From 1c4e0ee8f4d2a5a4342c2e007ab6dad68b860678 Mon Sep 17 00:00:00 2001 From: Chris Martinez Date: Tue, 23 Aug 2022 10:26:49 -0700 Subject: [PATCH] Simplify Web API example projects and fix Newtonsoft.Json vulnerability --- ApiVersioning.sln | 66 ++++++++++--------- .../AdvancedODataWebApiSample.csproj | 7 -- .../AdvancedODataWebApiSample/Startup.cs | 6 +- .../BasicODataWebApiSample.csproj | 7 -- .../webapi/BasicODataWebApiSample/Startup.cs | 6 +- .../BasicWebApiSample.csproj | 10 --- samples/webapi/BasicWebApiSample/Startup.cs | 6 +- .../ByNamespaceWebApiSample.csproj | 10 --- .../webapi/ByNamespaceWebApiSample/Startup.cs | 6 +- .../ConventionsODataWebApiSample.csproj | 7 -- .../ConventionsODataWebApiSample/Startup.cs | 6 +- .../ConventionsWebApiSample.csproj | 10 --- .../webapi/ConventionsWebApiSample/Startup.cs | 6 +- samples/webapi/Directory.Build.props | 25 +++++++ samples/webapi/Startup.Newtonsoft.cs | 10 +++ .../SwaggerODataWebApiSample/Startup.cs | 6 +- .../SwaggerODataWebApiSample.csproj | 4 -- samples/webapi/SwaggerWebApiSample/Startup.cs | 6 +- .../SwaggerWebApiSample.csproj | 4 -- 19 files changed, 86 insertions(+), 122 deletions(-) create mode 100644 samples/webapi/Directory.Build.props create mode 100644 samples/webapi/Startup.Newtonsoft.cs diff --git a/ApiVersioning.sln b/ApiVersioning.sln index fb19b51f..3dae7fca 100644 --- a/ApiVersioning.sln +++ b/ApiVersioning.sln @@ -36,6 +36,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{915B EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "webapi", "webapi", "{F446ED94-368F-4F67-913B-16E82CA80DFC}" + ProjectSection(SolutionItems) = preProject + samples\webapi\Directory.Build.props = samples\webapi\Directory.Build.props + samples\webapi\Startup.Newtonsoft.cs = samples\webapi\Startup.Newtonsoft.cs + EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "aspnetcore", "aspnetcore", "{900DD210-8500-4D89-A05D-C9526935A719}" EndProject @@ -148,37 +152,6 @@ EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AdvancedODataSample", "samples\aspnetcore\AdvancedODataSample\AdvancedODataSample.csproj", "{DDC53D03-C461-4477-84E2-4C31DD3C6B13}" EndProject Global - GlobalSection(SharedMSBuildProjectFiles) = preSolution - src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{0d6519ae-20d2-4c98-97aa-ed3622043936}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{0d6519ae-20d2-4c98-97aa-ed3622043936}*SharedItemsImports = 5 - src\Common.OData\Common.OData.projitems*{1599a30d-d37f-443c-b935-290144910be3}*SharedItemsImports = 13 - src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{1b255310-a2b7-437f-804f-6e1d8c940a17}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{1b255310-a2b7-437f-804f-6e1d8c940a17}*SharedItemsImports = 5 - test\OData.Test.Shared\OData.Test.Shared.projitems*{23bc896b-a4cc-4c82-b98b-ce71239c2eb8}*SharedItemsImports = 5 - src\Common.ApiExplorer\Common.ApiExplorer.projitems*{26a67334-f6e6-49b8-8c5a-f88f28770966}*SharedItemsImports = 13 - src\Common\Common.projitems*{3bac97ed-1a8e-4f5a-a716-db5255f51c81}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{3bac97ed-1a8e-4f5a-a716-db5255f51c81}*SharedItemsImports = 5 - src\Common.OData\Common.OData.projitems*{48a2b488-23ab-4c83-ae30-0b8b735c4562}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{48a2b488-23ab-4c83-ae30-0b8b735c4562}*SharedItemsImports = 5 - src\Common.OData\Common.OData.projitems*{59d9cec0-f8e5-4a1a-b8dd-5117e6a409d5}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{59d9cec0-f8e5-4a1a-b8dd-5117e6a409d5}*SharedItemsImports = 5 - test\Acceptance.Test.Shared\Acceptance.Test.Shared.projitems*{5c31964d-ea8b-420b-9297-5adfefe54962}*SharedItemsImports = 5 - test\Test.Common\Test.Common.projitems*{69c59656-53d1-4acb-92b5-8b34c8e62175}*SharedItemsImports = 5 - test\Acceptance.Test.Shared\Acceptance.Test.Shared.projitems*{6cdfb878-2642-4f98-ae35-621bac581181}*SharedItemsImports = 13 - src\Common\Common.projitems*{6d0e834b-6422-44cd-9a85-e3be9dead1be}*SharedItemsImports = 13 - src\Common.ApiExplorer\Common.ApiExplorer.projitems*{91e1f0b5-905d-446c-a2dd-4c1edabfaf6c}*SharedItemsImports = 5 - test\OData.Test.Shared\OData.Test.Shared.projitems*{9a635d55-7547-4df6-b7bd-840e16ebde28}*SharedItemsImports = 13 - test\Test.Common\Test.Common.projitems*{aeb074e1-e57a-4dd3-a972-3625b367ce5d}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{b7897873-6757-4684-83c0-39575821ae14}*SharedItemsImports = 13 - test\OData.Test.Shared\OData.Test.Shared.projitems*{ba0c8652-fef6-4004-a779-cd6dcf2996f7}*SharedItemsImports = 5 - src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{c0c766f3-a2d6-461e-adff-27496600ea9c}*SharedItemsImports = 13 - src\Common\Common.projitems*{c39cccbc-6b04-406f-96be-ca796eff34c5}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{c39cccbc-6b04-406f-96be-ca796eff34c5}*SharedItemsImports = 5 - test\OData.Test.Shared\OData.Test.Shared.projitems*{d87e54cc-c2d6-4ae5-806d-ae825b051c66}*SharedItemsImports = 5 - src\Common.ApiExplorer\Common.ApiExplorer.projitems*{f7784c3a-5569-4590-ae28-b721c0426045}*SharedItemsImports = 5 - src\Shared\Shared.projitems*{f7784c3a-5569-4590-ae28-b721c0426045}*SharedItemsImports = 5 - test\Test.Common\Test.Common.projitems*{f9297626-c37c-402b-afd6-712f3e5e4d7c}*SharedItemsImports = 13 - EndGlobalSection GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Release|Any CPU = Release|Any CPU @@ -373,4 +346,35 @@ Global GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {5A38B7FA-17BC-4D3C-977F-7379653DC67C} EndGlobalSection + GlobalSection(SharedMSBuildProjectFiles) = preSolution + src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{0d6519ae-20d2-4c98-97aa-ed3622043936}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{0d6519ae-20d2-4c98-97aa-ed3622043936}*SharedItemsImports = 5 + src\Common.OData\Common.OData.projitems*{1599a30d-d37f-443c-b935-290144910be3}*SharedItemsImports = 13 + src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{1b255310-a2b7-437f-804f-6e1d8c940a17}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{1b255310-a2b7-437f-804f-6e1d8c940a17}*SharedItemsImports = 5 + test\OData.Test.Shared\OData.Test.Shared.projitems*{23bc896b-a4cc-4c82-b98b-ce71239c2eb8}*SharedItemsImports = 5 + src\Common.ApiExplorer\Common.ApiExplorer.projitems*{26a67334-f6e6-49b8-8c5a-f88f28770966}*SharedItemsImports = 13 + src\Common\Common.projitems*{3bac97ed-1a8e-4f5a-a716-db5255f51c81}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{3bac97ed-1a8e-4f5a-a716-db5255f51c81}*SharedItemsImports = 5 + src\Common.OData\Common.OData.projitems*{48a2b488-23ab-4c83-ae30-0b8b735c4562}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{48a2b488-23ab-4c83-ae30-0b8b735c4562}*SharedItemsImports = 5 + src\Common.OData\Common.OData.projitems*{59d9cec0-f8e5-4a1a-b8dd-5117e6a409d5}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{59d9cec0-f8e5-4a1a-b8dd-5117e6a409d5}*SharedItemsImports = 5 + test\Acceptance.Test.Shared\Acceptance.Test.Shared.projitems*{5c31964d-ea8b-420b-9297-5adfefe54962}*SharedItemsImports = 5 + test\Test.Common\Test.Common.projitems*{69c59656-53d1-4acb-92b5-8b34c8e62175}*SharedItemsImports = 5 + test\Acceptance.Test.Shared\Acceptance.Test.Shared.projitems*{6cdfb878-2642-4f98-ae35-621bac581181}*SharedItemsImports = 13 + src\Common\Common.projitems*{6d0e834b-6422-44cd-9a85-e3be9dead1be}*SharedItemsImports = 13 + src\Common.ApiExplorer\Common.ApiExplorer.projitems*{91e1f0b5-905d-446c-a2dd-4c1edabfaf6c}*SharedItemsImports = 5 + test\OData.Test.Shared\OData.Test.Shared.projitems*{9a635d55-7547-4df6-b7bd-840e16ebde28}*SharedItemsImports = 13 + test\Test.Common\Test.Common.projitems*{aeb074e1-e57a-4dd3-a972-3625b367ce5d}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{b7897873-6757-4684-83c0-39575821ae14}*SharedItemsImports = 13 + test\OData.Test.Shared\OData.Test.Shared.projitems*{ba0c8652-fef6-4004-a779-cd6dcf2996f7}*SharedItemsImports = 5 + src\Common.OData.ApiExplorer\Common.OData.ApiExplorer.projitems*{c0c766f3-a2d6-461e-adff-27496600ea9c}*SharedItemsImports = 13 + src\Common\Common.projitems*{c39cccbc-6b04-406f-96be-ca796eff34c5}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{c39cccbc-6b04-406f-96be-ca796eff34c5}*SharedItemsImports = 5 + test\OData.Test.Shared\OData.Test.Shared.projitems*{d87e54cc-c2d6-4ae5-806d-ae825b051c66}*SharedItemsImports = 5 + src\Common.ApiExplorer\Common.ApiExplorer.projitems*{f7784c3a-5569-4590-ae28-b721c0426045}*SharedItemsImports = 5 + src\Shared\Shared.projitems*{f7784c3a-5569-4590-ae28-b721c0426045}*SharedItemsImports = 5 + test\Test.Common\Test.Common.projitems*{f9297626-c37c-402b-afd6-712f3e5e4d7c}*SharedItemsImports = 13 + EndGlobalSection EndGlobal diff --git a/samples/webapi/AdvancedODataWebApiSample/AdvancedODataWebApiSample.csproj b/samples/webapi/AdvancedODataWebApiSample/AdvancedODataWebApiSample.csproj index 726381be..0856cf5d 100644 --- a/samples/webapi/AdvancedODataWebApiSample/AdvancedODataWebApiSample.csproj +++ b/samples/webapi/AdvancedODataWebApiSample/AdvancedODataWebApiSample.csproj @@ -1,21 +1,14 @@  - Exe net472 Microsoft.Examples - - - - - - diff --git a/samples/webapi/AdvancedODataWebApiSample/Startup.cs b/samples/webapi/AdvancedODataWebApiSample/Startup.cs index d2e2d3ca..f9abca98 100644 --- a/samples/webapi/AdvancedODataWebApiSample/Startup.cs +++ b/samples/webapi/AdvancedODataWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.AspNet.OData.Builder; @@ -11,7 +9,7 @@ namespace Microsoft.Examples using System.Web.Http; using static System.Web.Http.RouteParameter; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder appBuilder ) { diff --git a/samples/webapi/BasicODataWebApiSample/BasicODataWebApiSample.csproj b/samples/webapi/BasicODataWebApiSample/BasicODataWebApiSample.csproj index 726381be..0856cf5d 100644 --- a/samples/webapi/BasicODataWebApiSample/BasicODataWebApiSample.csproj +++ b/samples/webapi/BasicODataWebApiSample/BasicODataWebApiSample.csproj @@ -1,21 +1,14 @@  - Exe net472 Microsoft.Examples - - - - - - diff --git a/samples/webapi/BasicODataWebApiSample/Startup.cs b/samples/webapi/BasicODataWebApiSample/Startup.cs index 6d320cad..84961306 100644 --- a/samples/webapi/BasicODataWebApiSample/Startup.cs +++ b/samples/webapi/BasicODataWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.AspNet.OData.Builder; @@ -9,7 +7,7 @@ namespace Microsoft.Examples using System; using System.Web.Http; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder appBuilder ) { diff --git a/samples/webapi/BasicWebApiSample/BasicWebApiSample.csproj b/samples/webapi/BasicWebApiSample/BasicWebApiSample.csproj index 72ee30a7..54af0219 100644 --- a/samples/webapi/BasicWebApiSample/BasicWebApiSample.csproj +++ b/samples/webapi/BasicWebApiSample/BasicWebApiSample.csproj @@ -1,20 +1,10 @@  - Exe net472 Microsoft.Examples - - - - - - - - - diff --git a/samples/webapi/BasicWebApiSample/Startup.cs b/samples/webapi/BasicWebApiSample/Startup.cs index 9f5912b8..3eec56b8 100644 --- a/samples/webapi/BasicWebApiSample/Startup.cs +++ b/samples/webapi/BasicWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.Web.Http.Routing; @@ -8,7 +6,7 @@ namespace Microsoft.Examples using System.Web.Http; using System.Web.Http.Routing; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder builder ) { diff --git a/samples/webapi/ByNamespaceWebApiSample/ByNamespaceWebApiSample.csproj b/samples/webapi/ByNamespaceWebApiSample/ByNamespaceWebApiSample.csproj index 72ee30a7..54af0219 100644 --- a/samples/webapi/ByNamespaceWebApiSample/ByNamespaceWebApiSample.csproj +++ b/samples/webapi/ByNamespaceWebApiSample/ByNamespaceWebApiSample.csproj @@ -1,20 +1,10 @@  - Exe net472 Microsoft.Examples - - - - - - - - - diff --git a/samples/webapi/ByNamespaceWebApiSample/Startup.cs b/samples/webapi/ByNamespaceWebApiSample/Startup.cs index e4bfc6c7..381796fc 100644 --- a/samples/webapi/ByNamespaceWebApiSample/Startup.cs +++ b/samples/webapi/ByNamespaceWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.Web.Http.Routing; @@ -8,7 +6,7 @@ namespace Microsoft.Examples using System; using System.Web.Http; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder builder ) { diff --git a/samples/webapi/ConventionsODataWebApiSample/ConventionsODataWebApiSample.csproj b/samples/webapi/ConventionsODataWebApiSample/ConventionsODataWebApiSample.csproj index 726381be..0856cf5d 100644 --- a/samples/webapi/ConventionsODataWebApiSample/ConventionsODataWebApiSample.csproj +++ b/samples/webapi/ConventionsODataWebApiSample/ConventionsODataWebApiSample.csproj @@ -1,21 +1,14 @@  - Exe net472 Microsoft.Examples - - - - - - diff --git a/samples/webapi/ConventionsODataWebApiSample/Startup.cs b/samples/webapi/ConventionsODataWebApiSample/Startup.cs index 80c8d36e..f6d1b1fa 100644 --- a/samples/webapi/ConventionsODataWebApiSample/Startup.cs +++ b/samples/webapi/ConventionsODataWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.AspNet.OData.Builder; @@ -11,7 +9,7 @@ namespace Microsoft.Examples using System; using System.Web.Http; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder appBuilder ) { diff --git a/samples/webapi/ConventionsWebApiSample/ConventionsWebApiSample.csproj b/samples/webapi/ConventionsWebApiSample/ConventionsWebApiSample.csproj index 72ee30a7..54af0219 100644 --- a/samples/webapi/ConventionsWebApiSample/ConventionsWebApiSample.csproj +++ b/samples/webapi/ConventionsWebApiSample/ConventionsWebApiSample.csproj @@ -1,20 +1,10 @@  - Exe net472 Microsoft.Examples - - - - - - - - - diff --git a/samples/webapi/ConventionsWebApiSample/Startup.cs b/samples/webapi/ConventionsWebApiSample/Startup.cs index 8d18deaf..c55d5bc9 100644 --- a/samples/webapi/ConventionsWebApiSample/Startup.cs +++ b/samples/webapi/ConventionsWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using Controllers; using global::Owin; @@ -10,7 +8,7 @@ namespace Microsoft.Examples using System.Web.Http; using System.Web.Http.Routing; - public class Startup + public partial class Startup { public void Configuration( IAppBuilder builder ) { diff --git a/samples/webapi/Directory.Build.props b/samples/webapi/Directory.Build.props new file mode 100644 index 00000000..a2ad6d81 --- /dev/null +++ b/samples/webapi/Directory.Build.props @@ -0,0 +1,25 @@ + + + + + + + Exe + + + + + + + + + <_Parameter1>Microsoft.Examples.Startup + <_Parameter1_TypeName>System.Type + + + + + + + + \ No newline at end of file diff --git a/samples/webapi/Startup.Newtonsoft.cs b/samples/webapi/Startup.Newtonsoft.cs new file mode 100644 index 00000000..8f4ccdb5 --- /dev/null +++ b/samples/webapi/Startup.Newtonsoft.cs @@ -0,0 +1,10 @@ +namespace Microsoft.Examples +{ + using Newtonsoft.Json; + + public partial class Startup + { + // REF: https://github.com/advisories/GHSA-5crp-9r3c-p9vr + static Startup() => JsonConvert.DefaultSettings = () => new() { MaxDepth = 128 }; + } +} \ No newline at end of file diff --git a/samples/webapi/SwaggerODataWebApiSample/Startup.cs b/samples/webapi/SwaggerODataWebApiSample/Startup.cs index 82c895d3..060b015d 100644 --- a/samples/webapi/SwaggerODataWebApiSample/Startup.cs +++ b/samples/webapi/SwaggerODataWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.AspNet.OData.Builder; @@ -19,7 +17,7 @@ namespace Microsoft.Examples /// /// Represents the startup process for the application. /// - public class Startup + public partial class Startup { /// /// Configures the application using the provided builder. diff --git a/samples/webapi/SwaggerODataWebApiSample/SwaggerODataWebApiSample.csproj b/samples/webapi/SwaggerODataWebApiSample/SwaggerODataWebApiSample.csproj index 511c3907..0df1c719 100644 --- a/samples/webapi/SwaggerODataWebApiSample/SwaggerODataWebApiSample.csproj +++ b/samples/webapi/SwaggerODataWebApiSample/SwaggerODataWebApiSample.csproj @@ -1,20 +1,16 @@  - Exe net472 Microsoft.Examples bin\$(Configuration)\$(TargetFramework)\$(MSBuildThisFileName).xml - - - diff --git a/samples/webapi/SwaggerWebApiSample/Startup.cs b/samples/webapi/SwaggerWebApiSample/Startup.cs index 9de4c552..3ca84dd0 100644 --- a/samples/webapi/SwaggerWebApiSample/Startup.cs +++ b/samples/webapi/SwaggerWebApiSample/Startup.cs @@ -1,6 +1,4 @@ -[assembly: Microsoft.Owin.OwinStartup( typeof( Microsoft.Examples.Startup ) )] - -namespace Microsoft.Examples +namespace Microsoft.Examples { using global::Owin; using Microsoft.Web.Http.Routing; @@ -15,7 +13,7 @@ namespace Microsoft.Examples /// /// Represents the startup process for the application. /// - public class Startup + public partial class Startup { /// /// Configures the application using the provided builder. diff --git a/samples/webapi/SwaggerWebApiSample/SwaggerWebApiSample.csproj b/samples/webapi/SwaggerWebApiSample/SwaggerWebApiSample.csproj index 13787172..88e3132a 100644 --- a/samples/webapi/SwaggerWebApiSample/SwaggerWebApiSample.csproj +++ b/samples/webapi/SwaggerWebApiSample/SwaggerWebApiSample.csproj @@ -1,20 +1,16 @@  - Exe net472 Microsoft.Examples bin\$(Configuration)\$(TargetFramework)\$(MSBuildThisFileName).xml - - -