From 7458ff11174fe184afe4ec93c858f89063296abe Mon Sep 17 00:00:00 2001 From: Nathan L Smith Date: Wed, 25 Sep 2024 16:30:52 -0500 Subject: [PATCH] Fix code scanning alert no. 456: Incomplete string escaping or encoding (#193909) Fixes [https://github.com/elastic/kibana/security/code-scanning/456](https://github.com/elastic/kibana/security/code-scanning/456) To fix the problem, we need to ensure that backslashes are also escaped in the `value` string. This can be done by first replacing backslashes with double backslashes and then replacing double quotes with escaped double quotes. This ensures that all occurrences of backslashes and double quotes are properly escaped. - Modify the `value.replace` call to first escape backslashes and then escape double quotes. - The changes will be made in the `createFilterFromOptions` function, specifically on line 128. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../metrics_explorer/components/helpers/create_tsvb_link.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts b/x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts index c4ad0cdcf812c..3192ccbf6f980 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/metrics/metrics_explorer/components/helpers/create_tsvb_link.ts @@ -125,7 +125,7 @@ export const createFilterFromOptions = ( if (!value) { return null; } - return `${field}: "${value.replace(/"/g, '\\"')}"`; + return `${field}: "${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`; }) .join(' and ') : `${options.groupBy} : "${id}"`;