Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

194580 - productversions integration with scs stub #418

Draft
wants to merge 30 commits into
base: develop-s100
Choose a base branch
from
Draft

194580 - productversions integration with scs stub #418

wants to merge 30 commits into from

Conversation

chaital14503
Copy link
Collaborator

This PR includes code changes and UTs for
PBI 194580

@chaital14503
194580 - initial code changes to call scs productVersions endpoint AB…
8182600 
…#194580 AB#196244
@chaital14503
194580 - Merged common changes AB#194580 AB#196244
2ddb834
@chaital14503
194580 - Merged common changes AB#194580 AB#196244
6776695
@chaital14503
194580 - Merged common changes AB#194580 AB#196244
18f7533
@chaital14503
194580 - Merged common changes AB#194580 AB#196244
a08ea75
@chaital14503
194580 - minor code changes AB#194580 AB#196244
87f861d
@chaital14503
Merge branch 'dev/s100-scs-api-integration' into dev/194580-productve…
3b26fde 
…rsions-integration-with-scs-stub
@chaital14503
194580 - Updated ES and SCS response for 304 NotModified AB#194580 AB…
e3a147a 
…#196244
@chaital14503
194580 - minor code changes AB#194580 AB#196244
929cea6
@chaital14503
Merge branch 'develop-s100' into dev/194580-productversions-integrati…
42536bc 
…on-with-scs-stub
@chaital14503
194580 - common changes AB#194580 AB#196244
eb7df99
@chaital14503
194580 - minor changes AB#194580 AB#196244
323ff06
@chaital14503
Merge branch 'dev/s100-scs-api-integration' into dev/194580-productve…
d85a2ef 
…rsions-integration-with-scs-stub
@chaital14503
Merge branch 'develop-s100' into dev/194580-productversions-integrati…
dd227f8 
…on-with-scs-stub
@chaital14503
194580 - Added UTs AB#194580 AB#196245
5b9b99e
@chaital14503
Merge branch 'develop-s100' into dev/194580-productversions-integrati…
06c7d68 
…on-with-scs-stub
@chaital14503
194580 - test case renamed AB#194580 AB#196245 UT
9e4c2fd
@chaital14503
Merge branch 'dev/s100-scs-api-integration' into dev/194580-productve…
d078a1d 
…rsions-integration-with-scs-stub
@chaital14503
Merge branch 'dev/195922-Create_stubs_for_S100-SCS-API_productVersion…
593f112 
…s' into dev/194580-productversions-integration-with-scs-stub
@chaital14503 chaital14503 changed the title Dev/194580 productversions integration with scs stub 194580 - productversions integration with scs stub Jan 8, 2025
@ukho-bot
Copy link

ukho-bot commented Jan 8, 2025
edited
Loading

Snyk checks have failed. 2 issues have been found so far.

Icon Severity Issues
Critical 0
High 1
Medium 0
Low 1

code/snyk check is complete. 2 issues have been found. (View Details)

ukho-bot
ukho-bot reviewed Jan 10, 2025
View reviewed changes
UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs
async () =>
{
var result = await _exchangeSetStandardService.ProcessProductVersionsRequest(productVersionRequest, exchangeSetStandard, callbackUri, _correlationId, GetRequestCancellationToken());
var result = await _exchangeSetStandardService.ProcessProductVersionsRequestAsync(productVersionRequest, ApiVersion.V2, exchangeSetStandard, callbackUri, _correlationId, GetRequestCancellationToken());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  Log Forging

Unsanitized input from an HTTP parameter flows into global::Microsoft.Extensions.Logging.ILogger.LogError, where it is used as log input. This may result in a Logs Forging vulnerability.

Line 67 | CWE-117 | Priority score 407 | Learn more about this vulnerability
Data flow: 28 steps

Step 1 - 2

exchange-set-service/UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs

Line 59 in 99d3246

public Task<IActionResult> PostProductVersions(string exchangeSetStandard, [FromBody] IEnumerable<ProductVersionRequest> productVersionRequest, [FromQuery] string callbackUri)

Step 3 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs#L67

Step 4 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L73

Step 5 - 7 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L75

Step 8 - 9 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L82

Step 10 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L92

Step 11 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L73

Step 12 - 14 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L85

Step 15 - 17 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L87

Step 18 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L89

Step 19 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L94

Step 20 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L96

Step 21 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L99

Step 22 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L100

Step 23 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L103

Step 24 - 26 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L122

Step 27 - 28

exchange-set-service/UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs

Line 120 in 99d3246

_logger.LogError(EventIds.SalesCatalogueServiceNonOkResponse.ToEventId(),

UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs
async () =>
{
var result = await _exchangeSetStandardService.ProcessProductVersionsRequest(productVersionRequest, exchangeSetStandard, callbackUri, _correlationId, GetRequestCancellationToken());
var result = await _exchangeSetStandardService.ProcessProductVersionsRequestAsync(productVersionRequest, ApiVersion.V2, exchangeSetStandard, callbackUri, _correlationId, GetRequestCancellationToken());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  Server-Side Request Forgery (SSRF)

Unsanitized input from an HTTP parameter flows into global::System.Net.Http.HttpRequestMessage, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.

Line 67 | CWE-918 | Priority score 603 | Learn more about this vulnerability
Data flow: 14 steps

Step 1 - 2

exchange-set-service/UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs

Line 59 in 99d3246

public Task<IActionResult> PostProductVersions(string exchangeSetStandard, [FromBody] IEnumerable<ProductVersionRequest> productVersionRequest, [FromQuery] string callbackUri)

Step 3 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Controllers/V2/ExchangeSetController.cs#L67

Step 4 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L73

Step 5 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Services/V2/ExchangeSetStandardService.cs#L92

Step 6 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L73

Step 7 - 9 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L81

Step 10 - 11 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/V2/SalesCatalogueService.cs#L87

Step 12 UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/SalesCatalogueClient.cs#L25

Step 13 - 14

exchange-set-service/UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.Common/Helpers/SalesCatalogueClient.cs

Line 29 in 99d3246

using var httpRequestMessage = new HttpRequestMessage(method, uri)

Nadeem14456
Nadeem14456 approved these changes Jan 10, 2025
View reviewed changes
Copy link
Collaborator

@Nadeem14456 Nadeem14456 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

harshal11869
harshal11869 approved these changes Jan 10, 2025
View reviewed changes
Copy link
Collaborator

@harshal11869 harshal11869 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ukho-bot ukho-bot ukho-bot left review comments

@Nadeem14456 Nadeem14456 Nadeem14456 approved these changes

@harshal11869 harshal11869 harshal11869 approved these changes

@shirinbt14926 shirinbt14926 Awaiting requested review from shirinbt14926

@rockydevnet rockydevnet Awaiting requested review from rockydevnet rockydevnet will be requested when the pull request is marked ready for review rockydevnet is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chaital14503 @ukho-bot @harshal11869 @Nadeem14456 @MastekRohitChettri @shirinbt14926