Skip to content

Commit

Permalink
[8.16] Fix code scanning alert no. 456: Incomplete string escaping or…
Browse files Browse the repository at this point in the history
… encoding (#193909) (#198242)

# Backport

This will backport the following commits from `main` to `8.16`:
- Fix code scanning alert no. 456: Incomplete string escaping or
encoding (#193909) (7458ff1)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Nathan L
Smith","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-25T21:30:52Z","message":"Fix
code scanning alert no. 456: Incomplete string escaping or encoding
(#193909)\n\nFixes\r\n[https://github.com/elastic/kibana/security/code-scanning/456](https://github.com/elastic/kibana/security/code-scanning/456)\r\n\r\nTo
fix the problem, we need to ensure that backslashes are also
escaped\r\nin the `value` string. This can be done by first replacing
backslashes\r\nwith double backslashes and then replacing double quotes
with escaped\r\ndouble quotes. This ensures that all occurrences of
backslashes and\r\ndouble quotes are properly escaped.\r\n\r\n- Modify
the `value.replace` call to first escape backslashes and then\r\nescape
double quotes.\r\n- The changes will be made in the
`createFilterFromOptions` function,\r\nspecifically on line
128.\r\n\r\n\r\n_Suggested fixes powered by Copilot Autofix. Review
carefully before\r\nmerging._\r\n\r\nCo-authored-by: Copilot Autofix
powered by AI
<62310815+github-advanced-security[bot]@users.noreply.github.com>","sha":"7458ff11174fe184afe4ec93c858f89063296abe"},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[]}]
BACKPORT-->
  • Loading branch information
smith authored Oct 31, 2024
1 parent 479f862 commit 189cf8b
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ export const createFilterFromOptions = (
if (!value) {
return null;
}
return `${field}: "${value.replace('"', '\\"')}"`;
return `${field}: "${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
})
.join(' and ')
: `${options.groupBy} : "${id}"`;
Expand Down

0 comments on commit 189cf8b

Please sign in to comment.