Potential fix for code scanning alert no. 40: Log entries created from user input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-07-02 15:27:06 +02:00 · 2025-07-02 15:27:06 +02:00 · 12f80d12da
parent b6bf9a1463
commit 12f80d12da
1 changed files with 8 additions and 5 deletions
--- a/pkg/inference/models/manager.go
+++ b/pkg/inference/models/manager.go
@ -258,17 +258,20 @@ func (m *Manager) handleGetModel(w http.ResponseWriter, r *http.Request) {

 // ResolveModelID resolves a model reference to a model ID. If resolution fails, it returns the original ref.
 func (m *Manager) ResolveModelID(modelRef string) string {
+	// Sanitize modelRef to prevent log forgery
+	sanitizedModelRef := strings.ReplaceAll(modelRef, "\n", "")
+	sanitizedModelRef = strings.ReplaceAll(sanitizedModelRef, "\r", "")

-	model, err := m.GetModel(modelRef)
+	model, err := m.GetModel(sanitizedModelRef)
 	if err != nil {
-		m.log.Warnf("Failed to resolve model ref %s to ID: %v", modelRef, err)
-		return modelRef
+		m.log.Warnf("Failed to resolve model ref %s to ID: %v", sanitizedModelRef, err)
+		return sanitizedModelRef
 	}

 	modelID, err := model.ID()
 	if err != nil {
-		m.log.Warnf("Failed to get model ID for ref %s: %v", modelRef, err)
-		return modelRef
+		m.log.Warnf("Failed to get model ID for ref %s: %v", sanitizedModelRef, err)
+		return sanitizedModelRef
 	}

 	return modelID