From 93b105126dfc4be342d662c2eab2d5096e5ac16e Mon Sep 17 00:00:00 2001
From: JerrettDavis <mxjerrett@gmail.com>
Date: Mon, 22 Jun 2026 21:18:43 -0500
Subject: [PATCH] fix(security): sanitize orderId route parameter before
 logging to prevent log-forging

The `id` parameter bound from the URL path in the UpdateOrderStatus endpoint is
user-controlled. Sanitize it via SanitizeForLog before passing to LogInformation
(CodeQL cs/log-forging alert #295 on main).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/Demo.JsonApi/Program.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Demo.JsonApi/Program.cs b/src/Demo.JsonApi/Program.cs
index 0726188..ee7dc74 100644
--- a/src/Demo.JsonApi/Program.cs
+++ b/src/Demo.JsonApi/Program.cs
@@ -120,7 +120,7 @@
     if (!string.IsNullOrWhiteSpace(statusUpdate.Notes))
     {
         logger.LogInformation("Order {OrderId} status updated to {Status}. Notes: {Notes}",
-            id, statusUpdate.Status, SanitizeForLog(statusUpdate.Notes));
+            SanitizeForLog(id), statusUpdate.Status, SanitizeForLog(statusUpdate.Notes));
     }
 
     return Results.Ok(order);