Skip to content

FUND-2559 ZRC: improve security around query parameters on subjects#183

Open
heuvea wants to merge 8 commits into
mainfrom
bugfix/FUND-2559-ZRC-improve-security-around-query-parameters
Open

FUND-2559 ZRC: improve security around query parameters on subjects#183
heuvea wants to merge 8 commits into
mainfrom
bugfix/FUND-2559-ZRC-improve-security-around-query-parameters

Conversation

@heuvea
Copy link
Copy Markdown
Contributor

@heuvea heuvea commented May 19, 2026
edited
Loading

…ome audits

Pull Request

Description

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation

Related Issues

Testing

  • Tests pass
  • Manual testing completed

Checklist

  • Self-review completed
  • Documentation updated (if needed)

Copilot AI review requested due to automatic review settings May 19, 2026 11:39
@heuvea heuvea added Bug Something isn't working Autorisaties API Related to Autorisaties (AC) component Referentielijsten API Related to Referentielijsten (RF) component Besluiten API Related to Besluiten (BRC) component Documenten API Related to Documenten (DRC) component Zaken API Related to Zaken (ZRC) component Catalogi API Related to Catalogi (ZTC) component Improvement labels May 19, 2026
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateBodyParametersFilter.cs Outdated
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakStatussenController.cs
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Documenten.Web/Startup.cs
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/StatusTypeController.cs
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Autorisaties.Web/Startup.cs
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZakenController.cs
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/ResultaatTypeController.cs
Copilot AI reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves request parameter hardening across ZGW API components by adding reusable validation filters for unknown query/body parameters and applying them to list/search endpoints. It also extends ZRC audit logging for privacy-sensitive zaak queries.

Changes:

  • Adds common query/body parameter validation filters.
  • Registers and applies validation filters across Zaken, Documenten, Catalogi, Besluiten, Autorisaties, and Referentielijsten endpoints.
  • Extends audit trail logging for additional sensitive Zaken filters.

Reviewed changes

Copilot reviewed 62 out of 62 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/OneGround.ZGW.Common.Web/Validations/ValidateQueryParametersFilter.cs Adds generic query parameter allow-list validation.
src/OneGround.ZGW.Common.Web/Validations/ValidateBodyParametersFilter.cs Adds generic JSON body property allow-list validation.
src/OneGround.ZGW.Zaken.Web/Startup.cs Registers Zaken validation filters.
src/OneGround.ZGW.Zaken.Web/Extensions/QueryAndSearchParameterValidationsExtensions.cs Adds Zaken filter registrations.
src/OneGround.ZGW.Zaken.Web/Handlers/v1/5/GetAllZakenQueryHandler.cs Expands audit logging for sensitive zaak filters.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZakenController.cs Applies Zaken query/search validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZaakStatussenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZaakResultatenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZaakObjectenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/ZaakInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/KlantContactenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/2/ZaakObjectenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZakenController.cs Applies v1.5 query/search validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakVerzoekenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakStatussenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakRollenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakObjectenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Zaken.Web/Controllers/v1/5/ZaakContactMomentenController.cs Applies query validation.
src/OneGround.ZGW.Referentielijsten.Web/Startup.cs Registers Referentielijsten validation filters.
src/OneGround.ZGW.Referentielijsten.Web/Extensions/QueryParameterValidationExtensions.cs Adds Referentielijsten filter registrations.
src/OneGround.ZGW.Referentielijsten.Web/Controllers/ResultatenController.cs Applies query validation.
src/OneGround.ZGW.Referentielijsten.Web/Controllers/ProcesTypenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Startup.cs Registers Documenten validation filters.
src/OneGround.ZGW.Documenten.Web/Extensions/QueryParameterValidationExtensions.cs Adds Documenten filter registrations.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/EnkelvoudigInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/GebruiksRechtenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/ObjectInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/1/EnkelvoudigInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/5/EnkelvoudigInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/5/GebruiksRechtenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/5/ObjectInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Documenten.Web/Controllers/v1/5/VerzendingenController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Startup.cs Registers Catalogi validation filters.
src/OneGround.ZGW.Catalogi.Web/Extensions/QueryParameterValidationExtensions.cs Adds Catalogi filter registrations.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/CatalogusController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/BesluitTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/EigenschapController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/InformatieObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/ResultaatTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/RolTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/StatusTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/ZaakTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/ZaakTypeInformatieObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/2/InformatieObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/CatalogusController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/BesluitTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/EigenschapController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/InformatieObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/ResultaatTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/RolTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/StatusTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/ZaakObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/ZaakTypeController.cs Applies query validation.
src/OneGround.ZGW.Catalogi.Web/Controllers/v1/3/ZaakTypeInformatieObjectTypeController.cs Applies query validation.
src/OneGround.ZGW.Besluiten.Web/Startup.cs Registers Besluiten validation filters.
src/OneGround.ZGW.Besluiten.Web/Extensions/QueryParameterValidationExtensions.cs Adds Besluiten filter registrations.
src/OneGround.ZGW.Besluiten.Web/Controllers/v1/BesluitenController.cs Applies query validation.
src/OneGround.ZGW.Besluiten.Web/Controllers/v1/BesluitInformatieObjectenController.cs Applies query validation.
src/OneGround.ZGW.Autorisaties.Web/Startup.cs Registers Autorisaties validation filters.
src/OneGround.ZGW.Autorisaties.Web/Extensions/QueryParameterValidationExtensions.cs Adds Autorisaties filter registration.
src/OneGround.ZGW.Autorisaties.Web/Controllers/v1/ApplicatiesController.cs Applies query validation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateQueryParametersFilter.cs Outdated
Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateBodyParametersFilter.cs Outdated
Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateQueryParametersFilter.cs
Comment thread src/OneGround.ZGW.Zaken.Web/Handlers/v1/5/GetAllZakenQueryHandler.cs Outdated
github-code-quality[bot]
github-code-quality Bot found potential problems May 19, 2026
View reviewed changes
Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateBodyParametersFilter.cs Fixed
Comment thread src/OneGround.ZGW.Common.Web/Validations/ValidateQueryParametersFilter.cs Fixed
heuvea and others added 6 commits May 19, 2026 13:49
@heuvea @github-code-quality
Potential fix for pull request finding 'Missed opportunity to use Sel…
62849b4 
…ect'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@heuvea @github-code-quality
Potential fix for pull request finding 'Missed opportunity to use Sel…
3779070 
…ect'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@heuvea
Potential fix for pull request finding
bfbd427 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@heuvea
copilot fixes
6114eee
@heuvea
remove try-catch
da6d585
@heuvea
build error fix
2ce8702
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+2 more reviewers

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Autorisaties API Related to Autorisaties (AC) component Besluiten API Related to Besluiten (BRC) component Bug Something isn't working Catalogi API Related to Catalogi (ZTC) component Documenten API Related to Documenten (DRC) component Improvement Referentielijsten API Related to Referentielijsten (RF) component Zaken API Related to Zaken (ZRC) component

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@heuvea