From c560589b282aa2449b30fab67318d9eed67205a6 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Tue, 5 Aug 2025 04:53:39 +0000
Subject: [PATCH] fix: remove sensitive user input from logs in GetUser handler

---
 owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go b/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
index 9b5c26764..fc66e62aa 100644
--- a/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
+++ b/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
@@ -65,13 +65,13 @@ func (es *EchoServer) GetUser(c echo.Context) error {
 
 	userFromDB, err := es.Database.GetUser(username)
 	if err != nil {
-		es.Logger.Info(fmt.Sprintf("User '%s' not found in the database", username))
+		es.Logger.Info("User not found in the database")
 
 		return c.JSON(http.StatusNotFound,
 			map[string]string{"result": "fail", "message": err.Error()})
 	}
 
-	es.Logger.Info(fmt.Sprintf("User '%s' found in the database", username))
+	es.Logger.Info("User found in the database")
 	return c.JSON(http.StatusOK, userFromDB)
 }