[kogito-apps#2279] Handle detected static code scan problems (apache#2280)

Author: baldimir

data-audit/data-audit-common/src/main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java

@@ -52,7 +52,13 @@ public void setQuery(String query) {
 
     @Override
     public String toString() {
-        return "DataAuditQuery [identifier=" + identifier + ", graphQLDefinition=" + graphQLDefinition + ", query=" + query + "]";
+        return "DataAuditQuery [identifier="
+                + identifier.replace('\n', '_').replace('\r', '_')
+                + ", graphQLDefinition="
+                + graphQLDefinition.replace('\n', '_').replace('\r', '_')
+                + ", query="
+                + query.replace('\n', '_').replace('\r', '_')
+                + "]";
     }
 
 }

data-audit/kogito-addons-data-audit-springboot/src/main/java/org/kie/kogito/app/audit/springboot/GraphQLAuditDataRouteMapping.java

@@ -95,6 +95,6 @@ public String blockingRegistryHandlerGet() {
 
     @ExceptionHandler({ Throwable.class })
     public ResponseEntity<String> handleException(Throwable th) {
-        return ResponseEntity.badRequest().body(th.getLocalizedMessage());
+        return ResponseEntity.badRequest().body("An Exception occurred processing the request. Please see the logs for more details.");
     }
 }

trusty/trusty-service/trusty-service-common/src/main/java/org/kie/kogito/trusty/service/common/TrustyServiceImpl.java

@@ -222,7 +222,9 @@ protected CounterfactualExplainabilityRequest makeCounterfactualRequest(String e
         //This is returned as null under Redis, so play safe
         Collection<DecisionInput> decisionInputs = Objects.nonNull(decision.getInputs()) ? decision.getInputs() : Collections.emptyList();
         if (!isStructureIdentical(decisionInputs, searchDomains)) {
-            String error = buildCounterfactualErrorMessage(String.format("The structure of the Search Domains do not match the structure of the original Inputs for decision with ID %s.", executionId),
+            // The replace calls are sanitization of the user input. The executionId has a way to reach here from the user.
+            String error = buildCounterfactualErrorMessage(
+                    String.format("The structure of the Search Domains do not match the structure of the original Inputs for decision with ID %s.", executionId.replace('\n', '_').replace('\r', '_')),
                     "Decision inputs:-", decisionInputs,
                     "Search domains:-", searchDomains);
             LOG.error(error);
@@ -232,8 +234,11 @@ protected CounterfactualExplainabilityRequest makeCounterfactualRequest(String e
         //This is returned as null under Redis, so play safe
         Collection<DecisionOutcome> decisionOutcomes = Objects.nonNull(decision.getOutcomes()) ? decision.getOutcomes() : Collections.emptyList();
         if (!isStructureSubset(decisionOutcomes, goals)) {
+            // The replace calls are sanitization of the user input. The executionId has a way to reach here from the user.
             String error =
-                    buildCounterfactualErrorMessage(String.format("The structure of the Goals is not comparable to the structure of the original Outcomes for decision with ID %s.", executionId),
+                    buildCounterfactualErrorMessage(
+                            String.format("The structure of the Goals is not comparable to the structure of the original Outcomes for decision with ID %s.",
+                                    executionId.replace('\n', '_').replace('\r', '_')),
                             "Decision outcomes:-", decisionOutcomes,
                             "Goals:-", goals);
             LOG.error(error);