From 39050b661f3aa186080721af74299afbae88533c Mon Sep 17 00:00:00 2001 From: John <74227617+shimakaze09@users.noreply.github.com> Date: Tue, 7 Apr 2026 09:24:08 +1200 Subject: [PATCH] Potential fix for code scanning alert no. 9: Exposure of private information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- Web/Services/EmailService.cs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Web/Services/EmailService.cs b/Web/Services/EmailService.cs index b664818..59f18b7 100644 --- a/Web/Services/EmailService.cs +++ b/Web/Services/EmailService.cs @@ -11,6 +11,21 @@ public class EmailService private readonly EmailAccountConfig _emailAccountConfig; private readonly ILogger _logger; + private static string MaskEmail(string email) + { + if (string.IsNullOrWhiteSpace(email)) return string.Empty; + + var atIndex = email.IndexOf('@'); + if (atIndex <= 0 || atIndex == email.Length - 1) return "***"; + + var localPart = email.Substring(0, atIndex); + var domainPart = email.Substring(atIndex + 1); + + if (localPart.Length <= 1) + return "*@" + domainPart; + + return localPart[0] + new string('*', Math.Max(1, localPart.Length - 1)) + "@" + domainPart; + } public EmailService(ILogger logger, IOptions options) { @@ -21,7 +36,8 @@ public EmailService(ILogger logger, IOptions o public async Task SendEmailAsync(string subject, string body, string toName, string toAddress) { var sanitizedToAddress = toAddress.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""); - _logger.LogDebug("Sending email, subject: {Subject}, recipient: {ToAddress}", subject, sanitizedToAddress); + var maskedToAddress = MaskEmail(sanitizedToAddress); + _logger.LogDebug("Sending email, subject: {Subject}, recipient: {ToAddress}", subject, maskedToAddress); body += $"

This message was automatically sent by {BlogLink}, no need to reply.

"; return await EmailUtils.SendEmailAsync(_emailAccountConfig, subject, body, toName, toAddress); }