From c4faff5dfa84d461d6d5b7b2c0ff7af8de2cdf51 Mon Sep 17 00:00:00 2001
From: Andreas Fankhauser <23085769+hiddenalpha@users.noreply.github.com>
Date: Tue, 25 Jun 2024 09:01:34 +0200
Subject: [PATCH] (SECURITY) Fix format string injection vulnerability.

See also:
- https://beaglesecurity.com/blog/vulnerability/format-string-vulnerability.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
---
 .../java/org/swisspush/gateleen/routing/StorageForwarder.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java b/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java
index 44d239bd..e50877aa 100755
--- a/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java
+++ b/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java
@@ -102,7 +102,7 @@ public void handle(final RoutingContext ctx) {
                     response.setStatusCode(StatusCode.INTERNAL_SERVER_ERROR.getStatusCode());
                     response.setStatusMessage(statusMessage);
                     response.end();
-                    log.error(statusMessage, gateleenExceptionFactory.newException(result.cause()));
+                    log.error("{}", statusMessage, gateleenExceptionFactory.newException(result.cause()));
                 } else {
                     Buffer buffer = result.result().body();
                     int headerLength = buffer.getInt(0);