Fix code scanning alert no. 41: Log entries created from user input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
JoeShook · Oct 7, 2024 · 2583a6d · 2583a6d
1 parent 8e3f07a
commit 2583a6d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Udap.Server/Security/Authentication/TieredOAuth/TieredOAuthAuthenticationHandler.cs b/Udap.Server/Security/Authentication/TieredOAuth/TieredOAuthAuthenticationHandler.cs
@@ -405,7 +405,8 @@ protected override async Task<OAuthTokenResponse> ExchangeCodeAsync(OAuthCodeExc
     {
         Logger.LogInformation("UDAP exchanging authorization code.");
         Logger.LogDebug("{ReturnUrl}", context.Properties.Items["returnUrl"] ?? "~/");
-        Logger.LogDebug("{QueryString}", Context.Request.QueryString.Value);
+        var sanitizedQueryString = Context.Request.QueryString.Value?.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
+        Logger.LogDebug("{QueryString}", sanitizedQueryString);
 
         var originalRequestParams = HttpUtility.ParseQueryString(context.Properties.Items["returnUrl"] ?? "~/");
         var idp = (originalRequestParams.GetValues("idp") ?? throw new InvalidOperationException()).Last();