Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      .Net Core: configure programmatically

      Imports System
      Imports System.Collections
      Imports System.Collections.Generic
      Imports Microsoft.AspNetCore
      Imports Microsoft.AspNetCore.Builder
      Imports Microsoft.AspNetCore.Hosting
      Imports Microsoft.Extensions.Configuration
      Imports Microsoft.Extensions.DependencyInjection
      Imports Microsoft.Extensions.Logging
      Imports Microsoft.Extensions.Options
      
      Namespace MvcApp
      
          Public Class ProgramLogging
      
              Public Shared Function CreateWebHostBuilder(args As String()) As IWebHostBuilder
      
                  WebHost.CreateDefaultBuilder(args) _
                      .ConfigureLogging(Function(hostingContext, Logging) ' Sensitive
                                            ' ...
                                        End Function) _
                  .UseStartup(Of StartupLogging)()
      
                  '...
              End Function
          End Class
      
      
          Public Class StartupLogging
      
              Public Sub ConfigureServices(services As IServiceCollection)
      
                  services.AddLogging(Function(logging) ' Sensitive
                                          '...
                                      End Function)
              End Sub
      
              Public Sub Configure(app As IApplicationBuilder, env As IHostingEnvironment, loggerFactory As ILoggerFactory)
      
                  Dim config As IConfiguration = Nothing
                  Dim level As LogLevel = LogLevel.Critical
                  Dim includeScopes As Boolean = False
                  Dim filter As Func(Of String, Microsoft.Extensions.Logging.LogLevel, Boolean) = Nothing
                  Dim consoleSettings As Microsoft.Extensions.Logging.Console.IConsoleLoggerSettings = Nothing
                  Dim azureSettings As Microsoft.Extensions.Logging.AzureAppServices.AzureAppServicesDiagnosticsSettings = Nothing
                  Dim eventLogSettings As Microsoft.Extensions.Logging.EventLog.EventLogSettings = Nothing
      
                  ' An issue will be raised for each call to an ILoggerFactory extension methods adding loggers.
                  loggerFactory.AddAzureWebAppDiagnostics() ' Sensitive
                  loggerFactory.AddAzureWebAppDiagnostics(azureSettings) ' Sensitive
                  loggerFactory.AddConsole() ' Sensitive
                  loggerFactory.AddConsole(level) ' Sensitive
                  loggerFactory.AddConsole(level, includeScopes) ' Sensitive
                  loggerFactory.AddConsole(filter) ' Sensitive
                  loggerFactory.AddConsole(filter, includeScopes) ' Sensitive
                  loggerFactory.AddConsole(config) ' Sensitive
                  loggerFactory.AddConsole(consoleSettings) ' Sensitive
                  loggerFactory.AddDebug() ' Sensitive
                  loggerFactory.AddDebug(level) ' Sensitive
                  loggerFactory.AddDebug(filter) ' Sensitive
                  loggerFactory.AddEventLog() ' Sensitive
                  loggerFactory.AddEventLog(eventLogSettings) ' Sensitive
                  loggerFactory.AddEventLog(level) ' Sensitive
                  ' Only available for NET Standard 2.0 and above
                  'loggerFactory.AddEventSourceLogger() ' Sensitive
      
                  Dim providers As IEnumerable(Of ILoggerProvider) = Nothing
                  Dim filterOptions1 As LoggerFilterOptions = Nothing
                  Dim filterOptions2 As IOptionsMonitor(Of LoggerFilterOptions) = Nothing
      
                  Dim factory As LoggerFactory = New LoggerFactory() ' Sensitive
                  factory = New LoggerFactory(providers) ' Sensitive
                  factory = New LoggerFactory(providers, filterOptions1) ' Sensitive
                  factory = New LoggerFactory(providers, filterOptions2) ' Sensitive
              End Sub
          End Class
      End Namespace
      

      Log4Net

      Imports System
      Imports System.IO
      Imports System.Xml
      Imports log4net.Appender
      Imports log4net.Config
      Imports log4net.Repository
      
      Namespace Logging
          Class Log4netLogging
              Private Sub Foo(ByVal repository As ILoggerRepository, ByVal element As XmlElement, ByVal configFile As FileInfo, ByVal configUri As Uri, ByVal configStream As Stream, ByVal appender As IAppender, ParamArray appenders As IAppender())
                  log4net.Config.XmlConfigurator.Configure(repository) ' Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, element) ' Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configFile) ' Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configUri) ' Sensitive
                  log4net.Config.XmlConfigurator.Configure(repository, configStream) ' Sensitive
                  log4net.Config.XmlConfigurator.ConfigureAndWatch(repository, configFile) ' Sensitive
      
                  log4net.Config.DOMConfigurator.Configure() ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(element) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, element) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(configFile) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, configFile) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(configStream) ' Sensitive
                  log4net.Config.DOMConfigurator.Configure(repository, configStream) ' Sensitive
                  log4net.Config.DOMConfigurator.ConfigureAndWatch(configFile) ' Sensitive
                  log4net.Config.DOMConfigurator.ConfigureAndWatch(repository, configFile) ' Sensitive
      
                  log4net.Config.BasicConfigurator.Configure() ' Sensitive
                  log4net.Config.BasicConfigurator.Configure(appender) ' Sensitive
                  log4net.Config.BasicConfigurator.Configure(appenders) ' Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository) ' Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository, appender) ' Sensitive
                  log4net.Config.BasicConfigurator.Configure(repository, appenders) ' Sensitive
              End Sub
          End Class
      End Namespace
      

      NLog: configure programmatically

      Namespace Logging
          Class NLogLogging
              Private Sub Foo(ByVal config As NLog.Config.LoggingConfiguration)
                  NLog.LogManager.Configuration = config ' Sensitive
              End Sub
          End Class
      End Namespace
      

      Serilog

      Namespace Logging
          Class SerilogLogging
              Private Sub Foo()
                  Dim config As Serilog.LoggerConfiguration = New Serilog.LoggerConfiguration() ' Sensitive
              End Sub
          End Class
      End Namespace
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nicolas.harraudeau Nicolas Harraudeau (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: