From fca4e2170a7826dae52bb2578d93643cee953bb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Duarte=20Arag=C3=A3o?= Date: Tue, 13 May 2025 23:55:35 +0100 Subject: [PATCH] fix(alerting): Escape custom result errors (#1095) * escape result errors * add specific test to check result_errors are escaped --- alerting/provider/custom/custom.go | 5 +++-- alerting/provider/custom/custom_test.go | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/alerting/provider/custom/custom.go b/alerting/provider/custom/custom.go index c65e34a5..2e4da58b 100644 --- a/alerting/provider/custom/custom.go +++ b/alerting/provider/custom/custom.go @@ -108,8 +108,9 @@ func (provider *AlertProvider) buildHTTPRequest(cfg *Config, ep *endpoint.Endpoi url = strings.ReplaceAll(url, "[ENDPOINT_GROUP]", ep.Group) body = strings.ReplaceAll(body, "[ENDPOINT_URL]", ep.URL) url = strings.ReplaceAll(url, "[ENDPOINT_URL]", ep.URL) - body = strings.ReplaceAll(body, "[RESULT_ERRORS]", strings.Join(result.Errors, ",")) - url = strings.ReplaceAll(url, "[RESULT_ERRORS]", strings.Join(result.Errors, ",")) + resultErrors := strings.ReplaceAll(strings.Join(result.Errors, ","), "\"", "\\\"") + body = strings.ReplaceAll(body, "[RESULT_ERRORS]", resultErrors) + url = strings.ReplaceAll(url, "[RESULT_ERRORS]", resultErrors) if resolved { body = strings.ReplaceAll(body, "[ALERT_TRIGGERED_OR_RESOLVED]", provider.GetAlertStatePlaceholderValue(cfg, true)) url = strings.ReplaceAll(url, "[ALERT_TRIGGERED_OR_RESOLVED]", provider.GetAlertStatePlaceholderValue(cfg, true)) diff --git a/alerting/provider/custom/custom_test.go b/alerting/provider/custom/custom_test.go index cf2697cd..7536f392 100644 --- a/alerting/provider/custom/custom_test.go +++ b/alerting/provider/custom/custom_test.go @@ -179,6 +179,13 @@ func TestAlertProviderWithResultErrors_buildHTTPRequest(t *testing.T) { ExpectedBody: "endpoint-name,endpoint-group,alert-description,https://example.com,TRIGGERED,error1,error2", Errors: []string{"error1", "error2"}, }, + { + AlertProvider: alertProvider, + Resolved: false, + ExpectedURL: "https://example.com/endpoint-group/endpoint-name?event=TRIGGERED&description=alert-description&url=https://example.com&error=test \\\"error with quotes\\\"", + ExpectedBody: "endpoint-name,endpoint-group,alert-description,https://example.com,TRIGGERED,test \\\"error with quotes\\\"", + Errors: []string{"test \"error with quotes\""}, + }, } for _, scenario := range scenarios { t.Run(fmt.Sprintf("resolved-%v-with-default-placeholders-and-result-errors", scenario.Resolved), func(t *testing.T) {