From f31311d1048b4b074386560854f8d48f880b98ef Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Thu, 30 Apr 2026 01:10:26 -0700
Subject: [PATCH] fix(security): align QQBot log sanitizer with CodeQL

Aligns QQBot debug log newline removal with the CodeQL js/log-injection sanitizer model to close alert 232.
---
 extensions/qqbot/src/engine/utils/log.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/qqbot/src/engine/utils/log.ts b/extensions/qqbot/src/engine/utils/log.ts
index 751b9013d03..7bb284df88a 100644
--- a/extensions/qqbot/src/engine/utils/log.ts
+++ b/extensions/qqbot/src/engine/utils/log.ts
@@ -42,20 +42,20 @@ function formatDebugLogArgs(args: unknown[]): string {
 /** Debug-level log; only outputs when QQBOT_DEBUG is enabled. */
 export function debugLog(...args: unknown[]): void {
   if (isDebug()) {
-    console.log(formatDebugLogArgs(args).replace(/[\r\n]/g, " "));
+    console.log(formatDebugLogArgs(args).replace(/\n|\r/g, ""));
   }
 }
 
 /** Debug-level warning; only outputs when QQBOT_DEBUG is enabled. */
 export function debugWarn(...args: unknown[]): void {
   if (isDebug()) {
-    console.warn(formatDebugLogArgs(args).replace(/[\r\n]/g, " "));
+    console.warn(formatDebugLogArgs(args).replace(/\n|\r/g, ""));
   }
 }
 
 /** Debug-level error; only outputs when QQBOT_DEBUG is enabled. */
 export function debugError(...args: unknown[]): void {
   if (isDebug()) {
-    console.error(formatDebugLogArgs(args).replace(/[\r\n]/g, " "));
+    console.error(formatDebugLogArgs(args).replace(/\n|\r/g, ""));
   }
 }