Fix overly permissive regular expression range (#150058)

Without escaping `-`, it's treated as a range instead of the literal character - i.e. it matches everything between `+` and `=` in the ASCII table which for instance include all numbers.
2025-04-23 09:19:04 -04:00 · 2023-02-06 14:05:08 +01:00 · 2023-02-06 14:05:08 +01:00 · af3ae7b555
commit af3ae7b555
parent 1ba94ec11c
2 changed files with 2 additions and 2 deletions
--- a/packages/kbn-es-query/src/kuery/node_types/wildcard.ts
+++ b/packages/kbn-es-query/src/kuery/node_types/wildcard.ts
@ -23,7 +23,7 @@ function escapeRegExp(str: string) {

 // See https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters
 function escapeQueryString(str: string) {
-  return str.replace(/[+-=&|><!(){}[\]^"~*?:\\/]/g, '\\$&'); // $& means the whole matched string
+  return str.replace(/[+\-=&|><!(){}[\]^"~*?:\\/]/g, '\\$&'); // $& means the whole matched string
 }

 export function isNode(node: KueryNode): node is KqlWildcardNode {
--- a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/parse_search_string.ts
+++ b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/parse_search_string.ts
@ -36,4 +36,4 @@ export const parseSearchString = (query: string) => {
 };

 const escapeReservedCharacters = (clause: string) =>
-  clause.replace(/([+-=!\(\)\{\}\[\]^"~*?:\\/!]|&&|\|\|)/g, '\\$1');
+  clause.replace(/([+\-=!\(\)\{\}\[\]^"~*?:\\/!]|&&|\|\|)/g, '\\$1');