Correction d'un security review (Username et password en clean dans le code)

1 year ago · 1f7cba0b22
parent 8b1f2280bc
commit 1f7cba0b22
3 changed files with 24 additions and 8 deletions
--- a/API_SQLuedo/API/Program.cs
+++ b/API_SQLuedo/API/Program.cs
@ -95,6 +95,13 @@ builder.Services.AddCors(options =>
        });
 });

+var configuration = new ConfigurationBuilder()
+    .SetBasePath(Directory.GetCurrentDirectory())
+    .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
+    .Build();
+
+builder.Services.AddSingleton(configuration);
+

 var app = builder.Build();

--- a/API_SQLuedo/API/Service/QueryDataServiceApi.cs
+++ b/API_SQLuedo/API/Service/QueryDataServiceApi.cs
@ -4,6 +4,7 @@ using Model.OrderCriteria;
 using Npgsql;
 using Shared;
 using Shared.Mapper;
+using Microsoft.Extensions.Configuration;
 using System.Text;
 using Newtonsoft.Json;
 using Microsoft.EntityFrameworkCore.Metadata.Internal;
@ -11,11 +12,16 @@ using Microsoft.EntityFrameworkCore.Metadata.Internal;
 namespace API.Service;

 public class QueryDataServiceApi : IQueryService<QueryDto>{
+    private readonly IConfiguration _configuration;

+    public QueryDataServiceApi(IConfiguration configuration)
+    {
+        _configuration = configuration;
+    }
    public QueryDto ExecuteQuery(string query, string database)
    {
-        string connectionString =
-            $"Host=localhost;Username=admin;Password=motdepasse;Database={database}";
+        string connectionString = _configuration.GetConnectionString("DefaultConnection");
+        connectionString = connectionString.Replace("{database}", database);

        if (string.IsNullOrEmpty(database))
        {
@ -67,8 +73,8 @@ public class QueryDataServiceApi : IQueryService<QueryDto>{

    public QueryDto GetTables(string database)
    {
-        string connectionString =
-            $"Host=localhost;Username=admin;Password=motdepasse;Database={database}";
+        string connectionString = _configuration.GetConnectionString("DefaultConnection");
+        connectionString = connectionString.Replace("{database}", database);

        try
        {
@ -120,8 +126,8 @@ public class QueryDataServiceApi : IQueryService<QueryDto>{

    public QueryDto GetColumns(string database, string table)
    {
-        string connectionString =
-            $"Host=localhost;Username=admin;Password=motdepasse;Database={database}";
+        string connectionString = _configuration.GetConnectionString("DefaultConnection");
+        connectionString = connectionString.Replace("{database}", database);

        using (NpgsqlConnection connection = new NpgsqlConnection(connectionString))
            {
--- a/API_SQLuedo/API/appsettings.json
+++ b/API_SQLuedo/API/appsettings.json
@ -5,5 +5,8 @@
      "Microsoft.AspNetCore": "Warning"
    }
  },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "DefaultConnection": "Host=localhost;Username=admin;Password=motdepasse;Database={database}"
+  }
 }