Fix #1366; apply xml escaping on generated xml report (#1367)

Summary: Pull Request resolved: https://github.com/facebook/infer/pull/1367 Reviewed By: ngorogiannis Differential Revision: D25803040 Pulled By: jvillard fbshipit-source-id: 99ab88363
4 years ago · 66d0eaa357
parent e065b0b0b2
commit 66d0eaa357
1 changed files with 5 additions and 4 deletions
--- a/infer/src/integration/XMLReport.ml
+++ b/infer/src/integration/XMLReport.ml
@ -26,14 +26,15 @@ let pp_xml_issue f (issue : Jsonbug_t.jsonbug) =
    in
    match java_result with None -> ("", "", issue.procedure) | Some result -> result
  in
+  let esc = Escape.escape_xml in
  F.fprintf f
    {|<file name="%s">
    <violation begincolumn="%d" beginline="%d" endcolumn="%d" endline="%d" class="%s" method="%s" package="%s" priority="1" rule="%s" ruleset="Infer Rules" externalinfourl="https://fbinfer.com/%s">%s</violation>
  </file>|}
-    issue.file (max issue.column 0) issue.line (max issue.column 0) (issue.line + 1) java_class_name
-    method_name java_package issue.bug_type
-    (Help.abs_url_of_issue_type issue.bug_type)
-    issue.qualifier
+    (esc issue.file) (max issue.column 0) issue.line (max issue.column 0) (issue.line + 1)
+    (esc java_class_name) (esc method_name) (esc java_package) (esc issue.bug_type)
+    (esc (Help.abs_url_of_issue_type issue.bug_type))
+    (esc issue.qualifier)


 let is_user_visible (issue : Jsonbug_t.jsonbug) =