From ca997719313bbac4cdac81d53292e370f0be5f91 Mon Sep 17 00:00:00 2001
From: Jordan Padams <33492486+jordanpadams@users.noreply.github.com>
Date: Wed, 13 Nov 2024 17:25:00 -0800
Subject: [PATCH] Fix code scanning alert no. 155: Log Injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../pds/api/registry/search/RegistrySearchRequestBuilder.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/service/src/main/java/gov/nasa/pds/api/registry/search/RegistrySearchRequestBuilder.java b/service/src/main/java/gov/nasa/pds/api/registry/search/RegistrySearchRequestBuilder.java
index ab1ed850..c8ae16e6 100644
--- a/service/src/main/java/gov/nasa/pds/api/registry/search/RegistrySearchRequestBuilder.java
+++ b/service/src/main/java/gov/nasa/pds/api/registry/search/RegistrySearchRequestBuilder.java
@@ -339,7 +339,8 @@ public RegistrySearchRequestBuilder constrainByQueryString(String q) throws Unpa
       }
       return this;
     } catch (RecognitionException | ParseCancellationException e) {
-      log.info("Unable to parse q " + q + "error message is " + e);
+      String sanitizedQ = q.replace('\n', ' ').replace('\r', ' ');
+      log.info("Unable to parse q " + sanitizedQ + " error message is " + e);
       throw new UnparsableQParamException(
           "q string value:" + q + " Error message " + e.getMessage());
     }