fix(configuration-database): resolve ConfigurationDatabase-005,006,008,009,010,011 — bounded gRPC columns, split queries, CSV-parse logging, null guards, coverage

2026-05-16 22:14:23 -04:00
parent 25a05af05d
commit 7d1cc5cbb4
17 changed files with 2188 additions and 25 deletions
--- a/src/ScadaLink.ConfigurationDatabase/Repositories/InboundApiRepository.cs
+++ b/src/ScadaLink.ConfigurationDatabase/Repositories/InboundApiRepository.cs
@@ -1,4 +1,6 @@
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
 using ScadaLink.Commons.Entities.InboundApi;
 using ScadaLink.Commons.Interfaces.Repositories;

@@ -7,10 +9,12 @@ namespace ScadaLink.ConfigurationDatabase.Repositories;
 public class InboundApiRepository : IInboundApiRepository
 {
    private readonly ScadaLinkDbContext _context;
+    private readonly ILogger<InboundApiRepository> _logger;

-    public InboundApiRepository(ScadaLinkDbContext context)
+    public InboundApiRepository(ScadaLinkDbContext context, ILogger<InboundApiRepository>? logger = null)
    {
-        _context = context;
+        _context = context ?? throw new ArgumentNullException(nameof(context));
+        _logger = logger ?? NullLogger<InboundApiRepository>.Instance;
    }

    public async Task<ApiKey?> GetApiKeyByIdAsync(int id, CancellationToken cancellationToken = default)
@@ -49,10 +53,26 @@ public class InboundApiRepository : IInboundApiRepository
        if (method?.ApprovedApiKeyIds == null)
            return new List<ApiKey>();

-        var keyIds = method.ApprovedApiKeyIds.Split(',', StringSplitOptions.RemoveEmptyEntries)
-            .Select(s => int.TryParse(s.Trim(), out var id) ? id : -1)
-            .Where(id => id > 0)
-            .ToList();
+        // ApprovedApiKeyIds is a comma-separated string of integer ApiKey ids. A token that
+        // fails to parse indicates a corrupt value: it is dropped (it cannot identify a key),
+        // but the corruption is logged as a warning so it is observable rather than silent.
+        // A corrupt list would otherwise quietly approve fewer keys than intended.
+        var keyIds = new List<int>();
+        foreach (var token in method.ApprovedApiKeyIds.Split(',', StringSplitOptions.RemoveEmptyEntries))
+        {
+            var trimmed = token.Trim();
+            if (int.TryParse(trimmed, out var id) && id > 0)
+            {
+                keyIds.Add(id);
+            }
+            else
+            {
+                _logger.LogWarning(
+                    "ApiMethod {MethodId} has a malformed approved-API-key id token '{Token}' " +
+                    "in ApprovedApiKeyIds; it was dropped. The method may approve fewer keys than expected.",
+                    methodId, trimmed);
+            }
+        }

        return await _context.Set<ApiKey>().Where(k => keyIds.Contains(k.Id)).ToListAsync(cancellationToken);
    }