github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.x] [Security Solution] Fix code scanning alert (#198142) (#198367)

Browse source 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Fix code scanning alert
(#198142)](https://github.com/elastic/kibana/pull/198142)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Agustina Nahir
Ruidiaz","email":"61565784+agusruidiazgd@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-30T14:38:54Z","message":"[Security
Solution] Fix code scanning alert
(#198142)\n\nFixes\r\n[https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365)\r\n\r\n##
Summary\r\n\r\nTo fix the problem, we need to ensure that both double
quotes and\r\nbackslashes are properly escaped in the `escapeValue`
function. This can\r\nbe achieved by using a regular expression that
replaces both characters\r\nglobally. Specifically, we should replace
backslashes with double\r\nbackslashes (`\\\\`) and double quotes with
escaped double quotes (`\\\"`).\r\n\r\n- Update the `escapeValue`
function to use a regular expression that\r\nhandles both double quotes
and backslashes.\r\n- Ensure that the regular expression has the global
flag (`g`) to\r\nreplace all occurrences of the
characters.\r\n\r\nCo-authored-by: Copilot Autofix powered by AI
<62310815+github-advanced-security[bot]@users.noreply.github.com>","sha":"b9a5d6a46d4224b70ec1709d4fa97cd1c6295408","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","release_note:skip","v9.0.0","Team:Threat
Hunting:Explore","backport:prev-minor","ci:cloud-deploy"],"title":"[Security
Solution] Fix code scanning
alert","number":198142,"url":"https://github.com/elastic/kibana/pull/198142","mergeCommit":{"message":"[Security
Solution] Fix code scanning alert
(#198142)\n\nFixes\r\n[https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365)\r\n\r\n##
Summary\r\n\r\nTo fix the problem, we need to ensure that both double
quotes and\r\nbackslashes are properly escaped in the `escapeValue`
function. This can\r\nbe achieved by using a regular expression that
replaces both characters\r\nglobally. Specifically, we should replace
backslashes with double\r\nbackslashes (`\\\\`) and double quotes with
escaped double quotes (`\\\"`).\r\n\r\n- Update the `escapeValue`
function to use a regular expression that\r\nhandles both double quotes
and backslashes.\r\n- Ensure that the regular expression has the global
flag (`g`) to\r\nreplace all occurrences of the
characters.\r\n\r\nCo-authored-by: Copilot Autofix powered by AI
<62310815+github-advanced-security[bot]@users.noreply.github.com>","sha":"b9a5d6a46d4224b70ec1709d4fa97cd1c6295408"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198142","number":198142,"mergeCommit":{"message":"[Security
Solution] Fix code scanning alert
(#198142)\n\nFixes\r\n[https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365)\r\n\r\n##
Summary\r\n\r\nTo fix the problem, we need to ensure that both double
quotes and\r\nbackslashes are properly escaped in the `escapeValue`
function. This can\r\nbe achieved by using a regular expression that
replaces both characters\r\nglobally. Specifically, we should replace
backslashes with double\r\nbackslashes (`\\\\`) and double quotes with
escaped double quotes (`\\\"`).\r\n\r\n- Update the `escapeValue`
function to use a regular expression that\r\nhandles both double quotes
and backslashes.\r\n- Ensure that the regular expression has the global
flag (`g`) to\r\nreplace all occurrences of the
characters.\r\n\r\nCo-authored-by: Copilot Autofix powered by AI
<62310815+github-advanced-security[bot]@users.noreply.github.com>","sha":"b9a5d6a46d4224b70ec1709d4fa97cd1c6295408"}}]}]
BACKPORT-->

Co-authored-by: Agustina Nahir Ruidiaz <61565784+agusruidiazgd@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2024-10-31 03:20:49 +11:00 committed by GitHub
parent 744c5f7e8b
commit b5edaf6fca
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/kbn-cell-actions/src/actions/copy_to_clipboard/copy_to_clipboard.ts
View file

@ -33,7 +33,7 @@ const COPY_TO_CLIPBOARD_SUCCESS = i18n.translate(
}
);
const escapeValue = (value: string) => value.replace(/"/g, '\\"');
const escapeValue = (value: string) => value.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
export const createCopyToClipboardActionFactory = createCellActionFactory(
({ notifications }: { notifications: NotificationsStart }) => ({