CodeQL: Log entries created from user input - request URL
We log the raw URL of each request. It allows attackers to put any content in log files.
Probably, we can replace the r.RequestURI
with r.URL.RequestURI()
, sanitize the request method, and validate the logged IP address from the header.