Merge pull request #28 from netboxlabs/alert-autofix-5

netboxlabs-nvp · web-flow · commit ee2d21cd08a7 · 2025-04-19T10:24:31.000-04:00
Potential fix for code scanning alert no. 5: Log Injection
diff --git a/netbox-event-driven-automation-flask-app/app.py b/netbox-event-driven-automation-flask-app/app.py
@@ -76,7 +76,10 @@ def get(self):
         _session['version_lastrun'] = VERSION
         _session['status']['requests'] += 1
         _session['status']['last_called'] = datetime.now()
-        logger.info(f"{request.full_path}, {request.remote_addr}, Status request with data {request.get_data()}")
+        sanitized_full_path = request.full_path.replace('\r\n', '').replace('\n', '')
+        sanitized_remote_addr = request.remote_addr.replace('\r\n', '').replace('\n', '') if request.remote_addr else 'Unknown'
+        sanitized_data = request.get_data(as_text=True).replace('\r\n', '').replace('\n', '') if request.get_data() else ''
+        logger.info(f"{sanitized_full_path}, {sanitized_remote_addr}, Status request with data {sanitized_data}")
         return jsonify(_session)
 
 
