Skip to content

Commit

Permalink
Fix code scanning alert no. 456: Incomplete string escaping or encodi…
Browse files Browse the repository at this point in the history
…ng (#193909)

Fixes
[https://github.com/elastic/kibana/security/code-scanning/456](https://github.com/elastic/kibana/security/code-scanning/456)

To fix the problem, we need to ensure that backslashes are also escaped
in the `value` string. This can be done by first replacing backslashes
with double backslashes and then replacing double quotes with escaped
double quotes. This ensures that all occurrences of backslashes and
double quotes are properly escaped.

- Modify the `value.replace` call to first escape backslashes and then
escape double quotes.
- The changes will be made in the `createFilterFromOptions` function,
specifically on line 128.

_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 7458ff1)

# Conflicts:
#	x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts
  • Loading branch information
smith committed Oct 30, 2024
1 parent 36ec5f3 commit de435f1
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ export const createFilterFromOptions = (
if (!value) {
return null;
}
return `${field}: "${value.replace('"', '\\"')}"`;
return `${field}: "${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
})
.join(' and ')
: `${options.groupBy} : "${id}"`;
Expand Down

0 comments on commit de435f1

Please sign in to comment.