From 0d5e8d01a9e19ffffb22a8def1780c61daaa519e Mon Sep 17 00:00:00 2001
From: Kris Powers <85710701+KrisPowers@users.noreply.github.com>
Date: Tue, 12 May 2026 19:54:20 -0400
Subject: [PATCH] Potential fix for code scanning alert no. 14: Log injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/middleware/error-tracker.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/middleware/error-tracker.js b/lib/middleware/error-tracker.js
index 3d86867..8bc266e 100644
--- a/lib/middleware/error-tracker.js
+++ b/lib/middleware/error-tracker.js
@@ -200,7 +200,9 @@ class ErrorTracker {
     if (process.env.NODE_ENV === 'development') {
       console.error(`[Error Tracker] ${entry.severity.toUpperCase()}: ${entry.error.message}`);
       if (entry.request.url) {
-        console.error(`  Request: ${entry.request.method} ${entry.request.url}`);
+        const safeMethod = String(entry.request.method ?? '').replace(/[\r\n]/g, '');
+        const safeUrl = String(entry.request.url ?? '').replace(/[\r\n]/g, '');
+        console.error(`  Request: ${safeMethod} ${safeUrl}`);
       }
       if (this.config.captureStackTrace && entry.error.stack) {
         console.error(`  Stack: ${entry.error.stack.split('\n')[1]?.trim()}`);