From 7d3ebf41037261f054a62d1f1fb53b38f5338e0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9sar=20Gallego=20Rodr=C3=ADguez?=
 <gallego.cesar@protonmail.com>
Date: Sun, 19 Mar 2023 18:59:31 +0100
Subject: [PATCH] fix: Log injection prevention task

---
 internal/server/data/resource.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/internal/server/data/resource.go b/internal/server/data/resource.go
index 2cbe6f3..744b2a8 100644
--- a/internal/server/data/resource.go
+++ b/internal/server/data/resource.go
@@ -22,6 +22,7 @@ import (
 	"net/http"
 	"net/textproto"
 	"strconv"
+  "strings"
 
 	"github.com/BBVA/kapow/internal/logger"
 	"github.com/BBVA/kapow/internal/server/httperror"
@@ -248,8 +249,18 @@ func setServerLog(w http.ResponseWriter, r *http.Request, h *model.Handler) {
 	}
 	handlerId := mux.Vars(r)["handlerID"]
 	if prefix := mux.Vars(r)["prefix"]; prefix == "" {
-		logger.L.Printf("%s %s\n", handlerId, msg)
+		logger.L.Printf("%s %s\n", escapeString(handlerId), msg)
 	} else {
-		logger.L.Printf("%s %s: %s\n", handlerId, prefix, msg)
+		logger.L.Printf("%s %s: %s\n", escapeString(handlerId), escapeString(prefix), msg)
 	}
 }
+
+// function to scape strings in order to be printed in a Log
+func escapeString(s string) string {
+  s = strings.Replace(s, "\n", "", -1)
+  s = strings.Replace(s, "\r", "", -1)
+  s = strings.Replace(s, "\t", "", -1)
+  s = strings.Replace(s, "\b", "", -1)
+
+  return s
+}