From b9a5d6a46d4224b70ec1709d4fa97cd1c6295408 Mon Sep 17 00:00:00 2001 From: Agustina Nahir Ruidiaz <61565784+agusruidiazgd@users.noreply.github.com> Date: Wed, 30 Oct 2024 15:38:54 +0100 Subject: [PATCH] [Security Solution] Fix code scanning alert (#198142) Fixes [https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365) ## Summary To fix the problem, we need to ensure that both double quotes and backslashes are properly escaped in the `escapeValue` function. This can be achieved by using a regular expression that replaces both characters globally. Specifically, we should replace backslashes with double backslashes (`\\`) and double quotes with escaped double quotes (`\"`). - Update the `escapeValue` function to use a regular expression that handles both double quotes and backslashes. - Ensure that the regular expression has the global flag (`g`) to replace all occurrences of the characters. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../src/actions/copy_to_clipboard/copy_to_clipboard.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kbn-cell-actions/src/actions/copy_to_clipboard/copy_to_clipboard.ts b/packages/kbn-cell-actions/src/actions/copy_to_clipboard/copy_to_clipboard.ts index 850a534278fb..90e93923fa36 100644 --- a/packages/kbn-cell-actions/src/actions/copy_to_clipboard/copy_to_clipboard.ts +++ b/packages/kbn-cell-actions/src/actions/copy_to_clipboard/copy_to_clipboard.ts @@ -33,7 +33,7 @@ const COPY_TO_CLIPBOARD_SUCCESS = i18n.translate( } ); -const escapeValue = (value: string) => value.replace(/"/g, '\\"'); +const escapeValue = (value: string) => value.replace(/\\/g, '\\\\').replace(/"/g, '\\"'); export const createCopyToClipboardActionFactory = createCellActionFactory( ({ notifications }: { notifications: NotificationsStart }) => ({