From 66dca953bfe88f44d1fcf38f07ffd7774cc72615 Mon Sep 17 00:00:00 2001
From: John Wang <johncwang@gmail.com>
Date: Sun, 1 Mar 2026 16:21:39 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 4: Log entries
 created from user input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 platforms/agentcore/server.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/platforms/agentcore/server.go b/platforms/agentcore/server.go
index d0e8a72..6b41eae 100644
--- a/platforms/agentcore/server.go
+++ b/platforms/agentcore/server.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 )
 
 // Server implements the AWS AgentCore HTTP contract.
@@ -131,8 +132,9 @@ func (s *Server) handleInvocations(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if s.config.EnableRequestLogging && s.config.EnableSessionTracking {
+		safeSessionID := strings.ReplaceAll(strings.ReplaceAll(req.SessionID, "\n", ""), "\r", "")
 		log.Printf("[AgentCore] Invocation complete: session=%s output_len=%d", //nolint:gosec // G706: Internal logging
-			req.SessionID, len(resp.Output))
+			safeSessionID, len(resp.Output))
 	}
 }