Potential fix for code scanning alert no. 210: Log entries created from user input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: jeffcumpsty-tpx

OpenReferralApi.Core/Services/OpenApiValidationService.cs

@@ -54,7 +54,7 @@ public async Task<OpenApiValidationResult> ValidateOpenApiSpecificationAsync(Ope
                     var (discoveredUrl, reason) = await _discoveryService.DiscoverOpenApiUrlAsync(request.BaseUrl, cancellationToken);
                     if (!string.IsNullOrEmpty(discoveredUrl))
                     {
-                        _logger.LogInformation("Discovered OpenAPI schema URL: {Url} (Reason: {Reason})", discoveredUrl, reason);
+                        _logger.LogInformation("Discovered OpenAPI schema URL: {Url} (Reason: {Reason})", SchemaResolverService.SanitizeUrlForLogging(discoveredUrl), reason);
                         request.OpenApiSchema ??= new OpenApiSchema();
                         request.OpenApiSchema.Url = discoveredUrl;
                         request.ProfileReason = reason;

OpenReferralApi.Core/Services/SchemaResolverService.cs

@@ -604,13 +604,13 @@ public async Task<JSchema> CreateSchemaFromJsonAsync(string schemaJson, string?
   {
     try
     {
-      _logger.LogDebug("Creating JSON schema from JSON string with resolver. DocumentUri: {DocumentUri}", documentUri ?? "none");
+      _logger.LogDebug("Creating JSON schema from JSON string with resolver. DocumentUri: {DocumentUri}", documentUri != null ? SanitizeUrlForLogging(documentUri) : "none");
 
       // Pre-resolve all external and internal references using System.Text.Json based resolution
       string resolvedSchemaJson = schemaJson;
       try
       {
-        _logger.LogDebug("Pre-resolving all schema references with base URI: {DocumentUri}", documentUri ?? "none");
+        _logger.LogDebug("Pre-resolving all schema references with base URI: {DocumentUri}", documentUri != null ? SanitizeUrlForLogging(documentUri) : "none");
         resolvedSchemaJson = await ResolveAsync(schemaJson, documentUri, auth);
         _logger.LogDebug("Successfully pre-resolved all schema references");
       }

OpenReferralApi/Controllers/OpenApiController.cs

@@ -44,7 +44,7 @@ public async Task<ActionResult<object>> ValidateOpenApiSpecificationAsync(
         [FromBody] OpenApiValidationRequest request,
         CancellationToken cancellationToken = default)
     {
-        _logger.LogInformation("Received OpenAPI validation request for BaseUrl: {BaseUrl}", request.BaseUrl);
+        _logger.LogInformation("Received OpenAPI validation request for BaseUrl: {BaseUrl}", SchemaResolverService.SanitizeUrlForLogging(request.BaseUrl ?? string.Empty));
 
         if (string.IsNullOrEmpty(request.OpenApiSchema?.Url) && string.IsNullOrEmpty(request.BaseUrl))
         {
@@ -64,7 +64,7 @@ public async Task<ActionResult<object>> ValidateOpenApiSpecificationAsync(
 
         var result = await _openApiValidationService.ValidateOpenApiSpecificationAsync(request, cancellationToken);
 
-        _logger.LogInformation("Validation completed for BaseUrl: {BaseUrl}", request.BaseUrl);
+        _logger.LogInformation("Validation completed for BaseUrl: {BaseUrl}", SchemaResolverService.SanitizeUrlForLogging(request.BaseUrl ?? string.Empty));
 
         // Return raw result or mapped to ValidationResponse format based on option
         if (request.Options?.ReturnRawResult == true)