Fix Spotbugs in azure-core

eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml

@@ -2433,4 +2433,18 @@
     <Field name="detectionConfiguration" />
     <Bug pattern="UWF_UNWRITTEN_FIELD" />
   </Match>
+
+  <!-- Disabling false positives in azure-core -->
+  <Match>
+      <Class name="com.azure.core.util.logging.ClientLogger" />
+      <Bug pattern="CRLF_INJECTION_LOGS" />
+  </Match>
+  <Match>
+      <Class name="com.azure.core.http.policy.ExponentialBackoff" />
+      <Bug pattern="PREDICTABLE_RANDOM" />
+  </Match>
+  <Match>
+      <Class name="com.azure.core.implementation.logging.DefaultLogger" />
+      <Bug pattern="INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE" />
+  </Match>
 </FindBugsFilter>

sdk/core/azure-core/pom.xml

@@ -183,6 +183,23 @@
           </rules>
         </configuration>
       </plugin>
+
+      <!-- This plugin scans reports spotbugs in the code -->
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>3.1.12.2</version> <!-- {x-version-update;com.github.spotbugs:spotbugs-maven-plugin;external_dependency} -->
+        <configuration>
+          <plugins>
+            <plugin>
+              <groupId>com.h3xstream.findsecbugs</groupId>
+              <artifactId>findsecbugs-plugin</artifactId>
+              <version>1.9.0</version> <!-- {x-version-update;com.h3xstream.findsecbugs:findsecbugs-plugin;external_dependency} -->
+            </plugin>
+          </plugins>
+        </configuration>
+      </plugin>
+
     </plugins>
   </build>
 

sdk/core/azure-core/src/main/java/com/azure/core/util/logging/ClientLogger.java

@@ -12,6 +12,7 @@
 
 import java.util.Arrays;
 import java.util.Objects;
+import java.util.regex.Pattern;
 
 /**
  * This is a fluent logger helper class that wraps a pluggable {@link Logger}.
@@ -35,6 +36,7 @@
  * @see Configuration
  */
 public class ClientLogger {
+    private static final Pattern CRLF_PATTERN = Pattern.compile("[\r\n]");
     private final Logger logger;
 
     /**
@@ -70,7 +72,7 @@ public ClientLogger(String className) {
      */
     public void verbose(String message) {
         if (logger.isDebugEnabled()) {
-            logger.debug(message);
+            logger.debug(sanitizeLogMessageInput(message));
         }
     }
 
@@ -106,7 +108,7 @@ public void verbose(String format, Object... args) {
      */
     public void info(String message) {
         if (logger.isInfoEnabled()) {
-            logger.info(message);
+            logger.info(sanitizeLogMessageInput(message));
         }
     }
 
@@ -142,7 +144,7 @@ public void info(String format, Object... args) {
      */
     public void warning(String message) {
         if (logger.isWarnEnabled()) {
-            logger.warn(message);
+            logger.warn(sanitizeLogMessageInput(message));
         }
     }
 
@@ -178,7 +180,7 @@ public void warning(String format, Object... args) {
      */
     public void error(String message) {
         if (logger.isErrorEnabled()) {
-            logger.error(message);
+            logger.error(sanitizeLogMessageInput(message));
         }
     }
 
@@ -327,6 +329,7 @@ private void performLogging(LogLevel logLevel, boolean isExceptionLogging, Strin
             }
         }
 
+        sanitizeLogMessageInput(format);
         switch (logLevel) {
             case VERBOSE:
                 logger.debug(format, args);
@@ -401,4 +404,14 @@ private boolean doesArgsHaveThrowable(Object... args) {
     private Object[] removeThrowable(Object... args) {
         return Arrays.copyOf(args, args.length - 1);
     }
+
+    /**
+     * Removes CRLF pattern in the {@code logMessage}.
+     *
+     * @param logMessage The log message to sanitize.
+     * @return The updated logMessage.
+     */
+    private static String sanitizeLogMessageInput(String logMessage) {
+        return CRLF_PATTERN.matcher(logMessage).replaceAll("");
+    }
 }