zentity
zentity copied to clipboard
fix: Escape quotes and backslashes when performing substitution
When performing entity resolution, ES documents may sometimes contain string fields that contain quotes or backslashes.
These will then be picked up by zentity and substituted into the template here, which causes it to escape out of the query.
At the worst case, a specially crafted document can cause zentity to perform arbitrary queries - but I haven't gotten around to making a POC for this 😄. We discovered this by seeing com.fasterxml.jackson.core.JsonParseException
when performing certain queries.
@davemoore- If this patch checks out, would it be possible to make a point release for this 🙏 ?
@austince / @davemoore- Friendly bump - any chance someone has some extra time to take a look at this 🙏 ? It would be great to have the fix upstream instead of building from a fork 😄
Hey @rpeng, thanks for the contribution! I unfortunately have no permissions in this repo, only @davemoore-.