From 6207b64af3663f71bc365e548adaaba047ae07ef Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 30 Jan 2019 12:17:18 -0500 Subject: [PATCH] 4635 fix escaping of single quotes in findfilesWhere query for common files search --- .../CentralRepoCommonAttributeInstance.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CentralRepoCommonAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CentralRepoCommonAttributeInstance.java index 55fef1a033..685515fea8 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CentralRepoCommonAttributeInstance.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CentralRepoCommonAttributeInstance.java @@ -108,6 +108,7 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr // will try using the file name, parent path and data source id. File fileFromPath = new File(currentFullPath); String fileName = fileFromPath.getName(); + fileName = SleuthkitCase.escapeSingleQuotes(fileName); // Create the parent path. Make sure not to add a separator if there is already one there. String parentPath = fileFromPath.getParent(); @@ -115,6 +116,7 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr parentPath += File.separator; } parentPath = parentPath.replace("\\", "/"); + parentPath = SleuthkitCase.escapeSingleQuotes(parentPath); final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId()); List potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause);