diff --git a/Abblix.Oidc.Server/Endpoints/Authorization/Validation/ClientValidator.cs b/Abblix.Oidc.Server/Endpoints/Authorization/Validation/ClientValidator.cs index 85ae0af4..1df8d2d9 100644 --- a/Abblix.Oidc.Server/Endpoints/Authorization/Validation/ClientValidator.cs +++ b/Abblix.Oidc.Server/Endpoints/Authorization/Validation/ClientValidator.cs @@ -73,7 +73,7 @@ public ClientValidator( var clientInfo = await _clientInfoProvider.TryFindClientAsync(clientId.NotNull(nameof(clientId))).WithLicenseCheck(); if (clientInfo == null) { - _logger.LogWarning("The client with id {ClientId} was not found", clientId); + _logger.LogWarning("The client with id {ClientId} was not found", new Sanitized(clientId)); return context.InvalidRequest("The client is not authorized"); } diff --git a/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/ClientIdValidator.cs b/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/ClientIdValidator.cs index 2eaced85..967b10bb 100644 --- a/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/ClientIdValidator.cs +++ b/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/ClientIdValidator.cs @@ -62,7 +62,7 @@ public ClientIdValidator( var clientInfo = await _clientInfoProvider.TryFindClientAsync(clientId).WithLicenseCheck(); if (clientInfo != null) { - _logger.LogWarning("The client with id {ClientId} is already registered", clientId); + _logger.LogWarning("The client with id {ClientId} is already registered", new Sanitized(clientId)); return ErrorFactory.InvalidClientMetadata($"The client with id={clientId} is already registered"); } } diff --git a/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/SubjectTypeValidator.cs b/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/SubjectTypeValidator.cs index 9b50ec03..e93bd68b 100644 --- a/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/SubjectTypeValidator.cs +++ b/Abblix.Oidc.Server/Endpoints/DynamicClientManagement/Validation/SubjectTypeValidator.cs @@ -23,6 +23,7 @@ using System.Net.Http.Json; using Abblix.Oidc.Server.Common.Constants; using Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces; +using Abblix.Utils; using Microsoft.Extensions.Logging; using static Abblix.Oidc.Server.Model.ClientRegistrationRequest; @@ -88,7 +89,7 @@ public SubjectTypeValidator( catch (Exception ex) { _logger.LogWarning(ex, "Unable to receive content of {SectorIdentifierUri}", - sectorIdentifierUri); + new Sanitized(sectorIdentifierUri)); return ErrorFactory.InvalidClientMetadata( $"Unable to receive content of {Parameters.SectorIdentifierUri}"); } @@ -109,7 +110,7 @@ public SubjectTypeValidator( if (missingUris.Length > 0) { _logger.LogWarning("The following URIs are present in the {SectorIdentifierUri}, but missing from the Redirect URIs: {@MissingUris}", - sectorIdentifierUri, + new Sanitized(sectorIdentifierUri), missingUris); return ErrorFactory.InvalidClientMetadata( diff --git a/Abblix.Oidc.Server/Endpoints/EndSession/Validation/ClientValidator.cs b/Abblix.Oidc.Server/Endpoints/EndSession/Validation/ClientValidator.cs index 6a0b411f..0ab8f964 100644 --- a/Abblix.Oidc.Server/Endpoints/EndSession/Validation/ClientValidator.cs +++ b/Abblix.Oidc.Server/Endpoints/EndSession/Validation/ClientValidator.cs @@ -67,7 +67,7 @@ public ClientValidator( var clientInfo = await _clientInfoProvider.TryFindClientAsync(context.ClientId).WithLicenseCheck(); if (clientInfo == null) { - _logger.LogWarning("The client with id {ClientId} was not found", context.ClientId); + _logger.LogWarning("The client with id {ClientId} was not found", new Sanitized(context.ClientId)); return new EndSessionRequestValidationError( ErrorCodes.UnauthorizedClient, "The client is not authorized"); diff --git a/Abblix.Oidc.Server/Endpoints/EndSession/Validation/PostLogoutRedirectUrisValidator.cs b/Abblix.Oidc.Server/Endpoints/EndSession/Validation/PostLogoutRedirectUrisValidator.cs index 017b9d83..99c33e20 100644 --- a/Abblix.Oidc.Server/Endpoints/EndSession/Validation/PostLogoutRedirectUrisValidator.cs +++ b/Abblix.Oidc.Server/Endpoints/EndSession/Validation/PostLogoutRedirectUrisValidator.cs @@ -23,6 +23,7 @@ using Abblix.Oidc.Server.Common.Constants; using Abblix.Oidc.Server.Endpoints.EndSession.Interfaces; using Abblix.Oidc.Server.Features.UriValidation; +using Abblix.Utils; using Microsoft.Extensions.Logging; using static Abblix.Oidc.Server.Model.EndSessionRequest; @@ -75,7 +76,7 @@ public PostLogoutRedirectUrisValidator(ILogger return null; _logger.LogWarning("The post-logout redirect URI {RedirectUri} is invalid for client with id {ClientId}", - redirectUri, + new Sanitized(redirectUri), context.ClientInfo.ClientId); return new EndSessionRequestValidationError( diff --git a/Abblix.Utils/Sanitized.cs b/Abblix.Utils/Sanitized.cs index 1c0f7927..7e5a58aa 100644 --- a/Abblix.Utils/Sanitized.cs +++ b/Abblix.Utils/Sanitized.cs @@ -34,12 +34,12 @@ public readonly record struct Sanitized /// Initializes a new instance of the struct with the specified source string. /// /// The source string to be sanitized. - public Sanitized(string? source) + public Sanitized(object? source) { _source = source; } - private readonly string? _source; + private readonly object? _source; /// /// Returns the sanitized string representation of the source string. @@ -47,59 +47,61 @@ public Sanitized(string? source) /// A sanitized string with control characters removed and special characters escaped. public override string? ToString() { - if (string.IsNullOrEmpty(_source)) + if (_source == null) + return null; + + var source = _source.ToString(); + if (string.IsNullOrEmpty(source)) { - return _source; + return source; } - StringBuilder? resultBuilder = null; - var source = _source; - - for (var i = 0; i < _source.Length; i++) + StringBuilder? builder = null; + for (var i = 0; i < source.Length; i++) { - var c = _source[i]; + var c = source[i]; switch (c) { case '\n': - ReplaceTo("\\n", ref resultBuilder, source, i); + ReplaceTo("\\n", ref builder, source, i); break; case '\r': - ReplaceTo("\\r", ref resultBuilder, source, i); + ReplaceTo("\\r", ref builder, source, i); break; case '\t': - ReplaceTo("\\t", ref resultBuilder, source, i); + ReplaceTo("\\t", ref builder, source, i); break; case '\"': - ReplaceTo("\\\"", ref resultBuilder, source, i); + ReplaceTo("\\\"", ref builder, source, i); break; case '\'': - ReplaceTo("\\'", ref resultBuilder, source, i); + ReplaceTo("\\'", ref builder, source, i); break; case '\\': - ReplaceTo(@"\\", ref resultBuilder, source, i); + ReplaceTo(@"\\", ref builder, source, i); break; case ',': - ReplaceTo("\\,", ref resultBuilder, source, i); + ReplaceTo("\\,", ref builder, source, i); break; case ';': - ReplaceTo("\\;", ref resultBuilder, source, i); + ReplaceTo("\\;", ref builder, source, i); break; default: if (0x00 <= c && c <= 0x1f || c == 0x7f) - ReplaceTo(null, ref resultBuilder, source, i); + ReplaceTo(null, ref builder, source, i); else - resultBuilder?.Append(c); + builder?.Append(c); break; } } - return resultBuilder != null ? resultBuilder.ToString() : _source; + return builder != null ? builder.ToString() : source; } - private void ReplaceTo(string? replacement, ref StringBuilder? resultBuilder, string source, int i) + private void ReplaceTo(string? replacement, ref StringBuilder? builder, string source, int i) { - resultBuilder ??= new StringBuilder(source, 0, i, source.Length + (replacement?.Length ?? 0) - 1); - resultBuilder.Append(replacement); + builder ??= new StringBuilder(source, 0, i, source.Length + (replacement?.Length ?? 0) - 1); + builder.Append(replacement); } }