rspec/rules/S5145/csharp/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

[source,csharp]
----
using System;
using Microsoft.AspNetCore.Mvc;


namespace WebApplicationDotNetCore.Controllers
{
    public class RSPEC5145LogInjectionLog4NetNoncompliantController : Controller
    {
        private static readonly log4net.ILog _logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);

        public IActionResult Index()
        {
            return View();
        }

        public void LogSomething(string id)
        {
            if (id != null)
            {
                _logger.Info("ID: " + id);
            }
        }
    }
}
----

== Compliant Solution

[source,csharp]
----
using System;
using Microsoft.AspNetCore.Mvc;

namespace WebApplicationDotNetCore.Controllers
{
    public class RSPEC5145LogInjectionLog4NetCompliantController : Controller
    {
        private static readonly log4net.ILog _logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);

        public IActionResult Index()
        {
            return View();
        }

        public void LogSomething(string id)
        {

            if (id != null)
            {
                // Replace pattern-breaking characters
                id = id.Replace('\n', '_').Replace('\r', '_').Replace('\t', '_');
                _logger.Info("ID: " + id);
            }
        }
    }
}
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,csharp]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`using System;`
			`using Microsoft.AspNetCore.Mvc;`


			`namespace WebApplicationDotNetCore.Controllers`
			`{`
			`public class RSPEC5145LogInjectionLog4NetNoncompliantController : Controller`
			`{`
			`private static readonly log4net.ILog _logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);`

			`public IActionResult Index()`
			`{`
			`return View();`
			`}`

			`public void LogSomething(string id)`
			`{`
			`if (id != null)`
			`{`
			`_logger.Info("ID: " + id);`
			`}`
			`}`
			`}`
			`}`
			`----`

			`== Compliant Solution`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,csharp]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`using System;`
			`using Microsoft.AspNetCore.Mvc;`

			`namespace WebApplicationDotNetCore.Controllers`
			`{`
			`public class RSPEC5145LogInjectionLog4NetCompliantController : Controller`
			`{`
			`private static readonly log4net.ILog _logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);`

			`public IActionResult Index()`
			`{`
			`return View();`
			`}`

			`public void LogSomething(string id)`
			`{`

			`if (id != null)`
			`{`
			`// Replace pattern-breaking characters`
			`id = id.Replace('\n', '_').Replace('\r', '_').Replace('\t', '_');`
			`_logger.Info("ID: " + id);`
			`}`
			`}`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::../highlighting.adoc[]`

			`endif::env-github,rspecator-view[]`