[CCAP-493] Create sendGrid family confirmation email and background job #970
Conversation
spokenbird
force-pushed
the
ccap-493-family-confirmation-email
branch
from
42994ee to
76c5aab
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return; | ||
| } | ||
|
|
||
| log.info("Received {} SendGrid events", events); |
Check failure
Code scanning / CodeQL
Log Injection High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 12 days ago
To fix the log injection issue, we need to sanitize the events parameter before logging it. The best way to do this is to remove any potentially dangerous characters, such as new-line characters, from the user-provided data. We can achieve this by converting the events list to a sanitized string representation before logging it.
- Create a method to sanitize the
eventsparameter by removing new-line characters. - Use this method to sanitize the
eventsparameter before logging it.
| @@ -45,3 +45,13 @@ | ||
|
|
||
| log.info("Received {} SendGrid events", events); | ||
| log.info("Received {} SendGrid events", sanitizeEvents(events)); | ||
| } | ||
|
|
||
| /** | ||
| * Sanitize the events list by removing new-line characters. | ||
| * | ||
| * @param events: list of events to sanitize | ||
| * @return a sanitized string representation of the events | ||
| */ | ||
| private String sanitizeEvents(List<Map<String, Object>> events) { | ||
| return events.toString().replaceAll("[\\r\\n]", ""); | ||
| } |
src/main/java/org/ilgcc/app/email/SendGridWebhookController.java
Dismissed
Show dismissed
Hide dismissed
src/main/java/org/ilgcc/app/email/SendGridWebhookController.java
Dismissed
Show dismissed
Hide dismissed
src/main/java/org/ilgcc/app/email/SendGridWebhookController.java
Dismissed
Show dismissed
Hide dismissed
src/main/java/org/ilgcc/app/email/SendGridWebhookController.java
Dismissed
Show dismissed
Hide dismissed
src/main/java/org/ilgcc/app/email/SendGridWebhookController.java
Dismissed
Show dismissed
Hide dismissed
|
@cram-cfa Not fully implemented is the webhook which I haven't been able to get working. The webhook should provide asynchronous updates on email statuses from Sendgrid, to our applications endpoint. I can see pings to the endpoint in the Heroku logs, but the endpoint shows a 403 (unauthorized?) which I'm not sure if that means our application is saying Heroku is unauthorized or vice versa. https://www.twilio.com/docs/sendgrid/for-developers/tracking-events/getting-started-event-webhook If we can get this working we should be able to implement retries when needed and a status table for emails. |
|
I also setup a Datadog alert if communicating with Sendgrid fails: |
🔗 Jira ticket
CCAP-493
✍️ Description
Creates a SendGridEmailService and background job which is enqueued via an action. The action queue's a background job to send an email via the sendgrid API.