Per the S5145 (Refactor this code to not log tainted, user-controlled data), suggested compliant solution is to replace pattern breaking chars and then later log the details.
// Replace pattern-breaking characters
param1 = param1.replaceAll("[\n|\r|\t]", "_");
In my case, I wanted to print the value of path variable value along with other details so that to trace back whenever required. However, if the pattern breaking chars like \n, \r, \t are passed as a path variable, request won’t reach to application itself. Hence, just for sake of resolving the sonar issue I don’t want to sanitize path variable. Any other way to fix this sonar issue?
My sample code snippet:
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public String testSonarIssue(@PathVariable String id){
loggger.info("received request for id {}",id);
return "hello";
}