Potential fix for code scanning alert no. 99: Log entries created from user input (#258)

* Potential fix for code scanning alert no. 99: Log entries created from user input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update SanitizeForLog to handle nullable input safely

SanitizeForLog now accepts a nullable string and returns an empty
string if the input is null, preventing possible null reference
exceptions and improving log safety.

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: tspascoal

src/GitHubActions.Gates.Framework/FunctionHandlers/WebHookHandler.cs

@@ -12,13 +12,18 @@ namespace GitHubActions.Gates.Framework.FunctionHandlers
 {
     public class WebHookHandler
     {
+        // Removes carriage return and newline characters to prevent log forging
+        private static string SanitizeForLog(string? input)
+        {
+            return input == null ? string.Empty : input.Replace("\r", "").Replace("\n", "");
+        }
         protected const string DeploymentProtectionRuleEventName = "deployment_protection_rule";
         protected virtual async Task<IActionResult> ProcessWebHook(HttpRequest req, ILogger log, string ProcessingQueueName)
         {
             var ghEvent = req.Headers["X-GitHub-Event"].FirstOrDefault();
             var id = req.Headers["X-GitHub-Delivery"].FirstOrDefault();
 
-            log.LogInformation($"EventReceiver Begin: [{ghEvent}] ${id}");
+            log.LogInformation($"EventReceiver Begin: [{SanitizeForLog(ghEvent)}] {SanitizeForLog(id)}");
 
             // No need to waste resources something is definitely missing
             if (string.IsNullOrWhiteSpace(ghEvent))