From 1453abbd801e72b87b1b6b636967b91fcd865cc5 Mon Sep 17 00:00:00 2001
From: Belen Pruvost <belen.pruvost@sonarsource.com>
Date: Mon, 30 Aug 2021 19:10:49 +0200
Subject: [PATCH] SONAR-15143 - Escape quotes in audits new_value

---
 .../src/main/java/org/sonar/db/audit/model/NewValue.java    | 3 +++
 .../org/sonar/db/audit/model/ComponentNewValueTest.java     | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java
index 629f1d7c06b..395f995ff01 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java
@@ -33,6 +33,9 @@ public abstract class NewValue {
     if (!isNullOrEmpty(value)) {
       sb.append(field);
       addQuote(sb, isString);
+      if (value.contains("\"")) {
+        value = value.replace("\"", "\\\"");
+      }
       sb.append(value);
       addQuote(sb, isString);
       sb.append(", ");
diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java
index 1bebbaab39e..dad53291f23 100644
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java
@@ -47,13 +47,13 @@ public class ComponentNewValueTest {
   }
 
   @Test
-  public void toString_project_uuid_and_name_and_isPrivate() {
-    ComponentNewValue newValue = new ComponentNewValue("uuid", "name", "key", true,"TRK");
+  public void toString_project_uuid_and_name_and_isPrivate_withEscapedQuotes() {
+    ComponentNewValue newValue = new ComponentNewValue("uuid", "the \"best\" name", "key", true,"TRK");
 
     assertThat(newValue.toString())
       .contains("\"componentUuid\": \"uuid\"")
       .contains("\"componentKey\": \"key\"")
-      .contains("\"componentName\": \"name\"")
+      .contains("\"componentName\": \"the \\\"best\\\" name\"")
       .contains("\"qualifier\": \"project\"")
       .contains("\"isPrivate\": true");
   }
-- 
2.39.5