From 74f3c6f012aab28531156fdd3355e3f11558af2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Mar 2023 18:56:54 +0000
Subject: [PATCH 1/2] chore(deps): bump golang from 1.20.1 to 1.20.2 in
 /.github/go

Bumps golang from 1.20.1 to 1.20.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/go/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/go/Dockerfile b/.github/go/Dockerfile
index b6dccd6..0a7beb6 100644
--- a/.github/go/Dockerfile
+++ b/.github/go/Dockerfile
@@ -1 +1 @@
-FROM golang:1.20.1
+FROM golang:1.20.2

From 7d3ebf41037261f054a62d1f1fb53b38f5338e0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9sar=20Gallego=20Rodr=C3=ADguez?=
 <gallego.cesar@protonmail.com>
Date: Sun, 19 Mar 2023 18:59:31 +0100
Subject: [PATCH 2/2] fix: Log injection prevention task

---
 internal/server/data/resource.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/internal/server/data/resource.go b/internal/server/data/resource.go
index 2cbe6f3..744b2a8 100644
--- a/internal/server/data/resource.go
+++ b/internal/server/data/resource.go
@@ -22,6 +22,7 @@ import (
 	"net/http"
 	"net/textproto"
 	"strconv"
+  "strings"
 
 	"github.com/BBVA/kapow/internal/logger"
 	"github.com/BBVA/kapow/internal/server/httperror"
@@ -248,8 +249,18 @@ func setServerLog(w http.ResponseWriter, r *http.Request, h *model.Handler) {
 	}
 	handlerId := mux.Vars(r)["handlerID"]
 	if prefix := mux.Vars(r)["prefix"]; prefix == "" {
-		logger.L.Printf("%s %s\n", handlerId, msg)
+		logger.L.Printf("%s %s\n", escapeString(handlerId), msg)
 	} else {
-		logger.L.Printf("%s %s: %s\n", handlerId, prefix, msg)
+		logger.L.Printf("%s %s: %s\n", escapeString(handlerId), escapeString(prefix), msg)
 	}
 }
+
+// function to scape strings in order to be printed in a Log
+func escapeString(s string) string {
+  s = strings.Replace(s, "\n", "", -1)
+  s = strings.Replace(s, "\r", "", -1)
+  s = strings.Replace(s, "\t", "", -1)
+  s = strings.Replace(s, "\b", "", -1)
+
+  return s
+}