Potential fix for code scanning alert no. 122: Log entries created from user input

ericcurtin · github-advanced-security[bot] · web-flow · commit cd47e5f77cb8 · 2025-11-16T22:26:40.000Z
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/pkg/ollama/handler.go b/pkg/ollama/handler.go
@@ -50,7 +50,9 @@ func NewHandler(log logging.Logger, modelManager *models.Manager, scheduler *sch
 
 // ServeHTTP implements the http.Handler interface
 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	h.log.Infof("Ollama API request: %s %s", r.Method, r.URL.Path)
+	safeMethod := strings.ReplaceAll(strings.ReplaceAll(r.Method, "\n", ""), "\r", "")
+	safePath := strings.ReplaceAll(strings.ReplaceAll(r.URL.Path, "\n", ""), "\r", "")
+	h.log.Infof("Ollama API request: %s %s", safeMethod, safePath)
 	h.httpHandler.ServeHTTP(w, r)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,9 @@ func NewHandler(log logging.Logger, modelManager models.Manager, scheduler sch`
`50`	`50`
`51`	`51`	`// ServeHTTP implements the http.Handler interface`
`52`	`52`	`func (h Handler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
`53`		`- h.log.Infof("Ollama API request: %s %s", r.Method, r.URL.Path)`
	`53`	`+ safeMethod := strings.ReplaceAll(strings.ReplaceAll(r.Method, "\n", ""), "\r", "")`
	`54`	`+ safePath := strings.ReplaceAll(strings.ReplaceAll(r.URL.Path, "\n", ""), "\r", "")`
	`55`	`+ h.log.Infof("Ollama API request: %s %s", safeMethod, safePath)`
`54`	`56`	`h.httpHandler.ServeHTTP(w, r)`
`55`	`57`	`}`
`56`	`58`