Skip to content

Commit

Permalink
Fix code scanning alert no. 456: Incomplete string escaping or encodi…
Browse files Browse the repository at this point in the history
…ng (elastic#193909)

Fixes
[https://github.com/elastic/kibana/security/code-scanning/456](https://github.com/elastic/kibana/security/code-scanning/456)

To fix the problem, we need to ensure that backslashes are also escaped
in the `value` string. This can be done by first replacing backslashes
with double backslashes and then replacing double quotes with escaped
double quotes. This ensures that all occurrences of backslashes and
double quotes are properly escaped.

- Modify the `value.replace` call to first escape backslashes and then
escape double quotes.
- The changes will be made in the `createFilterFromOptions` function,
specifically on line 128.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
smith and github-advanced-security[bot] authored Sep 25, 2024
1 parent 8c35839 commit 7458ff1
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ export const createFilterFromOptions = (
if (!value) {
return null;
}
return `${field}: "${value.replace(/"/g, '\\"')}"`;
return `${field}: "${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
})
.join(' and ')
: `${options.groupBy} : "${id}"`;
Expand Down

0 comments on commit 7458ff1

Please sign in to comment.