlConfigurator.ConfigureAndWatch(repository, configFile); // Sensitive
      
                  log4net.Config.DOMConfigurator.Configure(); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(element); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, element); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(configFile); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, configFile); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(configStream); // Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, configStream); // Sensitive
                  log4net.Config.DOMConfigurator.ConfigureAndWatch(configFile); // Sensitive
                  log4net.Config.DOMConfigurator.ConfigureAndWatch(repository, configFile); // Sensitive
      
                  log4net.Config.BasicConfigurator.Configure(); // Sensitive
                  log4net.Config.BasicConfigurator.Configure(appender); // Sensitive
                  log4net.Config.BasicConfigurator.Configure(appenders); // Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository); // Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository, appender); // Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository, appenders); // Sensitive
              }
          }
      }
      

      NLog: configure programmatically

      namespace Logging
      {
          class NLogLogging
          {
              void Foo(NLog.Config.LoggingConfiguration config) {
                  NLog.LogManager.Configuration = config; // Sensitive, this changes the logging configuration.
              }
          }
      }
      

      Serilog

      namespace Logging
      {
          class SerilogLogging
          {
              void Foo() {
                  new Serilog.LoggerConfiguration(); // Sensitive
              }
          }
      }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nicolas.harraudeau Nicolas Harraudeau (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: