Skip to content

Elig 403 ff api endpoints for create read and update foster families #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
peterbed wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Elig 403 ff api endpoints for create read and update foster families #356

peterbed wants to merge 13 commits into from

Conversation

@peterbed
Copy link
Collaborator

@peterbed peterbed commented Jan 26, 2026

No description provided.

peterbed added 13 commits January 13, 2026 11:01
@peterbed
Fostercarer and child tables
3e9aa3f
@peterbed
added validity dates
0b35558
@peterbed
add one to many - local authority, foster carer
692b4e4
@peterbed
removed uneeded fluent api defination
446156e
@peterbed
Merge pull request #351 from DFE-Digital/ELIG-2572-Create-DB-tables-f…
6e0e86e 
…or-FosterFamily

Fostercarer and child tables
@peterbed
Create Foster Family endpoint, basic setup
a82e92a
@peterbed
Merge branch 'main' into ELIG-403-FF-API-endpoints-for-Create-Read-an…
a0370ea 
…d-Update-Foster-Families
@peterbed
Merge branch 'ELIG-403-FF-API-endpoints-for-Create-Read-and-Update-Fo…
1100900 
…ster-Families' into ELIG-2563-Create-Foster-Family-Endpoint
@peterbed
Merge pull request #355 from DFE-Digital/ELIG-2563-Create-Foster-Fami…
27b6c40 
…ly-Endpoint

Create Foster Family endpoint, basic setup
@peterbed
Get Foster Family Endpoint
21be8ae
@peterbed
remove whitesapce
35b40c1
@peterbed
Merge branch 'main' into ELIG-403-FF-API-endpoints-for-Create-Read-an…
1c4ac3c 
…d-Update-Foster-Families
@peterbed
Merge pull request #359 from DFE-Digital/ELIG-2564-Read-Foster-family
4278965 
Elig 2564 read foster family
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2026
View reviewed changes
CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs
}
catch (Exception ex)
{
_logger.LogError(ex, "Error retrieving foster family with GUID: -", guid);

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI 3 days ago

To fix the problem, sanitize the user-provided guid before including it in any log entries. For plain-text logs, this typically means removing line breaks and other control characters that could be interpreted as log delimiters, and optionally trimming whitespace. We should also avoid altering the behavior of the application itself, so the original guid value must still be used for the database query and exceptions; only the logged representation should be sanitized.

The best minimal fix here is to introduce a local sanitized variable inside GetFosterFamily, derived from guid by removing \r and \n (and optionally trimming). Then use this sanitized variable in the _logger.LogError call while leaving all other logic untouched. We do not need new imports; string.Replace and string.Trim are part of the BCL. Concretely, inside GetFosterFamily(string guid), right before the try (or at the top of the method), define var safeGuid = guid?.Replace("\r", "").Replace("\n", "").Trim(); and change the logging call on line 84 to use safeGuid instead of guid. No other files strictly need changes; the controller already sanitizes guid in its own logging statement using Replace(Environment.NewLine, "").

Suggested changeset 1
CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs b/CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs
--- a/CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs
+++ b/CheckYourEligibility.API/Gateways/FosterFamilyGateway.cs
@@ -64,6 +64,10 @@
 
     public async Task<FosterFamilyResponse?> GetFosterFamily(string guid)
     {
+        var safeGuid = guid?
+            .Replace("\r", string.Empty)
+            .Replace("\n", string.Empty)
+            .Trim();
 
         try
         {
@@ -81,7 +85,7 @@
         }
         catch (Exception ex)
         {
-            _logger.LogError(ex, "Error retrieving foster family with GUID: -", guid);
+            _logger.LogError(ex, "Error retrieving foster family with GUID: -", safeGuid);
             throw new NotFoundException($"Unable to find foster family: - {guid}, {ex.Message}");
         }
 
EOF
@@ -64,6 +64,10 @@

public async Task<FosterFamilyResponse?> GetFosterFamily(string guid)
{
var safeGuid = guid?
.Replace("\r", string.Empty)
.Replace("\n", string.Empty)
.Trim();

try
{
@@ -81,7 +85,7 @@
}
catch (Exception ex)
{
_logger.LogError(ex, "Error retrieving foster family with GUID: -", guid);
_logger.LogError(ex, "Error retrieving foster family with GUID: -", safeGuid);
throw new NotFoundException($"Unable to find foster family: - {guid}, {ex.Message}");
}

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@peterbed