From f09d61fe93c55b81cc2999d5771c09e2b996c495 Mon Sep 17 00:00:00 2001
From: githubofkrishnadhas <krishnadhasnk1997@gmail.com>
Date: Sat, 12 Apr 2025 22:55:51 +0530
Subject: [PATCH] If unsanitized user input is written to a log entry, a
 malicious user may be able to forge new log entries.

---
 app/quickapi.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/quickapi.py b/app/quickapi.py
index 875a312..c341212 100644
--- a/app/quickapi.py
+++ b/app/quickapi.py
@@ -40,7 +40,8 @@ async def create_item(item: UserColorEntry):
     """Create an item with a username and users favourite colour and return it."""
     user_colour.append(item)
     print(user_colour)
-    logger.info(item)
+    # Sanitize log message to prevent log injection
+    logger.info("New user-color entry added: username=%s, color=%s", item.username, item.color)
     return item
 
 # List all user_colour mappings