Skip to content

Feature/demo e2e #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Feature/demo e2e #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3f6abba
Update Azure version in Index page to v5
CalinL Apr 24, 2025
557dabf
Update System.Text.Json package version
CalinL Apr 24, 2025
e82352f
Remove hardcoded admin username for security
CalinL Apr 24, 2025
c6f4d20
Add admin user details and logging in PrivacyModel
CalinL Apr 24, 2025
f647f14
Update dependencies and add book index route
CalinL Apr 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 129 additions & 0 deletions samples/Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions samples/routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@

from flask import request, render_template, make_response

from server.webapp import flaskapp, cursor
from server.models import Book


@flaskapp.route('/')
def index():
name = request.args.get('name')
author = request.args.get('author')
read = bool(request.args.get('read'))

if name:
cursor.execute(
"SELECT * FROM books WHERE name LIKE '%" + name + "%'"
)
books = [Book(*row) for row in cursor]

elif author:
cursor.execute(
"SELECT * FROM books WHERE author LIKE '%" + author + "%'"
)
books = [Book(*row) for row in cursor]

else:
cursor.execute("SELECT name, author, read FROM books")
books = [Book(*row) for row in cursor]

return render_template('books.html', books=books)
2 changes: 1 addition & 1 deletion src/webapp01/Pages/Index.cshtml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<div class="card text-center">
<div class="card-body">
<h5 class="card-title">.NET 💜 Azure v4</h5>
<h5 class="card-title">.NET 💜 Azure v5</h5>
<p class="card-text">Learn about <a href="https://learn.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
</div>
</div>
11 changes: 1 addition & 10 deletions src/webapp01/Pages/Index.cshtml.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,9 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;

namespace webapp01.Pages;

public class IndexModel : PageModel
{
string adminUserName = "[email protected]";

// TODO: Don't use this in production
public const string DEFAULT_PASSWORD = "Pass@word1";

private readonly ILogger<IndexModel> _logger;

public IndexModel(ILogger<IndexModel> logger)
Expand All @@ -19,9 +13,6 @@ public IndexModel(ILogger<IndexModel> logger)

public void OnGet()
{
string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";
var str = $"/C fsutil volume diskfree {drive}:";
_logger.LogInformation($"Command str: {str}");
_logger.LogInformation("Admin" + adminUserName);
_logger.LogInformation($"User: {User.Identity?.Name}");
}
}
10 changes: 10 additions & 0 deletions src/webapp01/Pages/Privacy.cshtml.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,23 @@
{
private readonly ILogger<PrivacyModel> _logger;

string adminUserName = "[email protected]";

Check notice

Code scanning / CodeQL

Missed 'readonly' opportunity Note

Field 'adminUserName' can be 'readonly'.

Copilot Autofix

AI 5 days ago

To fix the issue, we will add the readonly modifier to the adminUserName field. This ensures that the field cannot be reassigned after its initial assignment during declaration. The change will be made directly on line 10 where the field is declared.

Suggested changeset 1
src/webapp01/Pages/Privacy.cshtml.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/webapp01/Pages/Privacy.cshtml.cs b/src/webapp01/Pages/Privacy.cshtml.cs
--- a/src/webapp01/Pages/Privacy.cshtml.cs
+++ b/src/webapp01/Pages/Privacy.cshtml.cs
@@ -9,3 +9,3 @@
 
-    string adminUserName = "[email protected]";
+    readonly string adminUserName = "[email protected]";
 
EOF
@@ -9,3 +9,3 @@

string adminUserName = "[email protected]";
readonly string adminUserName = "[email protected]";

Copilot is powered by AI and may make mistakes. Always verify output.

// TODO: Don't use this in production
public const string DEFAULT_PASSWORD = "Pass@word1";


public PrivacyModel(ILogger<PrivacyModel> logger)
{
_logger = logger;
}

public void OnGet()
{
string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";

Check warning on line 23 in src/webapp01/Pages/Privacy.cshtml.cs

View workflow job for this annotation

GitHub Actions / Build Web App 

Possible null reference assignment.

Check warning on line 23 in src/webapp01/Pages/Privacy.cshtml.cs

View workflow job for this annotation

GitHub Actions / Build Web App 

Converting null literal or possible null value to non-nullable type.

Check warning on line 23 in src/webapp01/Pages/Privacy.cshtml.cs

View workflow job for this annotation

GitHub Actions / Build Web App 

Possible null reference assignment.

Check warning on line 23 in src/webapp01/Pages/Privacy.cshtml.cs

View workflow job for this annotation

GitHub Actions / Build Web App 

Converting null literal or possible null value to non-nullable type.

Check notice

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Copilot Autofix

AI 5 days ago

To fix the issue, we will replace the Request.Query.ContainsKey("drive") and subsequent Request.Query["drive"] with a single call to Request.Query.TryGetValue. This will combine the existence check and retrieval into one operation, improving efficiency. Specifically:

  1. Use Request.Query.TryGetValue("drive", out var driveValue) to check for the presence of the "drive" key and retrieve its value if it exists.
  2. If the key is not found, assign the default value "C" to the drive variable.

This change will be made on line 23 of the file src/webapp01/Pages/Privacy.cshtml.cs.

Suggested changeset 1
src/webapp01/Pages/Privacy.cshtml.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/webapp01/Pages/Privacy.cshtml.cs b/src/webapp01/Pages/Privacy.cshtml.cs
--- a/src/webapp01/Pages/Privacy.cshtml.cs
+++ b/src/webapp01/Pages/Privacy.cshtml.cs
@@ -22,3 +22,3 @@
     {
-        string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";
+        string drive = Request.Query.TryGetValue("drive", out var driveValue) ? driveValue : "C";
         var str = $"/C fsutil volume diskfree {drive}:";
EOF
@@ -22,3 +22,3 @@
{
string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";
string drive = Request.Query.TryGetValue("drive", out var driveValue) ? driveValue : "C";
var str = $"/C fsutil volume diskfree {drive}:";
Copilot is powered by AI and may make mistakes. Always verify output.
var str = $"/C fsutil volume diskfree {drive}:";
_logger.LogInformation($"Command str: {str}");

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI 5 days ago

To fix the issue, the user-provided input (drive) should be sanitized before being included in the log entry. Since the log is plain text, we can remove newline characters and other potentially harmful characters from the input using String.Replace or similar methods. This ensures that the log entry cannot be manipulated by malicious input.

The fix involves:

  1. Sanitizing the drive variable by removing newline characters (\n and \r) and trimming any leading or trailing whitespace.
  2. Using the sanitized version of drive when constructing the str variable and logging it.
Suggested changeset 1
src/webapp01/Pages/Privacy.cshtml.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/webapp01/Pages/Privacy.cshtml.cs b/src/webapp01/Pages/Privacy.cshtml.cs
--- a/src/webapp01/Pages/Privacy.cshtml.cs
+++ b/src/webapp01/Pages/Privacy.cshtml.cs
@@ -23,2 +23,3 @@
         string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";
+        drive = drive.Replace("\n", "").Replace("\r", "").Trim(); // Sanitize user input
         var str = $"/C fsutil volume diskfree {drive}:";
EOF
@@ -23,2 +23,3 @@
string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C";
drive = drive.Replace("\n", "").Replace("\r", "").Trim(); // Sanitize user input
var str = $"/C fsutil volume diskfree {drive}:";
Copilot is powered by AI and may make mistakes. Always verify output.
_logger.LogInformation("Admin" + adminUserName);
}
}

2 changes: 1 addition & 1 deletion src/webapp01/webapp01.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<PackageReference Include="Azure.Identity" Version="1.13.2" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.1.3" />
<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
<PackageReference Include="System.Text.Json" Version="9.0.4" />
<PackageReference Include="System.Text.Json" Version="8.0.4" />
</ItemGroup>

</Project>
Loading