Severity: Warning
File: src/Servy.Core/Services/EventLogService.cs
Lines: 37-41 (constructor) and 137-140 (filter)
Code:
public EventLogService(IEventLogReader reader, string? sourceName = null)
{
_reader = reader ?? throw new ArgumentNullException(nameof(reader));
_sourceName = sourceName ?? AppConfig.EventSource;
}
// ...
foreach (var evt in records)
{
// ...
var provider = evt.ProviderName ?? string.Empty;
// 1. Heuristic: Only include events where the provider contains "Servy"
// This prevents capturing unrelated system/app logs even when _sourceName is empty.
if (provider.IndexOf(AppConfig.EventSource, StringComparison.OrdinalIgnoreCase) < 0)
continue;Explanation:
The constructor accepts an _sourceName and uses it to build a Provider[@Name='...'] system filter (so the Event Log query is correctly scoped). However, after _reader.ReadEvents(...) returns, every record is filtered a SECOND time with provider.IndexOf(AppConfig.EventSource, ...) < 0 — using the hardcoded AppConfig.EventSource constant rather than _sourceName.
The xml-doc on the constructor explicitly invites callers to pass a different source: "Pass an empty string to disable the provider filter and enable wildcard querying." In practice, even when an empty/wildcard sourceName is passed and the XML query returns records from many providers, the post-filter on line 139 will still drop everything whose ProviderName does NOT contain AppConfig.EventSource. The sourceName parameter is therefore effectively ignored: it can only ever narrow the query, never broaden it past AppConfig.EventSource.
Suggested fix:
Either (a) drop the post-filter entirely and trust the XPath Provider[@Name='...'] clause; or (b) make the post-filter respect _sourceName (skip the check when _sourceName is empty), so the documented "wildcard querying" actually works:
// Only apply the heuristic when no specific provider was scoped via XPath
if (string.IsNullOrEmpty(_sourceName) &&
provider.IndexOf(AppConfig.EventSource, StringComparison.OrdinalIgnoreCase) < 0)
continue;
Severity: Warning
File:
src/Servy.Core/Services/EventLogService.csLines: 37-41 (constructor) and 137-140 (filter)
Code:
Explanation:
The constructor accepts an
_sourceNameand uses it to build aProvider[@Name='...']system filter (so the Event Log query is correctly scoped). However, after_reader.ReadEvents(...)returns, every record is filtered a SECOND time withprovider.IndexOf(AppConfig.EventSource, ...) < 0— using the hardcodedAppConfig.EventSourceconstant rather than_sourceName.The xml-doc on the constructor explicitly invites callers to pass a different source: "Pass an empty string to disable the provider filter and enable wildcard querying." In practice, even when an empty/wildcard
sourceNameis passed and the XML query returns records from many providers, the post-filter on line 139 will still drop everything whose ProviderName does NOT containAppConfig.EventSource. ThesourceNameparameter is therefore effectively ignored: it can only ever narrow the query, never broaden it pastAppConfig.EventSource.Suggested fix:
Either (a) drop the post-filter entirely and trust the XPath
Provider[@Name='...']clause; or (b) make the post-filter respect_sourceName(skip the check when_sourceNameis empty), so the documented "wildcard querying" actually works: