Add admin user logging and default password in PrivacyModel

[CalinL]

No description provided.

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA c300100.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Vulnerabilities

src/webapp01/webapp01.csproj

Name	Version	Vulnerability	Severity
Microsoft.Data.SqlClient	5.1.2	Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass	high

Only included vulnerabilities with severity moderate or higher.

OpenSSF Scorecard

Package	Version	Score	Details
nuget/Microsoft.Data.SqlClient	5.1.2	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• src/webapp01/webapp01.csproj

To fix the issue, we will add the readonly modifier to the adminUserName field. This ensures that the field cannot be reassigned after its initial value is set during declaration. The change will be made directly in the declaration of the field on line 10.

To fix the issue, replace the ContainsKey check and subsequent indexer access with a single call to TryGetValue. This method attempts to retrieve the value associated with the specified key and returns a boolean indicating whether the key exists. If the key exists, the value is stored in an out parameter; otherwise, a default value can be used.

In this case:

1. Replace the Request.Query.ContainsKey("drive") check and Request.Query["drive"] access with a call to Request.Query.TryGetValue("drive", out var driveValue).
2. Use the driveValue variable if the key exists; otherwise, default to "C".

---

To fix the issue, the user-provided input (drive) should be sanitized before being included in the log entry. Since the log entry is plain text, we should remove any newline characters or other potentially harmful characters from the input. This can be achieved using String.Replace or a similar method to ensure that the input is safe for logging.

Specifically:

1. Sanitize the drive variable by removing newline characters and other potentially harmful characters.
2. Use the sanitized version of drive when constructing the str variable and logging it.

---