From 2557747e70f73af01faedc6080cf83a8baab85a9 Mon Sep 17 00:00:00 2001
From: ashanmugavel <abilash.shanmugavel@doubleslash.com>
Date: Fri, 22 Sep 2023 10:05:51 +0200
Subject: [PATCH 1/2] fixed: Log Injection CWE-117

---
 .../edc/model/EDCNotificationContent.java     | 16 ++++++++
 .../edc/model/EDCNotificationHeader.java      | 38 ++++++++++++++++++-
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
index bb8034c79c..1d3ad07fbd 100644
--- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
+++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
@@ -22,10 +22,26 @@
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 
+import java.util.ArrayList;
 import java.util.List;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public record EDCNotificationContent(
         String information,
         List<String> listOfAffectedItems) {
+
+    @Override
+    public String toString() {
+        String cleanInformation = information.replaceAll("\r\n|\r|\n", " ");
+        List<String> cleanListOfAffectedItems = new ArrayList<>();
+        for (String AffectedItems : listOfAffectedItems) {
+            AffectedItems.replaceAll("\r\n|\r|\n", " ");
+            cleanListOfAffectedItems.add(AffectedItems);
+        }
+        return "EDCNotificationContent{" +
+                "information='" + cleanInformation + '\'' +
+                ", listOfAffectedItems=" + cleanListOfAffectedItems +
+                '}';
+    }
+
 }
diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java
index 1690219d84..f51db269ec 100644
--- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java
+++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java
@@ -24,6 +24,40 @@
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public record EDCNotificationHeader(String notificationId, String senderBPN, String senderAddress, String recipientBPN,
-									String classification, String severity, String relatedNotificationId,
-									String status, String targetDate, String messageId) {
+                                    String classification, String severity, String relatedNotificationId,
+                                    String status, String targetDate, String messageId) {
+
+    @Override
+    public String toString() {
+        String[] stringsToClean = {
+                notificationId,
+                senderBPN,
+                senderAddress,
+                recipientBPN,
+                classification,
+                severity,
+                relatedNotificationId,
+                status,
+                targetDate,
+                messageId
+        };
+
+        for (int i = 0; i < stringsToClean.length; i++) {
+            stringsToClean[i] = stringsToClean[i].replaceAll("\r\n|\r|\n", " ");
+        }
+
+        return "EDCNotificationHeader{" +
+                "notificationId='" + notificationId + '\'' +
+                ", senderBPN='" + senderBPN + '\'' +
+                ", senderAddress='" + senderAddress + '\'' +
+                ", recipientBPN='" + recipientBPN + '\'' +
+                ", classification='" + classification + '\'' +
+                ", severity='" + severity + '\'' +
+                ", relatedNotificationId='" + relatedNotificationId + '\'' +
+                ", status='" + status + '\'' +
+                ", targetDate='" + targetDate + '\'' +
+                ", messageId='" + messageId + '\'' +
+                '}';
+    }
+
 }

From ce573cc3b94504642336db2523d82ff900c6a1d0 Mon Sep 17 00:00:00 2001
From: ashanmugavel <abilash.shanmugavel@doubleslash.com>
Date: Fri, 22 Sep 2023 10:07:21 +0200
Subject: [PATCH 2/2] fixed: Log Injection CWE-117

---
 .../infrastructure/edc/model/EDCNotificationContent.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
index 1d3ad07fbd..84ac6c5744 100644
--- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
+++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java
@@ -35,8 +35,8 @@ public String toString() {
         String cleanInformation = information.replaceAll("\r\n|\r|\n", " ");
         List<String> cleanListOfAffectedItems = new ArrayList<>();
         for (String AffectedItems : listOfAffectedItems) {
-            AffectedItems.replaceAll("\r\n|\r|\n", " ");
-            cleanListOfAffectedItems.add(AffectedItems);
+            String cleanAffectedItem = AffectedItems.replaceAll("\r\n|\r|\n", " ");
+            cleanListOfAffectedItems.add(cleanAffectedItem);
         }
         return "EDCNotificationContent{" +
                 "information='" + cleanInformation + '\'' +