Skip to content

Comments

added logging mechanism#77

Open
pstember wants to merge 1 commit intomainfrom
feat/add-logging
Open

added logging mechanism#77
pstember wants to merge 1 commit intomainfrom
feat/add-logging

Conversation

@pstember
Copy link
Contributor

@pstember pstember commented Jan 19, 2026

No description provided.

@sonar-nautilus
Copy link

sonar-nautilus bot commented Jan 19, 2026
edited
Loading

Quality Gate failed Quality Gate failed

Failed conditions
10 New issues
0.0% Coverage on New Code (required ≥ 80%)
7.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE SonarQube for IDE

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 19, 2026
View reviewed changes
src/main/java/demo/security/util/LoggingUtil.java
Comment on lines +52 to +53
securityLogger.warn("Failed login attempt - Username: {}, IP: {}, Reason: {}",
safeUsername, clientIp, reason);

Check notice

Code scanning / SonarQube

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube
src/main/java/demo/security/util/LoggingUtil.java
MDC.put(MDC_KEY_IP, clientIp);
MDC.put(MDC_KEY_EVENT, EVENT_SUCCESSFUL_LOGIN);

securityLogger.info("Successful login - Username: {}, IP: {}", username, clientIp);

Check notice

Code scanning / SonarQube

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube
src/main/java/demo/security/util/LoggingUtil.java
MDC.put(MDC_KEY_IP, clientIp);
MDC.put(MDC_KEY_EVENT, EVENT_SQL_QUERY);

sqlLogger.info("SQL query executed - Query: {}, IP: {}", sanitizeQuery(query), clientIp);

Check notice

Code scanning / SonarQube

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube
src/main/java/demo/security/util/LoggingUtil.java
public static void logSqlQuery(String query) {
MDC.put(MDC_KEY_EVENT, EVENT_SQL_QUERY);

sqlLogger.info("SQL query executed - Query: {}", sanitizeQuery(query));

Check notice

Code scanning / SonarQube

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube
src/main/java/demo/security/util/LoggingUtil.java
Comment on lines +118 to +119
fileLogger.info("File access - File: {}, Operation: {}, IP: {}",
sanitizeFileName(fileName), operation, clientIp);

Check notice

Code scanning / SonarQube

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pstember