From d511fa8d1793bd96a500d538c1bad7314e02f27c Mon Sep 17 00:00:00 2001 From: Mike Gerwitz Date: Sun, 31 Dec 2023 16:04:20 -0500 Subject: [PATCH] prom.awk: Correct regex escape I'm not confident this ever worked as intended. Unless behavior in newer Gawks changed (since now it is issuing a warning where it wasn't previously). This replaced double quotes with '0'..which certainly solves the security problem of double quotes, but not in the intended way. I have no labels with double quotes and so never noticed. I suspect that I tried using // delimiters to avoid having to go through this escape mess ("\\\\" to produce "\\" which is recogniezd as a single "\" in the replacement, and then a fifth to escape the double quote. What a mess. --- prom.awk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prom.awk b/prom.awk index 6a5ef39..fd61270 100644 --- a/prom.awk +++ b/prom.awk @@ -109,7 +109,7 @@ function _prom_assert_valid_label(name) { # Escape double quotes in label value VALUE and return the result. function _prom_label_escape(value) { - return gensub(/"/, /\"/, "g", value) + return gensub(/"/, "\\\\\"", "g", value) }