CodeQL: Sanitize log entries created from user input

claudiamurialdo · claudiamurialdo · commit d4291aefbda7 · 2025-10-08T16:02:13.000-03:00
(cherry picked from commit 6359de6) # Conflicts: # dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs
diff --git a/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs b/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs
@@ -3747,14 +3747,13 @@ internal string ClientTimeZoneId
 				if (!DateTimeUtil.ValidTimeZone(sTZ))
 				{
 					sTZ = (string)GetUndecodedCookie(GX_REQUEST_TIMEZONE);
-					GXLogging.Debug(Logger, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);
+					GXLogging.DebugSanitized(Logger, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);
 				}
 				try
 				{
 					if (!DateTimeUtil.ValidTimeZone(sTZ))
 					{
-
-						GXLogging.Warn(Logger, $"Time zone '{sTZ}' is unknown to source TZDB: {DateTimeZoneProviders.Tzdb.VersionId}.");
+						GXLogging.WarnSanitized(Logger, $"Time zone '{sTZ}' is unknown to source TZDB: {DateTimeZoneProviders.Tzdb.VersionId}.");
 						_currentTimeZoneId = DateTimeZoneProviders.Tzdb.GetSystemDefault().Id;
 						GXLogging.Warn(Logger, $"Setting Client timezone to System default: {_currentTimeZoneId}");
 					}
diff --git a/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs b/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs
@@ -940,7 +940,7 @@ protected static byte[] GetBinary(string fileNameParm, bool dbBlob)
 							}
 							break;
 						default:
-							GXLogging.Error(log, "Schema not supported: ", fileName);
+							GXLogging.WarnSanitized(log, "Schema not supported: ", fileName);
 							break;
 					}				
 					GXLogging.Debug(log, "GetBinary fileName ", uri.AbsolutePath, ",ReadBytes:", binary != null ? binary.Length.ToString() : "0");

Original file line number	Diff line number	Diff line change
`@@ -3747,14 +3747,13 @@ internal string ClientTimeZoneId`
`3747`	`3747`	`if (!DateTimeUtil.ValidTimeZone(sTZ))`
`3748`	`3748`	`{`
`3749`	`3749`	`sTZ = (string)GetUndecodedCookie(GX_REQUEST_TIMEZONE);`
`3750`		`- GXLogging.Debug(Logger, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);`
	`3750`	`+ GXLogging.DebugSanitized(Logger, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);`
`3751`	`3751`	`}`
`3752`	`3752`	`try`
`3753`	`3753`	`{`
`3754`	`3754`	`if (!DateTimeUtil.ValidTimeZone(sTZ))`
`3755`	`3755`	`{`
`3756`		`-`
`3757`		`- GXLogging.Warn(Logger, $"Time zone '{sTZ}' is unknown to source TZDB: {DateTimeZoneProviders.Tzdb.VersionId}.");`
	`3756`	`+ GXLogging.WarnSanitized(Logger, $"Time zone '{sTZ}' is unknown to source TZDB: {DateTimeZoneProviders.Tzdb.VersionId}.");`
`3758`	`3757`	`_currentTimeZoneId = DateTimeZoneProviders.Tzdb.GetSystemDefault().Id;`
`3759`	`3758`	`GXLogging.Warn(Logger, $"Setting Client timezone to System default: {_currentTimeZoneId}");`
`3760`	`3759`	`}`
Original file line number	Diff line number	Diff line change
`@@ -940,7 +940,7 @@ protected static byte[] GetBinary(string fileNameParm, bool dbBlob)`
`940`	`940`	`}`
`941`	`941`	`break;`
`942`	`942`	`default:`
`943`		`- GXLogging.Error(log, "Schema not supported: ", fileName);`
	`943`	`+ GXLogging.WarnSanitized(log, "Schema not supported: ", fileName);`
`944`	`944`	`break;`
`945`	`945`	`}`
`946`	`946`	`GXLogging.Debug(log, "GetBinary fileName ", uri.AbsolutePath, ",ReadBytes:", binary != null ? binary.Length.ToString() : "0");`