From 7f2dbd918f98213ff5656a982df8937bc28cb133 Mon Sep 17 00:00:00 2001
From: dalee-bis <13235934+dalee-bis@users.noreply.github.com>
Date: Thu, 15 Aug 2019 11:28:50 +0100
Subject: [PATCH] Fixed MssqlSession.query not escaping double quote correctly

When `MssqlSession.query` is escaping the `"` character, it is doing so by prefixing it with a backslash (e.g. `\"`). This does not escape the quote character. It should be escaped by adding an additional double quote character (e.g. `""`).
---
 lib/inspec/resources/mssql_session.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/inspec/resources/mssql_session.rb b/lib/inspec/resources/mssql_session.rb
index 5cecd46b1..a5b561d6f 100644
--- a/lib/inspec/resources/mssql_session.rb
+++ b/lib/inspec/resources/mssql_session.rb
@@ -53,7 +53,7 @@ module Inspec::Resources
     end
 
     def query(q) # rubocop:disable Metrics/PerceivedComplexity
-      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '""').gsub(/\$/, '\\$')
       # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
       cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
       cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?