Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Security Solution] Fix code scanning alert (#198142) #198367

Merged
merged 1 commit into from
Oct 30, 2024
Merged

[8.x] [Security Solution] Fix code scanning alert (#198142) #198367

merged 1 commit into from
Oct 30, 2024

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@agusruidiazgd
[Security Solution] Fix code scanning alert (elastic#198142)
4173dff 
Fixes
[https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365)

## Summary

To fix the problem, we need to ensure that both double quotes and
backslashes are properly escaped in the `escapeValue` function. This can
be achieved by using a regular expression that replaces both characters
globally. Specifically, we should replace backslashes with double
backslashes (`\\`) and double quotes with escaped double quotes (`\"`).

- Update the `escapeValue` function to use a regular expression that
handles both double quotes and backslashes.
- Ensure that the regular expression has the global flag (`g`) to
replace all occurrences of the characters.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit b9a5d6a)
@kibanamachine kibanamachine requested a review from a team as a code owner October 30, 2024 14:44
@kibanamachine kibanamachine enabled auto-merge (squash) October 30, 2024 14:44
@kibanamachine kibanamachine mentioned this pull request Oct 30, 2024
Merged
@kibanamachine kibanamachine merged commit b5edaf6 into elastic:8.x Oct 30, 2024
24 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
discover 828.7KB 828.7KB +22.0B
securitySolution 21.0MB 21.0MB +22.0B
total +44.0B

cc @agusruidiazgd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@agusruidiazgd agusruidiazgd

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @elasticmachine @agusruidiazgd