From e9ef4b50faebae217d54b83f5b50b26ccdf21fea Mon Sep 17 00:00:00 2001
From: Sanjeev Agarwal <sanag@microsoft.com>
Date: Sun, 11 Feb 2024 21:49:53 +0530
Subject: [PATCH 1/3] fix security issues

---
 .Net Framework/src/AutoMapper/JsonToJsonMapper.csproj     | 2 +-
 .../JsonToJsonMapper.Tests/JsonToJsonMapper.Tests.csproj  | 8 ++++----
 .../test/JsonToJsonMapper.Tests/packages.config           | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.Net Framework/src/AutoMapper/JsonToJsonMapper.csproj b/.Net Framework/src/AutoMapper/JsonToJsonMapper.csproj
index 1f98459..844d5fa 100644
--- a/.Net Framework/src/AutoMapper/JsonToJsonMapper.csproj	
+++ b/.Net Framework/src/AutoMapper/JsonToJsonMapper.csproj	
@@ -88,7 +88,7 @@
       <Version>4.3.0</Version>
     </PackageReference>
     <PackageReference Include="Newtonsoft.Json">
-      <Version>10.0.1</Version>
+      <Version>13.0.3</Version>
     </PackageReference>
     <PackageReference Include="System.Reflection.Primitives">
       <Version>4.3.0</Version>
diff --git a/.Net Framework/test/JsonToJsonMapper.Tests/JsonToJsonMapper.Tests.csproj b/.Net Framework/test/JsonToJsonMapper.Tests/JsonToJsonMapper.Tests.csproj
index ab3ae25..7626ef7 100644
--- a/.Net Framework/test/JsonToJsonMapper.Tests/JsonToJsonMapper.Tests.csproj	
+++ b/.Net Framework/test/JsonToJsonMapper.Tests/JsonToJsonMapper.Tests.csproj	
@@ -49,8 +49,8 @@
       <HintPath>..\..\packages\Microsoft.CodeAnalysis.Scripting.Common.2.8.2\lib\netstandard1.3\Microsoft.CodeAnalysis.Scripting.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Newtonsoft.Json, Version=10.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Newtonsoft.Json.10.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.AppContext, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
@@ -163,8 +163,8 @@
     <None Include="packages.config" />
   </ItemGroup>
   <ItemGroup>
-    <Analyzer Include="..\..\packages\Microsoft.CodeAnalysis.Analyzers.1.1.0\analyzers\dotnet\cs\Microsoft.CodeAnalysis.Analyzers.dll" />
-    <Analyzer Include="..\..\packages\Microsoft.CodeAnalysis.Analyzers.1.1.0\analyzers\dotnet\cs\Microsoft.CodeAnalysis.CSharp.Analyzers.dll" />
+    <Analyzer Include="..\..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.4\analyzers\dotnet\cs\Microsoft.CodeAnalysis.Analyzers.dll" />
+    <Analyzer Include="..\..\packages\Microsoft.CodeAnalysis.Analyzers.3.3.4\analyzers\dotnet\cs\Microsoft.CodeAnalysis.CSharp.Analyzers.dll" />
   </ItemGroup>
   <Choose>
     <When Condition="'$(VisualStudioVersion)' == '10.0' And '$(IsCodedUITest)' == 'True'">
diff --git a/.Net Framework/test/JsonToJsonMapper.Tests/packages.config b/.Net Framework/test/JsonToJsonMapper.Tests/packages.config
index a32f887..94bcadf 100644
--- a/.Net Framework/test/JsonToJsonMapper.Tests/packages.config	
+++ b/.Net Framework/test/JsonToJsonMapper.Tests/packages.config	
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.CodeAnalysis.Analyzers" version="1.1.0" targetFramework="net46" />
+  <package id="Microsoft.CodeAnalysis.Analyzers" version="3.3.4" targetFramework="net46" developmentDependency="true" />
   <package id="Microsoft.CodeAnalysis.Common" version="2.8.2" targetFramework="net46" />
   <package id="Microsoft.CodeAnalysis.CSharp" version="2.8.2" targetFramework="net46" />
   <package id="Microsoft.CodeAnalysis.CSharp.Scripting" version="2.8.2" targetFramework="net46" />
   <package id="Microsoft.CodeAnalysis.Scripting" version="2.8.2" targetFramework="net46" />
   <package id="Microsoft.CodeAnalysis.Scripting.Common" version="2.8.2" targetFramework="net46" />
-  <package id="Newtonsoft.Json" version="10.0.1" targetFramework="net46" />
+  <package id="Newtonsoft.Json" version="13.0.3" targetFramework="net46" />
   <package id="System.AppContext" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections.Concurrent" version="4.3.0" targetFramework="net46" />

From 85c73fa31b2b0d782723f90441225f881bead972 Mon Sep 17 00:00:00 2001
From: Sanjeev Agarwal <sanag@microsoft.com>
Date: Sun, 11 Feb 2024 22:42:51 +0530
Subject: [PATCH 2/3] fix secuirty issue

---
 .Net Framework/.vscode/settings.json          |  3 +
 .../AutoMapper/Handlers/FunctionHandler.cs    | 95 ++++++++++---------
 2 files changed, 51 insertions(+), 47 deletions(-)
 create mode 100644 .Net Framework/.vscode/settings.json

diff --git a/.Net Framework/.vscode/settings.json b/.Net Framework/.vscode/settings.json
new file mode 100644
index 0000000..013007b
--- /dev/null
+++ b/.Net Framework/.vscode/settings.json	
@@ -0,0 +1,3 @@
+{
+    "dotnet.preferCSharpExtension": true
+}
\ No newline at end of file
diff --git a/.Net Framework/src/AutoMapper/Handlers/FunctionHandler.cs b/.Net Framework/src/AutoMapper/Handlers/FunctionHandler.cs
index eed8ff8..2aa38cb 100644
--- a/.Net Framework/src/AutoMapper/Handlers/FunctionHandler.cs	
+++ b/.Net Framework/src/AutoMapper/Handlers/FunctionHandler.cs	
@@ -22,77 +22,78 @@ public dynamic Run(JObject transform, JObject input)
             {
                 if (parameters != null)
                 {
-                    foreach (var item in parameters)
+                    foreach (var item in from item in parameters
+                                         where !(item is JToken)
+                                         select item)
                     {
-                        if (!(item is JToken))
-                            if (item.StartsWith("$"))
+                        if (item.StartsWith("$"))
+                        {
+                            if (!item.ToUpperInvariant().Contains("[{PARENT}]"))
                             {
-                                if (!item.ToUpperInvariant().Contains("[{PARENT}]"))
+                                var tokens = input.SelectTokens((string)item);
+                                if (tokens != null && tokens.Any())
                                 {
-                                    var tokens = input.SelectTokens((string)item);
-                                    if (tokens != null && tokens.Any())
+                                    foreach (var i in tokens)
                                     {
-                                        foreach (var i in tokens)
+                                        if (i.Type == JTokenType.Null)
+                                        {
+                                            inputParam.Add(nullString);
+                                        }
+                                        else if (string.IsNullOrWhiteSpace(i.ToString()))
                                         {
-                                            if (i.Type == JTokenType.Null)
-                                            {
+                                            if (Convert.ToBoolean(ignoreEmptyValue))
                                                 inputParam.Add(nullString);
-                                            }
-                                            else if (string.IsNullOrWhiteSpace(i.ToString()))
-                                            {
-                                                if (Convert.ToBoolean(ignoreEmptyValue))
-                                                    inputParam.Add(nullString);
-                                                else
-                                                    inputParam.Add(i.ToString());
-                                            }
                                             else
-                                            {
                                                 inputParam.Add(i.ToString());
-                                            }
-
                                         }
-                                    }
-                                    else
-                                    {
-                                        inputParam.Add(nullString);
+                                        else
+                                        {
+                                            inputParam.Add(i.ToString());
+                                        }
+
                                     }
                                 }
                                 else
                                 {
-                                    JContainer json;
-                                    json = input.Parent;
-                                    for (int i = 2; i < item.Split(new string[] { "[{parent}]" }, System.StringSplitOptions.None).Length; i++)
-                                    {
-                                        json = json.Parent;
-                                    }
-                                    JToken valueToken = json.SelectToken(item.Replace("[{parent}].", "").Replace("$.", ""));
-                                    if (valueToken != null)
+                                    inputParam.Add(nullString);
+                                }
+                            }
+                            else
+                            {
+                                JContainer json;
+                                json = input.Parent;
+                                for (int i = 2; i < item.Split(new string[] { "[{parent}]" }, System.StringSplitOptions.None).Length; i++)
+                                {
+                                    json = json.Parent;
+                                }
+                                JToken valueToken = json.SelectToken(item.Replace("[{parent}].", "").Replace("$.", ""));
+                                if (valueToken != null)
+                                {
+                                    if (valueToken.Type == JTokenType.Array || valueToken.Type == JTokenType.Object)
+                                        inputParam.Add(valueToken.ToString().Replace("\r", "").Replace("\n", "").Replace("\t", ""));
+                                    else if (valueToken.Value<string>() != null)
                                     {
-                                        if (valueToken.Type == JTokenType.Array || valueToken.Type == JTokenType.Object)
-                                            inputParam.Add(valueToken.ToString().Replace("\r", "").Replace("\n", "").Replace("\t", ""));
-                                        else if (valueToken.Value<string>() != null)
+                                        if (string.IsNullOrWhiteSpace(valueToken.ToString()))
                                         {
-                                            if (string.IsNullOrWhiteSpace(valueToken.ToString()))
-                                            {
-                                                if (Convert.ToBoolean(ignoreEmptyValue))
-                                                    inputParam.Add(nullString);
-                                                else
-                                                    inputParam.Add(valueToken.ToString());
-                                            }
+                                            if (Convert.ToBoolean(ignoreEmptyValue))
+                                                inputParam.Add(nullString);
                                             else
-                                            {
                                                 inputParam.Add(valueToken.ToString());
-                                            }
                                         }
                                         else
-                                            inputParam.Add(nullString);
+                                        {
+                                            inputParam.Add(valueToken.ToString());
+                                        }
                                     }
                                     else
                                         inputParam.Add(nullString);
                                 }
+                                else
+                                    inputParam.Add(nullString);
                             }
-                            else
-                                inputParam.Add(item);
+                        }
+                        else
+                            inputParam.Add(item);
                     }
                 }
             }

From b93d2ac7bb0f3c46ce71c94cc12d3c5df32a705b Mon Sep 17 00:00:00 2001
From: Sanjeev Agarwal <sanag@microsoft.com>
Date: Sun, 25 Feb 2024 23:20:47 +0530
Subject: [PATCH 3/3] set setting defaults

---
 .Net Framework/.vscode/settings.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.Net Framework/.vscode/settings.json b/.Net Framework/.vscode/settings.json
index 013007b..1c5e843 100644
--- a/.Net Framework/.vscode/settings.json	
+++ b/.Net Framework/.vscode/settings.json	
@@ -1,3 +1,4 @@
 {
-    "dotnet.preferCSharpExtension": true
+    "dotnet.preferCSharpExtension": true,
+    "dotnet.defaultSolution": "Json2JsonMapper.sln"
 }
\ No newline at end of file