fix(review): replace email fallback with [Unbekannt] in AuthorView — prevents CWE-359 leak
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
@@ -78,7 +78,7 @@ public class GeschichteService {
|
|||||||
if (author != null) {
|
if (author != null) {
|
||||||
String displayName = ((author.getFirstName() != null ? author.getFirstName() : "")
|
String displayName = ((author.getFirstName() != null ? author.getFirstName() : "")
|
||||||
+ " " + (author.getLastName() != null ? author.getLastName() : "")).trim();
|
+ " " + (author.getLastName() != null ? author.getLastName() : "")).trim();
|
||||||
if (displayName.isBlank()) displayName = author.getEmail();
|
if (displayName.isBlank()) displayName = "[Unbekannt]";
|
||||||
authorView = new GeschichteView.AuthorView(author.getId(), displayName);
|
authorView = new GeschichteView.AuthorView(author.getId(), displayName);
|
||||||
}
|
}
|
||||||
return new GeschichteView(
|
return new GeschichteView(
|
||||||
|
|||||||
@@ -123,7 +123,7 @@ class GeschichteServiceTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void getById_author_displayName_falls_back_to_email_when_names_blank() {
|
void getById_author_displayName_falls_back_to_Unbekannt_when_names_blank() {
|
||||||
authenticateAs(reader, Permission.READ_ALL);
|
authenticateAs(reader, Permission.READ_ALL);
|
||||||
UUID id = UUID.randomUUID();
|
UUID id = UUID.randomUUID();
|
||||||
Geschichte published = published(id);
|
Geschichte published = published(id);
|
||||||
@@ -133,7 +133,7 @@ class GeschichteServiceTest {
|
|||||||
|
|
||||||
GeschichteView result = geschichteService.getById(id);
|
GeschichteView result = geschichteService.getById(id);
|
||||||
|
|
||||||
assertThat(result.author().displayName()).isEqualTo("anon@test");
|
assertThat(result.author().displayName()).isEqualTo("[Unbekannt]");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
Reference in New Issue
Block a user