Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.16] Fix code scanning alert no. 456: Incomplete string escaping or encoding (#193909) #198242

Merged
merged 2 commits into from
Oct 31, 2024

Conversation

smith
Copy link
Contributor

@smith smith commented Oct 30, 2024

Backport

This will backport the following commits from main to 8.16:

Questions ?

Please refer to the Backport tool documentation

…ng (elastic#193909)

Fixes
[https://github.com/elastic/kibana/security/code-scanning/456](https://github.com/elastic/kibana/security/code-scanning/456)

To fix the problem, we need to ensure that backslashes are also escaped
in the `value` string. This can be done by first replacing backslashes
with double backslashes and then replacing double quotes with escaped
double quotes. This ensures that all occurrences of backslashes and
double quotes are properly escaped.

- Modify the `value.replace` call to first escape backslashes and then
escape double quotes.
- The changes will be made in the `createFilterFromOptions` function,
specifically on line 128.

_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 7458ff1)

# Conflicts:
#	x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts
@smith smith added the backport label Oct 30, 2024
@smith smith enabled auto-merge (squash) October 30, 2024 01:58
@botelastic botelastic bot added the ci:project-deploy-observability Create an Observability project label Oct 30, 2024
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 30, 2024

💚 Build Succeeded

  • Buildkite Build
  • Commit: d1a4d2d
  • Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-198242-d1a4d2db7bed

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
infra 1.7MB 1.7MB +23.0B

History

@smith smith merged commit 189cf8b into elastic:8.16 Oct 31, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport ci:project-deploy-observability Create an Observability project
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants