Refactor PDF generation using a new HtmlToPdfConverter #618
Triggered via pull request
September 28, 2024 19:43
axunonb
Status
Success
Total duration
1m 20s
Artifacts
–
Annotations
10 warnings
|
build:
League/Caching/ReportSheetCache.cs#L78
Potential file path injection vulnerability was found where 'bool File.Exists(string? path)' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'long id' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L78
Potential file path injection vulnerability was found where 'bool File.Exists(string? path)' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L104
Potential file path injection vulnerability was found where 'FileInfo.FileInfo(string fileName)' in method 'bool ReportSheetCache.IsOutdated(string cacheFile, DateTime dataModifiedOn)' may be tainted by user-controlled data from 'long id' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L104
Potential file path injection vulnerability was found where 'FileInfo.FileInfo(string fileName)' in method 'bool ReportSheetCache.IsOutdated(string cacheFile, DateTime dataModifiedOn)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/HtmlToPdfConverter.cs#L73
Potential file path injection vulnerability was found where 'bool File.Exists(string? path)' in method 'Task<byte[]?> HtmlToPdfConverter.GetPdfDataBrowser(string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/HtmlToPdfConverter.cs#L74
Potential file path injection vulnerability was found where 'Task<byte[]> File.ReadAllBytesAsync(string path, CancellationToken cancellationToken = default(CancellationToken))' in method 'Task<byte[]?> HtmlToPdfConverter.GetPdfDataBrowser(string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L89
Potential file path injection vulnerability was found where 'Task File.WriteAllBytesAsync(string path, byte[] bytes, CancellationToken cancellationToken = default(CancellationToken))' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'long id' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L89
Potential file path injection vulnerability was found where 'Task File.WriteAllBytesAsync(string path, byte[] bytes, CancellationToken cancellationToken = default(CancellationToken))' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L90
Potential file path injection vulnerability was found where 'FileStream File.OpenRead(string path)' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'long id' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|
|
build:
League/Caching/ReportSheetCache.cs#L90
Potential file path injection vulnerability was found where 'FileStream File.OpenRead(string path)' in method 'Task<Stream> ReportSheetCache.GetOrCreatePdf(MatchReportSheetRow data, string html, CancellationToken cancellationToken)' may be tainted by user-controlled data from 'CancellationToken cancellationToken' in method 'Task<IActionResult> Match.ReportSheet(long id, IServiceProvider services, CancellationToken cancellationToken)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003)
|