mcp-wordpress 2.4.2 → 2.5.0

package/src/security/AISecurityScanner.ts

@@ -5,8 +5,9 @@
 
 import * as fs from "fs/promises";
 import * as path from "path";
-import { SecurityUtils } from "./SecurityConfig";
-import { SecurityValidationError } from "./InputValidator";
+import { SecurityUtils } from "./SecurityConfig.js";
+import { SecurityValidationError } from "./InputValidator.js";
+import { LoggerFactory } from "../utils/logger.js";
 
 export interface SecurityVulnerability {
   id: string;
@@ -66,7 +67,7 @@ export interface RemediationResult {
 const SECURITY_PATTERNS = {
   // SQL Injection patterns
   sqlInjection: [
-    /['"\-\-;]|\/\*|\*\//g,
+    /['"\-\-;]|\/\*|\*\//g, // Match quotes, double hyphens, semicolons, and SQL comments
     /(union|select|insert|update|delete|drop|create|alter)\s+/gi,
     /\b(or|and)\s+['"]?\d+['"]?\s*=\s*['"]?\d+['"]?/gi,
     /\b(char|ascii|substring|length|concat)\s*\(/gi,
@@ -74,7 +75,7 @@ const SECURITY_PATTERNS = {
 
   // XSS patterns
   xss: [
-    /<script[^>]*>.*?<\/script>/gis,
+    /<script[^>]*>.*?<\/script>/gis, // Match script tags with any attributes
     /javascript\s*:/gi,
     /on\w+\s*=\s*['"][^'"]*['"]?/gi,
     /eval\s*\(/gi,
@@ -114,6 +115,7 @@ const SECURITY_PATTERNS = {
  * AI Security Scanner with machine learning capabilities
  */
 export class AISecurityScanner {
+  private readonly logger = LoggerFactory.security();
   private vulnerabilities: SecurityVulnerability[] = [];
   private scanHistory: SecurityScanResult[] = [];
   private remediationHistory: RemediationResult[] = [];
@@ -132,7 +134,7 @@ export class AISecurityScanner {
     const scanId = SecurityUtils.generateSecureToken(16);
     const startTime = Date.now();
 
-    console.log(`[Security Scanner] Starting AI-powered security scan ${scanId}`);
+    this.logger.info("Starting AI-powered security scan", { scanId });
 
     try {
       this.vulnerabilities = [];
@@ -157,11 +159,19 @@ export class AISecurityScanner {
 
       this.scanHistory.push(result);
 
-      console.log(`[Security Scanner] Scan completed: ${result.summary.total} vulnerabilities found`);
+      this.logger.info("Security scan completed", {
+        scanId,
+        vulnerabilities: result.summary.total,
+        duration,
+        critical: result.summary.critical,
+        high: result.summary.high,
+        medium: result.summary.medium,
+        low: result.summary.low,
+      });
 
       return result;
     } catch (error) {
-      console.error("[Security Scanner] Scan failed:", error);
+      this.logger.error("Security scan failed", { scanId, error: String(error) });
       throw new SecurityValidationError("Security scan failed", [{ message: String(error) }]);
     }
   }
@@ -196,7 +206,7 @@ export class AISecurityScanner {
       }
     } catch (error) {
       // Directory might not exist or be accessible
-      console.warn(`[Security Scanner] Cannot scan directory ${dirPath}:`, error);
+      this.logger.warn("Cannot scan directory", { dirPath, error: String(error) });
     }
   }
 
@@ -229,7 +239,7 @@ export class AISecurityScanner {
       this.scanForInfoDisclosure(filePath, content, lines);
       this.scanForInsecureConfiguration(filePath, content, lines);
     } catch (error) {
-      console.warn(`[Security Scanner] Cannot scan file ${filePath}:`, error);
+      this.logger.warn("Cannot scan file", { filePath, error: String(error) });
     }
   }
 
@@ -679,7 +689,7 @@ export class AISecurityScanner {
    */
   private async scanConfigurations(): Promise<void> {
     // This would scan various config files for insecure settings
-    console.log("[Security Scanner] Scanning configurations...");
+    this.logger.debug("Scanning configurations for security issues");
   }
 
   /**
@@ -687,7 +697,7 @@ export class AISecurityScanner {
    */
   private async scanDependencies(): Promise<void> {
     // This would integrate with npm audit or similar tools
-    console.log("[Security Scanner] Scanning dependencies...");
+    this.logger.debug("Scanning dependencies for vulnerabilities");
   }
 
   /**
@@ -695,7 +705,7 @@ export class AISecurityScanner {
    */
   private async performAIAnalysis(): Promise<void> {
     // Advanced AI analysis would go here
-    console.log("[Security Scanner] Performing AI analysis...");
+    this.logger.debug("Performing AI-powered security analysis");
   }
 
   /**

package/src/security/AutomatedRemediation.ts

@@ -5,9 +5,10 @@
 
 import * as fs from "fs/promises";
 import * as path from "path";
-import { SecurityVulnerability, SecurityScanResult } from "./AISecurityScanner";
-import { SecurityUtils } from "./SecurityConfig";
-import { SecurityValidationError } from "./InputValidator";
+import { SecurityVulnerability, SecurityScanResult } from "./AISecurityScanner.js";
+import { SecurityUtils } from "./SecurityConfig.js";
+import { SecurityValidationError } from "./InputValidator.js";
+import { LoggerFactory } from "../utils/logger.js";
 
 interface RemediationAction {
   id: string;
@@ -20,7 +21,7 @@ interface RemediationAction {
   };
   replacement: {
     content?: string;
-    config?: Record<string, any>;
+    config?: Record<string, unknown>;
     action?: string;
   };
   backup: {
@@ -29,7 +30,7 @@ interface RemediationAction {
   };
   validation: {
     test?: string;
-    expected?: any;
+    expected?: unknown;
   };
 }
 
@@ -97,6 +98,7 @@ const REMEDIATION_PATTERNS = {
  * Automated Security Remediation Engine
  */
 export class AutomatedRemediation {
+  private readonly logger = LoggerFactory.security();
   private remediationHistory: RemediationResult[] = [];
   private backupDirectory = "security-backups";
 
@@ -107,7 +109,11 @@ export class AutomatedRemediation {
     const planId = SecurityUtils.generateSecureToken(16);
     const remediableVulns = scanResult.vulnerabilities.filter((v) => v.remediation.automated);
 
-    console.log(`[Remediation] Creating plan for ${remediableVulns.length} remediable vulnerabilities`);
+    this.logger.info("Creating remediation plan", {
+      planId,
+      remediableVulnerabilities: remediableVulns.length,
+      totalVulnerabilities: scanResult.vulnerabilities.length,
+    });
 
     const actions: RemediationAction[] = [];
     let estimatedDuration = 0;
@@ -338,10 +344,14 @@ export class AutomatedRemediation {
       requireConfirmation?: boolean;
     } = {},
   ): Promise<RemediationResult[]> {
-    console.log(`[Remediation] Executing plan ${plan.planId} with ${plan.actions.length} actions`);
+    this.logger.info("Executing remediation plan", {
+      planId: plan.planId,
+      actionCount: plan.actions.length,
+      dryRun: options.dryRun,
+    });
 
     if (options.dryRun) {
-      console.log("[Remediation] DRY RUN MODE - No changes will be made");
+      this.logger.info("Running in dry-run mode - no changes will be made");
       return this.simulateRemediationActions(plan.actions);
     }
 
@@ -352,16 +362,26 @@ export class AutomatedRemediation {
 
     for (const action of plan.actions) {
       try {
-        console.log(`[Remediation] Executing action ${action.id} of type ${action.type}`);
+        this.logger.debug("Executing remediation action", {
+          actionId: action.id,
+          actionType: action.type,
+          targetFile: action.target.file,
+        });
 
         const result = await this.executeRemediationAction(action);
         results.push(result);
 
         if (!result.success) {
-          console.error(`[Remediation] Action ${action.id} failed: ${result.details}`);
+          this.logger.error("Remediation action failed", {
+            actionId: action.id,
+            details: result.details,
+          });
         }
       } catch (error) {
-        console.error(`[Remediation] Action ${action.id} threw error:`, error);
+        this.logger.error("Remediation action threw error", {
+          actionId: action.id,
+          error: String(error),
+        });
         results.push({
           vulnerabilityId: action.id,
           success: false,
@@ -375,7 +395,12 @@ export class AutomatedRemediation {
     this.remediationHistory.push(...results);
 
     const successCount = results.filter((r) => r.success).length;
-    console.log(`[Remediation] Plan completed: ${successCount}/${results.length} actions successful`);
+    this.logger.info("Remediation plan completed", {
+      planId: plan.planId,
+      successCount,
+      totalActions: results.length,
+      successRate: `${Math.round((successCount / results.length) * 100)}%`,
+    });
 
     return results;
   }
@@ -561,7 +586,7 @@ export class AutomatedRemediation {
     const content = await fs.readFile(filePath, "utf-8");
     await fs.writeFile(backupPath, content, "utf-8");
 
-    console.log(`[Remediation] Created backup: ${backupPath}`);
+    this.logger.debug("Created backup file", { backupPath });
     return backupPath;
   }
 
@@ -573,7 +598,7 @@ export class AutomatedRemediation {
       await fs.access(this.backupDirectory);
     } catch {
       await fs.mkdir(this.backupDirectory, { recursive: true });
-      console.log(`[Remediation] Created backup directory: ${this.backupDirectory}`);
+      this.logger.info("Created backup directory", { directory: this.backupDirectory });
     }
   }
 
@@ -597,7 +622,10 @@ export class AutomatedRemediation {
 
       return true;
     } catch (error) {
-      console.warn(`[Remediation] Validation failed for action ${action.id}:`, error);
+      this.logger.warn("Validation failed for action", {
+        actionId: action.id,
+        error: String(error),
+      });
       return false;
     }
   }
@@ -635,7 +663,10 @@ export class AutomatedRemediation {
     try {
       const backupContent = await fs.readFile(backupPath, "utf-8");
       await fs.writeFile(targetFile, backupContent, "utf-8");
-      console.log(`[Remediation] Rolled back ${targetFile} from ${backupPath}`);
+      this.logger.info("Rolled back file from backup", {
+        targetFile,
+        backupPath,
+      });
     } catch (error) {
       throw new SecurityValidationError(`Rollback failed: ${error instanceof Error ? error.message : String(error)}`);
     }
@@ -655,11 +686,11 @@ export class AutomatedRemediation {
 
         if (now - stats.mtime.getTime() > maxAge) {
           await fs.unlink(filePath);
-          console.log(`[Remediation] Cleaned up old backup: ${file}`);
+          this.logger.debug("Cleaned up old backup", { file });
         }
       }
     } catch (error) {
-      console.warn("[Remediation] Backup cleanup failed:", error);
+      this.logger.warn("Backup cleanup failed", { error: String(error) });
     }
   }
 }

package/src/security/InputValidator.ts

@@ -4,6 +4,9 @@
  */
 
 import { z } from "zod";
+import { LoggerFactory } from "../utils/logger.js";
+
+const logger = LoggerFactory.security();
 
 // Common validation patterns
 const URL_PATTERN = /^https?:\/\/[^\s<>'"{}|\\^`\[\]]+$/;
@@ -159,17 +162,17 @@ export class InputSanitizer {
  * Security validation decorator for tool methods
  */
 export function validateSecurity(schema: z.ZodSchema) {
-  return function (target: any, propertyName: string, descriptor: PropertyDescriptor) {
+  return function (target: unknown, propertyName: string, descriptor: PropertyDescriptor) {
     const method = descriptor.value;
 
-    descriptor.value = async function (...args: any[]) {
+    descriptor.value = async function (...args: unknown[]) {
       try {
         // Validate input parameters
         const params = args[0] || {};
         const validatedParams = schema.parse(params);
 
         // Log security validation (without sensitive data)
-        console.error(`Security validation passed for ${propertyName}`, {
+        logger.info(`Security validation passed for ${propertyName}`, {
           timestamp: new Date().toISOString(),
           method: propertyName,
           paramCount: Object.keys(validatedParams).length,
@@ -179,7 +182,7 @@ export function validateSecurity(schema: z.ZodSchema) {
         return await method.call(this, validatedParams, ...args.slice(1));
       } catch (error) {
         // Log security validation failure
-        console.error(`Security validation failed for ${propertyName}`, {
+        logger.error(`Security validation failed for ${propertyName}`, {
           timestamp: new Date().toISOString(),
           method: propertyName,
           error: error instanceof z.ZodError ? error.errors : error instanceof Error ? error.message : String(error),
@@ -206,9 +209,9 @@ export function validateSecurity(schema: z.ZodSchema) {
  * Custom security validation error
  */
 export class SecurityValidationError extends Error {
-  public readonly errors: any[];
+  public readonly errors: Array<z.ZodIssue | { message: string }>;
 
-  constructor(message: string, errors: any[] = []) {
+  constructor(message: string, errors: Array<z.ZodIssue | { message: string }> = []) {
     super(message);
     this.name = "SecurityValidationError";
     this.errors = errors;

package/src/security/SecurityCIPipeline.ts

@@ -3,12 +3,15 @@
  * Provides security checks and gates for continuous integration and deployment
  */
 
-import { AISecurityScanner } from "./AISecurityScanner";
-import { AutomatedRemediation } from "./AutomatedRemediation";
-import { SecurityReviewer } from "./SecurityReviewer";
-import { SecurityConfigManager } from "./SecurityConfigManager";
-import { SecurityUtils } from "./SecurityConfig";
-import { SecurityValidationError } from "./InputValidator";
+import { AISecurityScanner } from "./AISecurityScanner.js";
+import { AutomatedRemediation } from "./AutomatedRemediation.js";
+import { SecurityReviewer } from "./SecurityReviewer.js";
+import { SecurityConfigManager } from "./SecurityConfigManager.js";
+import { SecurityUtils } from "./SecurityConfig.js";
+import { SecurityValidationError } from "./InputValidator.js";
+import { LoggerFactory } from "../utils/logger.js";
+
+const logger = LoggerFactory.security();
 
 interface SecurityGate {
   id: string;
@@ -33,7 +36,7 @@ interface SecurityCheck {
   enabled: boolean;
   timeout: number;
   retries: number;
-  parameters: Record<string, any>;
+  parameters: Record<string, unknown>;
 }
 
 export interface PipelineSecurityReport {
@@ -126,9 +129,9 @@ export class SecurityCIPipeline {
    * Initialize the security pipeline
    */
   async initialize(): Promise<void> {
-    console.log("[Security Pipeline] Initializing security CI/CD pipeline");
+    logger.info("Initializing security CI/CD pipeline");
     await this.configManager.initialize();
-    console.log("[Security Pipeline] Security pipeline ready");
+    logger.info("Security pipeline ready");
   }
 
   /**
@@ -146,12 +149,16 @@ export class SecurityCIPipeline {
     const reportId = SecurityUtils.generateSecureToken(16);
     const startTime = Date.now();
 
-    console.log(`[Security Pipeline] Executing ${stage} security gates for ${context.branch}@${context.commit}`);
+    logger.info(`Executing ${stage} security gates`, {
+      stage,
+      branch: context.branch,
+      commit: context.commit
+    });
 
     const applicableGates = Array.from(this.gates.values()).filter((gate) => gate.stage === stage && gate.enabled);
 
     if (applicableGates.length === 0) {
-      console.log(`[Security Pipeline] No security gates configured for stage: ${stage}`);
+      logger.warn(`No security gates configured for stage: ${stage}`, { stage });
       return this.createEmptyReport(reportId, stage, startTime);
     }
 
@@ -159,7 +166,7 @@ export class SecurityCIPipeline {
     let overallStatus: "passed" | "failed" | "warning" = "passed";
 
     for (const gate of applicableGates) {
-      console.log(`[Security Pipeline] Executing gate: ${gate.name}`);
+      logger.info(`Executing gate: ${gate.name}`, { gateName: gate.name });
 
       try {
         const gateResult = await this.executeSecurityGate(gate, context, options);
@@ -174,11 +181,11 @@ export class SecurityCIPipeline {
 
         // Stop on blocking failure unless continuing on failure
         if (gateResult.status === "failed" && gate.blocking && !options.continueOnFailure) {
-          console.log(`[Security Pipeline] Stopping pipeline due to blocking gate failure: ${gate.name}`);
+          logger.error(`Stopping pipeline due to blocking gate failure: ${gate.name}`, { gateName: gate.name });
           break;
         }
       } catch (error) {
-        console.error(`[Security Pipeline] Gate execution error: ${gate.name}`, error);
+        logger.error(`Gate execution error: ${gate.name}`, { gateName: gate.name, error });
 
         const errorResult: GateResult = {
           gateId: gate.id,
@@ -203,7 +210,7 @@ export class SecurityCIPipeline {
 
     this.reports.push(report);
 
-    console.log(`[Security Pipeline] ${stage} gates completed with status: ${overallStatus}`);
+    logger.info(`${stage} gates completed`, { stage, status: overallStatus });
 
     return report;
   }
@@ -224,13 +231,13 @@ export class SecurityCIPipeline {
         continue;
       }
 
-      console.log(`[Security Pipeline] Running check: ${check.name}`);
+      logger.info(`Running check: ${check.name}`, { checkName: check.name });
 
       try {
         const checkResult = await this.executeSecurityCheck(check, context, options);
         checkResults.push(checkResult);
       } catch (error) {
-        console.error(`[Security Pipeline] Check execution error: ${check.name}`, error);
+        logger.error(`Check execution error: ${check.name}`, { checkName: check.name, error });
 
         checkResults.push({
           checkId: check.id,
@@ -268,7 +275,7 @@ export class SecurityCIPipeline {
   ): Promise<CheckResult> {
     const startTime = Date.now();
     const findings: SecurityFinding[] = [];
-    let score = 100;
+    let score: number = 100; // Initialize with safe default
     let details = "";
 
     if (options.dryRun) {
@@ -369,11 +376,17 @@ export class SecurityCIPipeline {
     score: number;
     details: string;
   }> {
+    const scanParams = check.parameters as {
+      targets?: string[];
+      depth?: "shallow" | "deep" | "comprehensive";
+      includeRuntime?: boolean;
+      includeFileSystem?: boolean;
+    };
     const scanResult = await this.scanner.performScan({
-      targets: check.parameters.targets || ["src/"],
-      depth: check.parameters.depth || "deep",
-      includeRuntime: check.parameters.includeRuntime || false,
-      includeFileSystem: check.parameters.includeFileSystem || true,
+      targets: scanParams.targets ?? ["src/"],
+      depth: scanParams.depth ?? "deep",
+      includeRuntime: scanParams.includeRuntime ?? false,
+      includeFileSystem: scanParams.includeFileSystem ?? true,
     });
 
     const findings: SecurityFinding[] = scanResult.vulnerabilities.map((vuln) => ({
@@ -409,11 +422,12 @@ export class SecurityCIPipeline {
     score: number;
     details: string;
   }> {
+    const reviewParams = check.parameters as { rules?: string[]; excludeRules?: string[]; aiAnalysis?: boolean };
     const reviewResults = await this.reviewer.reviewDirectory("src/", {
       recursive: true,
-      rules: check.parameters.rules,
-      excludeRules: check.parameters.excludeRules,
-      aiAnalysis: check.parameters.aiAnalysis || false,
+      rules: reviewParams.rules ?? [],
+      excludeRules: reviewParams.excludeRules ?? [],
+      aiAnalysis: reviewParams.aiAnalysis ?? false,
     });
 
     const allFindings: SecurityFinding[] = [];
@@ -455,7 +469,7 @@ export class SecurityCIPipeline {
     details: string;
   }> {
     // This would integrate with npm audit, Snyk, or similar tools
-    console.log("[Security Pipeline] Dependency check - integration with external tools required");
+    logger.info("Dependency check - integration with external tools required");
 
     return {
       findings: [],
@@ -506,7 +520,7 @@ export class SecurityCIPipeline {
     details: string;
   }> {
     // This would integrate with tools like TruffleHog, GitLeaks, etc.
-    console.log("[Security Pipeline] Secrets check - integration with secret scanning tools required");
+    logger.info("Secrets check - integration with secret scanning tools required");
 
     return {
       findings: [],
@@ -526,13 +540,14 @@ export class SecurityCIPipeline {
     score: number;
     details: string;
   }> {
-    const frameworks = check.parameters.frameworks || ["OWASP", "CWE"];
+  const complianceParams = check.parameters as { frameworks?: string[] };
+  const frameworks: string[] = complianceParams.frameworks ?? ["OWASP", "CWE"];
     const findings: SecurityFinding[] = [];
 
     // Check for compliance with security frameworks
     for (const framework of frameworks) {
       // This would integrate with compliance checking tools
-      console.log(`[Security Pipeline] Checking ${framework} compliance`);
+      logger.info(`Checking ${framework} compliance`, { framework });
     }
 
     return {
@@ -545,13 +560,11 @@ export class SecurityCIPipeline {
   /**
    * Calculate security score for file findings
    */
-  private calculateFileScore(findings: any[]): number {
-    const severityWeights = { critical: 20, high: 10, medium: 5, low: 2, info: 1 };
-
-    const penalty = findings.reduce((sum, finding) => {
-      return sum + (severityWeights[finding.severity as keyof typeof severityWeights] || 0);
+  private calculateFileScore(findings: Array<{ severity: string }>): number {
+    const severityWeights: Record<string, number> = { critical: 20, high: 10, medium: 5, low: 2, info: 1 };
+    const penalty = findings.reduce((sum: number, finding) => {
+      return sum + (severityWeights[finding.severity] || 0);
     }, 0);
-
     return Math.max(0, 100 - penalty);
   }
 
@@ -664,7 +677,10 @@ export class SecurityCIPipeline {
   /**
    * Generate recommendations based on results
    */
-  private generateRecommendations(gateResults: GateResult[], summary: any): string[] {
+  private generateRecommendations(
+    gateResults: GateResult[],
+    summary: { criticalIssues: number; highIssues: number; securityScore: number; [key: string]: unknown },
+  ): string[] {
     const recommendations: string[] = [];
 
     if (summary.criticalIssues > 0) {
@@ -861,7 +877,7 @@ export class SecurityCIPipeline {
     const updatedGate = { ...gate, ...updates, id: gateId };
     this.gates.set(gateId, updatedGate);
 
-    console.log(`[Security Pipeline] Updated security gate: ${updatedGate.name}`);
+    logger.info(`Updated security gate: ${updatedGate.name}`, { gateName: updatedGate.name });
     return true;
   }
 

package/src/security/SecurityConfig.ts

@@ -3,6 +3,10 @@
  */
 
 import { randomBytes } from "crypto";
+import * as path from "path";
+import { LoggerFactory } from "../utils/logger.js";
+
+const logger = LoggerFactory.security();
 
 export const SecurityConfig = {
   // Rate limiting
@@ -181,26 +185,26 @@ export class SecurityUtils {
   /**
    * Redact sensitive information from objects
    */
-  static redactSensitiveData(obj: any): any {
+  static redactSensitiveData(obj: unknown): unknown {
     if (typeof obj !== "object" || obj === null) {
       return obj;
     }
 
-    const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
+    const working: Record<string, unknown> | unknown[] = Array.isArray(obj) ? [...obj] : { ...(obj as Record<string, unknown>) };
+
+    if (Array.isArray(working)) {
+      return working.map((val) => (typeof val === "object" ? SecurityUtils.redactSensitiveData(val) : val));
+    }
 
-    for (const key in redacted) {
-      if (
-        SecurityConfig.logging.excludeFields.some((field) =>
-          key.toLowerCase().includes(field.toLowerCase()),
-        )
-      ) {
-        redacted[key] = "[REDACTED]";
-      } else if (typeof redacted[key] === "object") {
-        redacted[key] = SecurityUtils.redactSensitiveData(redacted[key]);
+    for (const key in working) {
+      if (SecurityConfig.logging.excludeFields.some((field) => key.toLowerCase().includes(field.toLowerCase()))) {
+        working[key] = "[REDACTED]";
+      } else if (typeof working[key] === "object" && working[key] !== null) {
+        working[key] = SecurityUtils.redactSensitiveData(working[key]);
       }
     }
 
-    return redacted;
+    return working;
   }
 
   /**
@@ -220,8 +224,7 @@ export class SecurityUtils {
    * Generate secure random strings
    */
   static generateSecureToken(length: number = 32): string {
-    const chars =
-      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
     const array = new Uint8Array(length);
 
     if (typeof crypto !== "undefined" && crypto.getRandomValues) {
@@ -246,7 +249,7 @@ export class SecurityUtils {
   /**
    * Sanitize log output
    */
-  static sanitizeForLog(data: any): any {
+  static sanitizeForLog(data: unknown): unknown {
     if (typeof data === "string") {
       return SecurityUtils.redactString(data);
     }
@@ -261,28 +264,25 @@ export class SecurityUtils {
  * Secure error handler that prevents information disclosure
  */
 export function createSecureError(
-  error: any,
+  error: unknown,
   fallbackMessage: string = SecurityConfig.errorMessages.serverError,
 ): Error {
   // Log the actual error for debugging (with sanitization)
   if (process.env.NODE_ENV !== "production") {
-    console.error("Secure Error:", SecurityUtils.sanitizeForLog(error));
+    logger.error("Secure Error", { error: SecurityUtils.sanitizeForLog(error) });
   }
 
   // Return generic error to prevent information disclosure
   const secureError = new Error(fallbackMessage);
 
   // Preserve error code if it's safe
-  if (error && typeof error.code === "string" && !error.code.includes("_")) {
-    (secureError as any).code = error.code;
+  if (error && typeof (error as { code?: unknown }).code === "string" && !(error as { code: string }).code.includes("_")) {
+  (secureError as unknown as Record<string, unknown>).code = (error as { code: string }).code;
   }
 
   return secureError;
 }
 
-// Import path for file extension checking
-import * as path from "path";
-
 /**
  * Environment-specific security settings
  */