fix uncontrolled format string and clear text storage of sensitive in…

…formation (#1591) - fix uncontrolled format string and clear text storage of sensitive information issues flagged by CodeQL
OPCFoundation · Nov 10, 2021 · 860c968 · 860c968
1 parent e61594e
commit 860c968
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs b/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
@@ -857,7 +857,7 @@ private static async Task AddToTrustedStore(ApplicationConfiguration configurati
 
                 if (store == null)
                 {
-                    Utils.Trace("Could not open trusted peer store. StorePath={0}", storePath);
+                    Utils.Trace("Could not open trusted peer store.");
                     return;
                 }
 
@@ -871,7 +871,7 @@ private static async Task AddToTrustedStore(ApplicationConfiguration configurati
                         return;
                     }
 
-                    Utils.Trace(Utils.TraceMasks.Information, "Adding certificate to trusted peer store. StorePath={0}", storePath);
+                    Utils.Trace(Utils.TraceMasks.Information, "Adding certificate to trusted peer store.");
 
                     List<string> subjectName = X509Utils.ParseDistinguishedName(certificate.Subject);
 
@@ -903,7 +903,7 @@ private static async Task AddToTrustedStore(ApplicationConfiguration configurati
             }
             catch (Exception e)
             {
-                Utils.Trace(e, "Could not add certificate to trusted peer store. StorePath={0}", storePath);
+                Utils.Trace(e, "Could not add certificate to trusted peer store.");
             }
         }
 

diff --git a/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs b/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs
@@ -319,7 +319,8 @@ public async Task SendAsync(HttpContext context)
                         {
                             if (value.StartsWith("Bearer"))
                             {
-                                input.RequestHeader.AuthenticationToken = new NodeId(value.Substring("Bearer ".Length).Trim());
+                                // note: use NodeId(string, uint) to avoid the NodeId.Parse call.
+                                input.RequestHeader.AuthenticationToken = new NodeId(value.Substring("Bearer ".Length).Trim(), 0);
                             }
                         }
                     }