Fix log entries created from user input can be forged an are a securi…

…try issue (#277) * Fix Log entries created from user input add new LogSanitizer.cs to have a method to prevent those issues in the future * fix small styling issues in ParseBearerToken * further fix * Fix log forging
eclipse-aaspe · Jun 14, 2024 · cb2a01b · cb2a01b
1 parent 7cdab3b
commit cb2a01b
Show file tree

Hide file tree

Showing 3 changed files with 134 additions and 117 deletions.
diff --git a/src/AasSecurity/ISecurityService.cs b/src/AasSecurity/ISecurityService.cs
@@ -6,7 +6,7 @@ namespace AasSecurity
 {
     public interface ISecurityService
     {
-        AuthenticationTicket AuthenticateRequest(HttpContext context, string route, string httpOperation, string authenticationSchemeName = null);
+        AuthenticationTicket? AuthenticateRequest(HttpContext context, string route, string httpOperation, string authenticationSchemeName = null);
         bool AuthorizeRequest(string accessRole, string httpRoute, AccessRights neededRights, out string error, out bool withAllow, out string getPolicy, string objPath = null, string aasResourceType = null,
                 IClass aasResource = null, string policy = null);