From 1b85abb4aa74d7a18ae62c8962eb1e8993daa8d9 Mon Sep 17 00:00:00 2001
From: Krishnadhas N K <108367225+githubofkrishnadhas@users.noreply.github.com>
Date: Sun, 13 Apr 2025 00:56:51 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 3: Log Injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app/quickapi.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/quickapi.py b/app/quickapi.py
index c341212..ff26fb7 100644
--- a/app/quickapi.py
+++ b/app/quickapi.py
@@ -41,7 +41,9 @@ async def create_item(item: UserColorEntry):
     user_colour.append(item)
     print(user_colour)
     # Sanitize log message to prevent log injection
-    logger.info("New user-color entry added: username=%s, color=%s", item.username, item.color)
+    sanitized_username = item.username.replace('\r\n', '').replace('\n', '')
+    sanitized_color = item.color.replace('\r\n', '').replace('\n', '')
+    logger.info("New user-color entry added: username=%s, color=%s", sanitized_username, sanitized_color)
     return item
 
 # List all user_colour mappings