fix(security): sanitize user-controlled data in logs to prevent log injection

- Use sanitize_log_data() for all user-controlled data before logging
- Sanitize tool_id and message parameters in MCP router
- Sanitize message text in MCP planner graph timeout and routing logs
- Use sanitize_error_message() for HTTP error responses
- Prevents log injection attacks by encoding suspicious data in base64
- Addresses SonarQube security warnings for log injection vulnerabilities

Author: T-DevH

src/api/graphs/mcp_integrated_planner_graph.py

@@ -41,6 +41,7 @@
 from src.api.services.mcp.tool_routing import ToolRoutingService, RoutingStrategy
 from src.api.services.mcp.tool_validation import ToolValidationService
 from src.api.services.mcp.base import MCPManager
+from src.api.utils.log_utils import sanitize_log_data
 
 logger = logging.getLogger(__name__)
 
@@ -775,11 +776,13 @@ async def _mcp_route_intent(self, state: MCPWarehouseState) -> MCPWarehouseState
                     for tool in available_tools
                 ]
 
+            # Sanitize user-controlled message before logging
+            safe_message_text = sanitize_log_data(message_text, max_length=100)
             logger.info(
-                f"🔀 MCP Intent classified as: {intent} for message: {message_text[:100]}..."
+                f"🔀 MCP Intent classified as: {intent} for message: {safe_message_text}..."
             )
             logger.debug(
-                f"Routing decision details - Intent: {intent}, Message: {message_text}, "
+                f"Routing decision details - Intent: {intent}, Message: {safe_message_text}, "
                 f"Safety keywords found: {sum(1 for kw in MCPIntentClassifier.SAFETY_KEYWORDS if kw in message_text.lower())}, "
                 f"Equipment keywords found: {sum(1 for kw in MCPIntentClassifier.EQUIPMENT_KEYWORDS if kw in message_text.lower())}"
             )
@@ -1556,9 +1559,11 @@ async def process_warehouse_query(
                 )
                 logger.info(f"✅ Graph execution completed in time: timeout={graph_timeout}s")
             except asyncio.TimeoutError:
+                # Sanitize user-controlled message before logging
+                safe_message = sanitize_log_data(message, max_length=100)
                 logger.error(
                     f"⏱️ TIMEOUT: Graph execution timed out after {graph_timeout}s | "
-                    f"Message: {message[:100]} | Complex: {is_complex_query} | Reasoning: {enable_reasoning}"
+                    f"Message: {safe_message} | Complex: {is_complex_query} | Reasoning: {enable_reasoning}"
                 )
                 return self._create_fallback_response(message, session_id)
 

src/api/routers/mcp.py

@@ -28,6 +28,8 @@
 from src.api.services.mcp.tool_binding import ToolBindingService
 from src.api.services.mcp.tool_routing import ToolRoutingService, RoutingStrategy
 from src.api.services.mcp.tool_validation import ToolValidationService
+from src.api.utils.log_utils import sanitize_log_data
+from src.api.utils.error_handler import sanitize_error_message
 
 logger = logging.getLogger(__name__)
 
@@ -230,8 +232,12 @@ async def execute_tool(tool_id: str, parameters: Dict[str, Any] = None):
             "status": "success",
         }
     except Exception as e:
-        logger.error(f"Error executing tool {tool_id}: {e}")
-        raise HTTPException(status_code=500, detail=f"Failed to execute tool: {str(e)}")
+        # Sanitize user-controlled data before logging
+        safe_tool_id = sanitize_log_data(tool_id, max_length=100)
+        logger.error(f"Error executing tool {safe_tool_id}: {sanitize_log_data(str(e))}")
+        # Use sanitized error message for HTTP response
+        error_msg = sanitize_error_message(e, "Tool execution")
+        raise HTTPException(status_code=500, detail=error_msg)
 
 
 @router.post("/test-workflow")
@@ -253,10 +259,12 @@ async def test_mcp_workflow(message: str, session_id: str = "test"):
             "status": "success",
         }
     except Exception as e:
-        logger.error(f"Error testing MCP workflow: {e}")
-        raise HTTPException(
-            status_code=500, detail=f"Failed to test MCP workflow: {str(e)}"
-        )
+        # Sanitize user-controlled data before logging
+        safe_message = sanitize_log_data(message, max_length=200)
+        logger.error(f"Error testing MCP workflow: {sanitize_log_data(str(e))}")
+        # Use sanitized error message for HTTP response
+        error_msg = sanitize_error_message(e, "MCP workflow testing")
+        raise HTTPException(status_code=500, detail=error_msg)
 
 
 @router.get("/agents")