Merge pull request #269 from Security-Onion-Solutions/cogburn/query-p…

…arser-fix Query Parser Fix
Security-Onion-Solutions · Aug 1, 2023 · 846f575 · 846f575
2 parents 615e57d + 7a25538
commit 846f575
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/html/js/routes/hunt.js b/html/js/routes/hunt.js
@@ -697,7 +697,7 @@ const huntComponent = {
             break;
           } else if (this.query[i] == "\"" && !escaping) {
             insideQuote = !insideQuote;
-          } else if (this.query[i] == "\\") {
+          } else if (this.query[i] == "\\" && !escaping) {
             escaping = true;
           } else {
             escaping = false;

diff --git a/html/js/routes/hunt.test.js b/html/js/routes/hunt.test.js
@@ -736,6 +736,16 @@ test('obtainQueryDetails_queryGroupedFilterPipe', () => {
   expect(comp.querySortBys).toStrictEqual([]);
 });
 
+test('obtainQueryDetails_trickyEscapeSequence', () => {
+  comp.query = `process.working_directory:"C:\\\\Windows\\\\system32\\\\" | groupby host.name`;
+  comp.obtainQueryDetails();
+  expect(comp.queryName).toBe("Custom");
+  expect(comp.queryFilters).toStrictEqual([`process.working_directory:"C:\\\\Windows\\\\system32\\\\"`]);
+  expect(comp.queryGroupBys).toStrictEqual([["host.name"]]);
+  expect(comp.queryGroupByOptions).toStrictEqual([[]]);
+  expect(comp.querySortBys).toStrictEqual([]);
+});
+
 test('query string filterToggles', () => {
   comp.$route = { path: "hunt", query: { socExcludeToggle: false } };
   comp.filterToggles = [{