Merge pull request #478 from aurelianware/copilot/sub-pr-477

Author: aurelianware

src/services/fhir-service/Controllers/FhirControllerBase.cs

@@ -84,4 +84,15 @@ protected static int ClampPageSize(int requested, int max = 100)
 
     protected static int ClampPage(int requested)
         => Math.Max(1, requested);
+
+    // ── Logging helpers ───────────────────────────────────────────────────────
+
+    /// <summary>
+    /// Removes CR/LF characters from a user-supplied value before it is written
+    /// to a log entry, preventing log-injection attacks.
+    /// </summary>
+    protected static string SanitizeForLog(string? value)
+        => string.IsNullOrEmpty(value) ? string.Empty
+           : value.Replace("\r", string.Empty, StringComparison.Ordinal)
+                  .Replace("\n", string.Empty, StringComparison.Ordinal);
 }

src/services/fhir-service/Controllers/ProviderDirectoryController.cs

@@ -285,7 +285,7 @@ public async Task<IActionResult> SearchLocations(
     {
         if (!ProviderDirectoryMapper.ValidateNpi(npi))
         {
-            _logger.LogWarning("Invalid NPI format: {Npi}", npi);
+            _logger.LogWarning("Invalid NPI format: {Npi}", SanitizeForLog(npi));
             return null;
         }
 
@@ -302,7 +302,7 @@ public async Task<IActionResult> SearchLocations(
         }
         catch (Exception ex)
         {
-            _logger.LogError(ex, "NPPES lookup failed for NPI {Npi}", npi);
+            _logger.LogError(ex, "NPPES lookup failed for NPI {Npi}", SanitizeForLog(npi));
             throw;
         }
     }