search

CyberSource / cybersource-rest-client-dotnet

.NET client library for the CyberSource REST API
Other
16 stars 42 forks source link

LogUtility.MaskSensitiveData is not thread safe #123

Closed wrightsonm closed 2 years ago

wrightsonm commented 2 years ago

(Also raised on NetStandard repository) - Dot Net Standard Issue 22

We have just pulled in the latest changes that include the new logging with MaskSensitiveData options, and quickly identified a concurrency issue when deploying to production.

System.InvalidOperationException: Collection was modified; enumeration operation may not execute. at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource resource) at System.Collections.Generic.Dictionary`2.Enumerator.MoveNext() at AuthenticationSdk.util.LogUtility.MaskSensitiveData(String str) at CyberSource.Api.KeyGenerationApi.GeneratePublicKeyWithHttpInfo(String format, GeneratePublicKeyRequest generatePublicKeyRequest) at CyberSource.Api.KeyGenerationApi.GeneratePublicKey(String format, GeneratePublicKeyRequest generatePublicKeyRequest)

Specifically we deployed the netFramework version, but am discussing here as AuthenticationSdk for netFramework is closed source, and the NetStandard version is open source & can be seen to be non-thread safe here:

AuthenticationSdk/util/LogUtility.cs

Tagging developers to flag this issue: @gnongsie @chsriniv9

wrightsonm commented 2 years ago

See PR https://github.com/CyberSource/cybersource-rest-client-dotnetstandard/pull/23