From cc34e97de4d2d8a5509eec5e4f9ffcb7338ed54a Mon Sep 17 00:00:00 2001 From: Faisal Kanout Date: Tue, 17 Dec 2024 17:45:16 +0100 Subject: [PATCH] Fix code scanning alert no. 494: Incomplete string escaping or encoding (#204528) Fixes [https://github.com/elastic/kibana/security/code-scanning/494](https://github.com/elastic/kibana/security/code-scanning/494) Fixes #1311 Escape first backslash occurrences and all single quotes in the `filter` string. --- .../public/components/rule_condition_chart/helpers.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/solutions/observability/plugins/observability/public/components/rule_condition_chart/helpers.ts b/x-pack/solutions/observability/plugins/observability/public/components/rule_condition_chart/helpers.ts index 30663d02cda72..775da2fc1c805 100644 --- a/x-pack/solutions/observability/plugins/observability/public/components/rule_condition_chart/helpers.ts +++ b/x-pack/solutions/observability/plugins/observability/public/components/rule_condition_chart/helpers.ts @@ -18,7 +18,7 @@ export const getLensOperationFromRuleMetric = (metric: GenericMetric): LensOpera const { aggType, field, filter = '' } = metric; let operation: string = aggType; const operationArgs: string[] = []; - const escapedFilter = filter.replace(/'/g, "\\'"); + const escapedFilter = filter.replace(/\\/g, '\\\\').replace(/'/g, "\\'"); if (aggType === Aggregators.RATE) { return {