Merge pull request #4393 from dalee-bis/query-double-quote-escape-fix

Fixed MssqlSession.query not escaping double quote correctly
2024-11-23 13:13:22 +00:00 · 2019-09-23 12:43:09 -04:00 · 2019-09-23 12:43:09 -04:00 · 14e611b25a
commit 14e611b25a
parent 76901e0247 7f2dbd918f
1 changed files with 1 additions and 1 deletions
--- a/lib/inspec/resources/mssql_session.rb
+++ b/lib/inspec/resources/mssql_session.rb
@ -53,7 +53,7 @@ module Inspec::Resources
    end

    def query(q) # rubocop:disable Metrics/PerceivedComplexity
-      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '""').gsub(/\$/, '\\$')
      # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
      cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
      cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?