fix: Fix Code Scanning Alerts

[pm7y]

This PR addresses all 4 open GitHub code scanning alerts: 1 high-severity security issue and 3 code quality warnings.

Security Fix (High Priority)

Alert #69: Log Forging Vulnerability

• Location: SasKeyValidator.cs:212
• Issue: User-controlled input (SAS token signature from query string) was logged without sanitization, potentially allowing log injection attacks through crafted signatures containing newline characters
• Fix: Added sanitization to escape control characters (\n, \r) before logging the signature value
• Impact: Prevents attackers from injecting fake log entries or obfuscating malicious activity in logs

Code Quality Improvements

Alert #72: Useless Assignment

• Location: EventGridMiddleware.cs:98
• Issue: contentType variable assigned at the start of method but only used in one specific code path
• Fix: Moved variable declaration to just before its use, improving code clarity and reducing unnecessary allocations

Alert #71: Useless Assignment

• Location: EventGridMiddleware.cs:77
• Issue: requestUri variable used only once in string interpolation
• Fix: Inlined the expression to eliminate unnecessary variable assignment

Alert #70: Misleading Indentation

• Location: EventHistoryStore.cs:158
• Issue: Nested foreach loops without braces made code structure unclear
• Fix: Added explicit braces to both loops, improving readability and preventing future bugs

Testing

• Main project builds successfully with 0 warnings
• 735/741 tests pass (6 failures are unrelated to these changes - they're due to ServiceDefaults dependency issues)
• No functional changes - all fixes maintain backward compatibility

[Copilot]

Pull request overview

This PR addresses 4 GitHub code scanning alerts by implementing security hardening and code quality improvements across the codebase. The changes include log forging prevention in authentication validation, elimination of unnecessary variable assignments, and improved code structure clarity.

• Security hardening by sanitizing user-controlled input before logging to prevent log injection attacks
• Code quality improvements by removing useless variable assignments and clarifying nested loop structure
• No functional changes or breaking changes - all fixes maintain backward compatibility

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
src/AzureEventGridSimulator/Infrastructure/Middleware/SasKeyValidator.cs	Adds sanitization to escape control characters in SAS token signatures before logging to prevent log forging attacks
src/AzureEventGridSimulator/Infrastructure/Middleware/EventGridMiddleware.cs	Removes two unnecessary variable assignments: inlines URI construction for error message and defers contentType variable declaration to point of use
src/AzureEventGridSimulator/Domain/Services/Dashboard/EventHistoryStore.cs	Adds explicit braces to nested foreach loops in GetStats method to improve code structure clarity and prevent potential future bugs

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.