github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix Incomplete string escaping or encoding (#212847)

Browse source 
Fix for
[https://github.com/elastic/kibana/security/code-scanning/546](https://github.com/elastic/kibana/security/code-scanning/546)

To fix the problem, we need to ensure that backslashes are also escaped
in the `trim_key` and `trim_value` properties of the `kvInput` object.
This can be done by adding an additional replace call to escape
backslashes before escaping single and double quotes. The best way to
fix this without changing existing functionality is to use a regular
expression with the `g` flag to replace all occurrences of backslashes
with double backslashes.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Bharat Pasupula 2025-03-04 13:05:05 +01:00 committed by GitHub
parent 2473d5951a
commit 8970b99d4f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/platform/plugins/shared/automatic_import/server/util/processors.ts
View file

@ -70,11 +70,11 @@ export function createKVProcessor(kvInput: KVProcessor, state: KVState): ESProce
});
const template = env.getTemplate('kv.yml.njk');
if (kvInput.trim_key) {
kvInput.trim_key = kvInput.trim_key.replace(/['"]/g, '\\$&');
kvInput.trim_key = kvInput.trim_key.replace(/\\/g, '\\\\').replace(/['"]/g, '\\$&');
}
if (kvInput.trim_value) {
kvInput.trim_value = kvInput.trim_value.replace(/['"]/g, '\\$&');
kvInput.trim_value = kvInput.trim_value.replace(/\\/g, '\\\\').replace(/['"]/g, '\\$&');
}
const renderedTemplate = template.render({
kvInput,