From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: marcandre.lureau@redhat.com, mdroth@linux.vnet.ibm.com
Subject: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII
Date: Tue, 10 Sep 2019 08:37:14 +0200 [thread overview]
Message-ID: <20190910063724.28470-7-armbru@redhat.com> (raw)
In-Reply-To: <20190910063724.28470-1-armbru@redhat.com>
RFC 8259 on string contents:
All Unicode characters may be placed within the quotation marks,
except for the characters that MUST be escaped: quotation mark,
reverse solidus, and the control characters (U+0000 through
U+001F).
The QAPI schema parser accepts both less and more than JSON: it
accepts only ASCII with \u (less), and accepts control characters
other than LF (new line) unescaped. How it treats unescaped non-ASCII
input differs between Python 2 and Python 3.
Make it accept strictly less: require printable ASCII. Drop support
for \b, \f, \n, \r, \t.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
scripts/qapi/common.py | 25 ++++++-------------
tests/Makefile.include | 3 ++-
tests/qapi-schema/string-code-point-127.err | 1 +
...de-str.exit => string-code-point-127.exit} | 0
tests/qapi-schema/string-code-point-127.json | 2 ++
...code-str.out => string-code-point-127.out} | 0
tests/qapi-schema/string-code-point-31.err | 1 +
tests/qapi-schema/string-code-point-31.exit | 1 +
tests/qapi-schema/string-code-point-31.json | 2 ++
tests/qapi-schema/string-code-point-31.out | 0
tests/qapi-schema/unicode-str.err | 1 -
tests/qapi-schema/unicode-str.json | 2 --
12 files changed, 17 insertions(+), 21 deletions(-)
create mode 100644 tests/qapi-schema/string-code-point-127.err
rename tests/qapi-schema/{unicode-str.exit => string-code-point-127.exit} (100%)
create mode 100644 tests/qapi-schema/string-code-point-127.json
rename tests/qapi-schema/{unicode-str.out => string-code-point-127.out} (100%)
create mode 100644 tests/qapi-schema/string-code-point-31.err
create mode 100644 tests/qapi-schema/string-code-point-31.exit
create mode 100644 tests/qapi-schema/string-code-point-31.json
create mode 100644 tests/qapi-schema/string-code-point-31.out
delete mode 100644 tests/qapi-schema/unicode-str.err
delete mode 100644 tests/qapi-schema/unicode-str.json
diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 54d02458b5..c3dfad024f 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -523,17 +523,7 @@ class QAPISchemaParser(object):
if ch == '\n':
raise QAPIParseError(self, 'Missing terminating "\'"')
if esc:
- if ch == 'b':
- string += '\b'
- elif ch == 'f':
- string += '\f'
- elif ch == 'n':
- string += '\n'
- elif ch == 'r':
- string += '\r'
- elif ch == 't':
- string += '\t'
- elif ch == 'u':
+ if ch == 'u':
value = 0
for _ in range(0, 4):
ch = self.src[self.cursor]
@@ -552,20 +542,21 @@ class QAPISchemaParser(object):
'For now, \\u escape '
'only supports non-zero '
'values up to \\u007f')
- string += chr(value)
- elif ch in '\\/\'"':
- string += ch
- else:
+ ch = chr(value)
+ elif ch not in '\\/\'"':
raise QAPIParseError(self,
"Unknown escape \\%s" % ch)
esc = False
elif ch == '\\':
esc = True
+ continue
elif ch == "'":
self.val = string
return
- else:
- string += ch
+ if ord(ch) < 32 or ord(ch) >= 127:
+ raise QAPIParseError(
+ self, "Funny character in string")
+ string += ch
elif self.src.startswith('true', self.pos):
self.val = True
self.cursor += 3
diff --git a/tests/Makefile.include b/tests/Makefile.include
index f5ac09549c..403748579f 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -452,6 +452,8 @@ qapi-schema += returns-array-bad.json
qapi-schema += returns-dict.json
qapi-schema += returns-unknown.json
qapi-schema += returns-whitelist.json
+qapi-schema += string-code-point-31.json
+qapi-schema += string-code-point-127.json
qapi-schema += struct-base-clash-deep.json
qapi-schema += struct-base-clash.json
qapi-schema += struct-data-invalid.json
@@ -463,7 +465,6 @@ qapi-schema += type-bypass-bad-gen.json
qapi-schema += unclosed-list.json
qapi-schema += unclosed-object.json
qapi-schema += unclosed-string.json
-qapi-schema += unicode-str.json
qapi-schema += union-base-empty.json
qapi-schema += union-base-no-discriminator.json
qapi-schema += union-branch-case.json
diff --git a/tests/qapi-schema/string-code-point-127.err b/tests/qapi-schema/string-code-point-127.err
new file mode 100644
index 0000000000..c310910c23
--- /dev/null
+++ b/tests/qapi-schema/string-code-point-127.err
@@ -0,0 +1 @@
+tests/qapi-schema/string-code-point-127.json:2:14: Funny character in string
diff --git a/tests/qapi-schema/unicode-str.exit b/tests/qapi-schema/string-code-point-127.exit
similarity index 100%
rename from tests/qapi-schema/unicode-str.exit
rename to tests/qapi-schema/string-code-point-127.exit
diff --git a/tests/qapi-schema/string-code-point-127.json b/tests/qapi-schema/string-code-point-127.json
new file mode 100644
index 0000000000..480318a69f
--- /dev/null
+++ b/tests/qapi-schema/string-code-point-127.json
@@ -0,0 +1,2 @@
+# We accept printable ASCII: code points 32..126. Test code point 127:
+{ 'command': '\x7f' }
diff --git a/tests/qapi-schema/unicode-str.out b/tests/qapi-schema/string-code-point-127.out
similarity index 100%
rename from tests/qapi-schema/unicode-str.out
rename to tests/qapi-schema/string-code-point-127.out
diff --git a/tests/qapi-schema/string-code-point-31.err b/tests/qapi-schema/string-code-point-31.err
new file mode 100644
index 0000000000..45797928d9
--- /dev/null
+++ b/tests/qapi-schema/string-code-point-31.err
@@ -0,0 +1 @@
+tests/qapi-schema/string-code-point-31.json:2:14: Funny character in string
diff --git a/tests/qapi-schema/string-code-point-31.exit b/tests/qapi-schema/string-code-point-31.exit
new file mode 100644
index 0000000000..d00491fd7e
--- /dev/null
+++ b/tests/qapi-schema/string-code-point-31.exit
@@ -0,0 +1 @@
+1
diff --git a/tests/qapi-schema/string-code-point-31.json b/tests/qapi-schema/string-code-point-31.json
new file mode 100644
index 0000000000..f186cbd720
--- /dev/null
+++ b/tests/qapi-schema/string-code-point-31.json
@@ -0,0 +1,2 @@
+# We accept printable ASCII: code points 32..126. Test code point 127:
+{ 'command': '\x1f' }
diff --git a/tests/qapi-schema/string-code-point-31.out b/tests/qapi-schema/string-code-point-31.out
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/qapi-schema/unicode-str.err b/tests/qapi-schema/unicode-str.err
deleted file mode 100644
index f621cd6448..0000000000
--- a/tests/qapi-schema/unicode-str.err
+++ /dev/null
@@ -1 +0,0 @@
-tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name 'é'
diff --git a/tests/qapi-schema/unicode-str.json b/tests/qapi-schema/unicode-str.json
deleted file mode 100644
index 5253a1b9f3..0000000000
--- a/tests/qapi-schema/unicode-str.json
+++ /dev/null
@@ -1,2 +0,0 @@
-# we don't support full Unicode strings, yet
-{ 'command': 'é' }
--
2.21.0
next prev parent reply other threads:[~2019-09-10 6:43 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-10 6:37 [Qemu-devel] [PATCH v2 00/16] qapi: Schema language cleanups & doc improvements Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 01/16] scripts/git.orderfile: Match QAPI schema more precisely Markus Armbruster
2019-09-10 6:56 ` Philippe Mathieu-Daudé
2019-09-10 13:41 ` Eric Blake
2019-09-13 14:14 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 02/16] qapi: Drop check_type()'s redundant parameter @allow_optional Markus Armbruster
2019-09-10 13:45 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 03/16] qapi: Drop support for boxed alternate arguments Markus Armbruster
2019-09-10 14:54 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 04/16] docs/devel/qapi-code-gen: Minor specification fixes Markus Armbruster
2019-09-10 15:10 ` Eric Blake
2019-09-13 14:23 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 05/16] tests/qapi-schema: Demonstrate bad reporting of funny characters Markus Armbruster
2019-09-10 15:12 ` Eric Blake
2019-09-13 14:24 ` Markus Armbruster
2019-09-10 6:37 ` Markus Armbruster [this message]
2019-09-10 15:22 ` [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII Eric Blake
2019-09-13 14:28 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 07/16] qapi: Drop support for escape sequences other than \\ Markus Armbruster
2019-09-10 15:28 ` Eric Blake
2019-09-13 14:38 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 08/16] qapi: Permit 'boxed' with empty type Markus Armbruster
2019-09-10 16:28 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 09/16] qapi: Permit alternates with just one branch Markus Armbruster
2019-09-10 16:30 ` Eric Blake
2019-09-13 14:47 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 10/16] qapi: Permit omitting all flat union branches Markus Armbruster
2019-09-10 16:32 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 11/16] qapi: Adjust frontend errors to say enum value, not member Markus Armbruster
2019-09-10 16:33 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 12/16] docs/devel/qapi-code-gen: Reorder sections for readability Markus Armbruster
2019-09-10 16:36 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 13/16] docs/devel/qapi-code-gen: Rewrite compatibility considerations Markus Armbruster
2019-09-10 16:42 ` Eric Blake
2019-09-13 15:05 ` Markus Armbruster
2019-09-17 16:11 ` Eric Blake
2019-09-23 11:44 ` Markus Armbruster
2019-09-23 13:00 ` Eric Blake
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 14/16] docs/devel/qapi-code-gen: Rewrite introduction to schema Markus Armbruster
2019-09-10 16:50 ` Eric Blake
2019-09-13 15:16 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 15/16] docs/devel/qapi-code-gen: Improve QAPI schema language doc Markus Armbruster
2019-09-10 17:37 ` Eric Blake
2019-09-13 15:39 ` Markus Armbruster
2019-09-17 16:14 ` Eric Blake
2019-09-23 11:45 ` Markus Armbruster
2019-09-10 6:37 ` [Qemu-devel] [PATCH v2 16/16] qapi: Tweak code to match docs/devel/qapi-code-gen.txt Markus Armbruster
2019-09-10 17:45 ` Eric Blake
2019-09-10 7:09 ` [Qemu-devel] [PATCH v2 00/16] qapi: Schema language cleanups & doc improvements no-reply
2019-09-10 22:32 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190910063724.28470-7-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.