From 66d0eaa357101ad1db3bd62a19a024b247eec5c3 Mon Sep 17 00:00:00 2001
From: Luka Rahne <luka.rahne@gmail.com>
Date: Thu, 7 Jan 2021 09:24:00 -0800
Subject: [PATCH] Fix #1366; apply xml escaping on generated xml report (#1367)

Summary: Pull Request resolved: https://github.com/facebook/infer/pull/1367

Reviewed By: ngorogiannis

Differential Revision: D25803040

Pulled By: jvillard

fbshipit-source-id: 99ab88363
---
 infer/src/integration/XMLReport.ml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/infer/src/integration/XMLReport.ml b/infer/src/integration/XMLReport.ml
index 716615363..a196e5e6d 100644
--- a/infer/src/integration/XMLReport.ml
+++ b/infer/src/integration/XMLReport.ml
@@ -26,14 +26,15 @@ let pp_xml_issue f (issue : Jsonbug_t.jsonbug) =
     in
     match java_result with None -> ("", "", issue.procedure) | Some result -> result
   in
+  let esc = Escape.escape_xml in
   F.fprintf f
     {|<file name="%s">
     <violation begincolumn="%d" beginline="%d" endcolumn="%d" endline="%d" class="%s" method="%s" package="%s" priority="1" rule="%s" ruleset="Infer Rules" externalinfourl="https://fbinfer.com/%s">%s</violation>
   </file>|}
-    issue.file (max issue.column 0) issue.line (max issue.column 0) (issue.line + 1) java_class_name
-    method_name java_package issue.bug_type
-    (Help.abs_url_of_issue_type issue.bug_type)
-    issue.qualifier
+    (esc issue.file) (max issue.column 0) issue.line (max issue.column 0) (issue.line + 1)
+    (esc java_class_name) (esc method_name) (esc java_package) (esc issue.bug_type)
+    (esc (Help.abs_url_of_issue_type issue.bug_type))
+    (esc issue.qualifier)
 
 
 let is_user_visible (issue : Jsonbug_t.jsonbug) =