From 72eccf5db2dbfd41009af8146cf9850aa4f58c33 Mon Sep 17 00:00:00 2001
From: Connie Liu <coliu@akamai.com>
Date: Wed, 4 Sep 2024 11:45:00 -0400
Subject: [PATCH 1/4] update regex to sanitize against backslashes

---
 .../src/utilities/codesnippets/generate-ansibleConfig.ts        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.ts b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.ts
index d04cf80cdd7..968bbed7d12 100644
--- a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.ts
+++ b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.ts
@@ -6,7 +6,7 @@ import type { CreateLinodeRequest } from '@linode/api-v4/lib/linodes';
  * @returns {string} - The safely escaped string.
  */
 function escapeYAMLString(str: string) {
-  return str.replace(/(["':\[\]\{\}])/g, '\\$1').replace(/\n/g, '\\n');
+  return str.replace(/(["':\\\[\\\]\\\{\\\}])/g, '\\$1').replace(/\n/g, '\\n');
 }
 
 /**

From 839825b65798db1e6aaa77ddc74b63322feec4ce Mon Sep 17 00:00:00 2001
From: Connie Liu <coliu@akamai.com>
Date: Wed, 4 Sep 2024 11:57:50 -0400
Subject: [PATCH 2/4] add test case for sanitization

---
 .../codesnippets/generate-ansibleConfig.test.ts     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
index 018500f605d..c6af82ad259 100644
--- a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
+++ b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
@@ -43,4 +43,17 @@ describe('generateAnsibleConfig', () => {
 
     expect(generateAnsibleConfig(config)).toEqual(expectedOutput);
   });
+
+  it('should escape backslash characters in YAML strings', () => {
+    const config = {
+      label: 'Linode with ] and also [, }, and \\{',
+      region: 'us-central',
+      root_pass: 'securePass123',
+      type: 'g6-standard-1',
+    };
+
+    const expectedOutput = `- name: Create a new Linode instance.\n  linode.cloud.instance:\n    state: "present"\n    label: "Linode with \\] and also \\[, \\}, and \\\\\\{"\n    type: "g6-standard-1"\n    region: "us-central"\n    root_pass: "securePass123"\n`;
+
+    expect(generateAnsibleConfig(config)).toEqual(expectedOutput);
+  });
 });

From ac2ca1bac4fd2045d4020b7a10a612893aaddd6b Mon Sep 17 00:00:00 2001
From: Connie Liu <coliu@akamai.com>
Date: Wed, 4 Sep 2024 12:07:21 -0400
Subject: [PATCH 3/4] update test case description to be more accurate

---
 .../utilities/codesnippets/generate-ansibleConfig.test.ts   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
index c6af82ad259..6b147ec6c8a 100644
--- a/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
+++ b/packages/manager/src/utilities/codesnippets/generate-ansibleConfig.test.ts
@@ -44,15 +44,15 @@ describe('generateAnsibleConfig', () => {
     expect(generateAnsibleConfig(config)).toEqual(expectedOutput);
   });
 
-  it('should escape backslash characters in YAML strings', () => {
+  it('should safely escape extra backslash characters in YAML strings', () => {
     const config = {
-      label: 'Linode with ] and also [, }, and \\{',
+      label: 'Linode with ] and also \\[, }, and \\{',
       region: 'us-central',
       root_pass: 'securePass123',
       type: 'g6-standard-1',
     };
 
-    const expectedOutput = `- name: Create a new Linode instance.\n  linode.cloud.instance:\n    state: "present"\n    label: "Linode with \\] and also \\[, \\}, and \\\\\\{"\n    type: "g6-standard-1"\n    region: "us-central"\n    root_pass: "securePass123"\n`;
+    const expectedOutput = `- name: Create a new Linode instance.\n  linode.cloud.instance:\n    state: "present"\n    label: "Linode with \\] and also \\\\\\[, \\}, and \\\\\\{"\n    type: "g6-standard-1"\n    region: "us-central"\n    root_pass: "securePass123"\n`;
 
     expect(generateAnsibleConfig(config)).toEqual(expectedOutput);
   });

From 6227284a37996c092918b9f1e85e6cd5c5b416c4 Mon Sep 17 00:00:00 2001
From: Connie Liu <coliu@akamai.com>
Date: Wed, 4 Sep 2024 12:35:28 -0400
Subject: [PATCH 4/4] changeset

---
 .../.changeset/pr-10887-tech-stories-1725467686328.md        | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 packages/manager/.changeset/pr-10887-tech-stories-1725467686328.md

diff --git a/packages/manager/.changeset/pr-10887-tech-stories-1725467686328.md b/packages/manager/.changeset/pr-10887-tech-stories-1725467686328.md
new file mode 100644
index 00000000000..48bf6c14c7f
--- /dev/null
+++ b/packages/manager/.changeset/pr-10887-tech-stories-1725467686328.md
@@ -0,0 +1,5 @@
+---
+"@linode/manager": Tech Stories
+---
+
+Resolve "Incomplete string escape or encoding" codeQL alert in `generate-ansibleConfig.ts` ([#10887](https://github.com/linode/manager/pull/10887))