Severity: Warning
Files:
src/Servy.Core/Services/JsonServiceValidator.cssrc/Servy.Core/Services/XmlServiceValidator.cs
Description:
Both validators log dto.Name (untrusted input from imported JSON/XML) directly into the Windows Event Log without sanitization. A crafted service name containing newline characters could inject fake log entries (log injection). Example: "Servy\n[ERROR] Fake critical error".
Suggested fix:
Sanitize dto.Name before logging — strip or escape control characters (newlines, carriage returns, etc.).
Severity: Warning
Files:
src/Servy.Core/Services/JsonServiceValidator.cssrc/Servy.Core/Services/XmlServiceValidator.csDescription:
Both validators log
dto.Name(untrusted input from imported JSON/XML) directly into the Windows Event Log without sanitization. A crafted service name containing newline characters could inject fake log entries (log injection). Example:"Servy\n[ERROR] Fake critical error".Suggested fix:
Sanitize
dto.Namebefore logging — strip or escape control characters (newlines, carriage returns, etc.).