Security issues fix (#12903)

* local variable disposal

* more local variable disposal

backend/src/Designer/Services/Implementation/GiteaAPIWrapper/GiteaAPIWrapper.cs

@@ -172,17 +172,17 @@ public async Task<List<Team>> GetTeams()
         /// <inheritdoc/>
         public async Task<bool> PutStarred(string org, string repository)
         {
-            HttpRequestMessage request = new(HttpMethod.Put, $"user/starred/{org}/{repository}");
-            HttpResponseMessage response = await _httpClient.SendAsync(request);
+            using HttpRequestMessage request = new(HttpMethod.Put, $"user/starred/{org}/{repository}");
+            using HttpResponseMessage response = await _httpClient.SendAsync(request);
 
             return response.StatusCode == HttpStatusCode.NoContent;
         }
 
         /// <inheritdoc/>
         public async Task<bool> DeleteStarred(string org, string repository)
         {
-            HttpRequestMessage request = new(HttpMethod.Delete, $"user/starred/{org}/{repository}");
-            HttpResponseMessage response = await _httpClient.SendAsync(request);
+            using HttpRequestMessage request = new(HttpMethod.Delete, $"user/starred/{org}/{repository}");
+            using HttpResponseMessage response = await _httpClient.SendAsync(request);
 
             return response.StatusCode == HttpStatusCode.NoContent;
         }
@@ -436,7 +436,7 @@ public async Task<Branch> CreateBranch(string org, string repository, string bra
         private async Task<HttpResponseMessage> PostBranch(string org, string repository, string branchName)
         {
             string content = $"{{\"new_branch_name\":\"{branchName}\"}}";
-            HttpRequestMessage message = new(HttpMethod.Post, $"repos/{org}/{repository}/branches");
+            using HttpRequestMessage message = new(HttpMethod.Post, $"repos/{org}/{repository}/branches");
             message.Content = new StringContent(content, Encoding.UTF8, "application/json");
 
             return await _httpClient.SendAsync(message);
@@ -573,7 +573,7 @@ public async Task<List<FileSystemObject>> GetDirectoryAsync(string org, string a
         public async Task<bool> CreatePullRequest(string org, string repository, CreatePullRequestOption createPullRequestOption)
         {
             string content = JsonSerializer.Serialize(createPullRequestOption);
-            HttpResponseMessage response = await _httpClient.PostAsync($"repos/{org}/{repository}/pulls", new StringContent(content, Encoding.UTF8, "application/json"));
+            using HttpResponseMessage response = await _httpClient.PostAsync($"repos/{org}/{repository}/pulls", new StringContent(content, Encoding.UTF8, "application/json"));
 
             return response.IsSuccessStatusCode;
         }
@@ -648,8 +648,8 @@ private async Task DeleteAllAppKeys(List<string> appKeys, string csrf)
                     formValues.Add(new KeyValuePair<string, string>("_csrf", csrf));
                     formValues.Add(new KeyValuePair<string, string>("id", key));
 
-                    FormUrlEncodedContent content = new(formValues);
-                    HttpResponseMessage response = await client.PostAsync(giteaUrl, content);
+                    using FormUrlEncodedContent content = new(formValues);
+                    using HttpResponseMessage response = await client.PostAsync(giteaUrl, content);
                     if (!response.StatusCode.Equals(HttpStatusCode.OK))
                     {
                         break;

backend/src/Designer/Services/Implementation/ResourceRegistryService.cs

@@ -111,7 +111,7 @@ public async Task<ActionResult> PublishServiceResource(ServiceResource serviceRe
 
             if (policyPath != null)
             {
-                MultipartFormDataContent content = new MultipartFormDataContent();
+                using MultipartFormDataContent content = new MultipartFormDataContent();
 
                 if (ResourceAdminHelper.ValidFilePath(policyPath))
                 {

backend/src/Designer/Services/Implementation/SchemaModelService.cs

@@ -173,7 +173,7 @@ public async Task<string> BuildSchemaFromXsd(AltinnRepoEditingContext altinnRepo
             cancellationToken.ThrowIfCancellationRequested();
             var altinnAppGitRepository = _altinnGitRepositoryFactory.GetAltinnAppGitRepository(altinnRepoEditingContext.Org, altinnRepoEditingContext.Repo, altinnRepoEditingContext.Developer);
 
-            MemoryStream xsdMemoryStream = new MemoryStream();
+            using MemoryStream xsdMemoryStream = new MemoryStream();
             xsdStream.CopyTo(xsdMemoryStream);
             string jsonContent;
             AltinnRepositoryType altinnRepositoryType = await altinnAppGitRepository.GetRepositoryType();

backend/src/Designer/TypedHttpClients/AltinnAuthentication/AltinnAuthenticationClient.cs

@@ -54,12 +54,12 @@ public async Task<string> ConvertTokenAsync(string token, Uri uri)
              * Have to create a HttpRequestMessage instead of using helper extension methods like _httpClient.PostAsync(...)
              * because the endpoint is built up in that way
              */
-            HttpRequestMessage message = new HttpRequestMessage
+            using HttpRequestMessage message = new HttpRequestMessage
             {
                 RequestUri = new Uri($"{uri.Scheme}://{uri.Host}:{uri.Port}/{_platformSettings.ApiAuthenticationConvertUri}")
             };
 
-            HttpResponseMessage response = await _httpClient.SendAsync(message);
+            using HttpResponseMessage response = await _httpClient.SendAsync(message);
 
             _logger.LogInformation($"//AltinnAuthenticationClient // ConvertTokenAsync // Response: {response}");
             var outputToken = await response.Content.ReadAsAsync<string>();

backend/src/Designer/TypedHttpClients/AltinnAuthorization/AltinnAuthorizationPolicyClient.cs

@@ -44,7 +44,7 @@ public async Task SavePolicy(string org, string app, string policyFile, string e
              * because the base address can change on each request and after HttpClient gets initial base address,
              * it is not advised (and not allowed) to change base address.
              */
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri)
+            using HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri)
             {
                 Content = new StringContent(policyFile, Encoding.UTF8, "application/xml"),
             };

backend/src/Designer/TypedHttpClients/AltinnStorage/AltinnStorageAppMetadataClient.cs

@@ -58,7 +58,7 @@ public async Task UpsertApplicationMetadata(
              * because the base address can change on each request and after HttpClient gets initial base address,
              * it is not advised (and not allowed) to change base address.
              */
-            HttpRequestMessage request = new(HttpMethod.Post, uri)
+            using HttpRequestMessage request = new(HttpMethod.Post, uri)
             {
                 Content = new StringContent(stringContent, Encoding.UTF8, "application/json"),
             };

backend/src/Designer/TypedHttpClients/AltinnStorage/AltinnStorageTextResourceClient.cs

@@ -38,7 +38,7 @@ public async Task Upsert(string org, string app, TextResource textResource, stri
             Uri uri = await CreatePostUri(envName, org, app);
             HttpClientHelper.AddSubscriptionKeys(_httpClient, uri, _platformSettings);
             string stringContent = JsonSerializer.Serialize(textResource);
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri)
+            using HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri)
             {
                 Content = new StringContent(stringContent, Encoding.UTF8, "application/json"),
             };