From 35de6ce721cc2f0b6438f06f5a11e1c61b27c9c7 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong@kernel.org>
Date: Tue, 14 Mar 2023 17:53:27 -0700
Subject: [PATCH] report: encode xml entities in property values

Avoid trouble with the properties reported in the xml reports by
translating xml-tricky characters in the property values into their xml
entity equivalents.

IOWs, if someone sets a property "NAME" to the value 'BOBBY"; DROP TABLES;',
the xml will be formatted:

	<property name="NAME" value="BOBBY&quot;; DROP TABLES;"/>

Thus avoiding XML problems.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>
---
 common/report | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/report b/common/report
index 2ab83928..946ee488 100644
--- a/common/report
+++ b/common/report
@@ -33,7 +33,10 @@ _xunit_add_property()
 
 	test -z "$value" && return
 
-	echo -e "\t\t<property name=\"$name\" value=\"$value\"/>"
+	local xname="$(echo "$name" | encode_xml)"
+	local xvalue="$(echo "$value" | encode_xml)"
+
+	echo -e "\t\t<property name=\"$xname\" value=\"$xvalue\"/>"
 }
 
 _xunit_make_section_report()
-- 
2.39.5