I have been facing issues to fix the below line of code and across our application there are similar code all of them errored out as part of Forging. Fortify is giving me the suggestion – Prevent log forging attacks with indirection: create a set of legitimate log entries that correspond to different events that must be logged and only log entries from this set. To capture dynamic content, such as users logging out of the system, always use server-controlled values rather than user-supplied data. This ensures that the input provided by the user is never used directly in a log entry I am not sure how to apply it to below code.
log.error("Error loading information for csutomer: " + ESAPI.encoder().canonicalize(customerNumber) + ", " + ESAPI.encoder().canonicalize(e.toString()));