Hi,
I suspect that the Log Injection.go autotest TestLogInjectionPOSTCredentialWithDangerousControlCharactersReturnHttp400() is incorrect. Specifically, I suspect it’s variable reuse.
I reproduced the test locally and it works. Could you please take a look?
. One of those characters that you have whitelisted, is not suitable for logs (hint: it can be used for “fake” entries to panic SOC teams)