From 56a8caff922df8d597895a49f55f2150bff3adb7 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 13 Sep 2019 22:13:39 +0200 Subject: qapi: Restrict strings to printable ASCII RFC 8259 on string contents: All Unicode characters may be placed within the quotation marks, except for the characters that MUST be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F). The QAPI schema parser accepts both less and more than JSON: it accepts only ASCII with \u (less), and accepts control characters other than LF (new line) unescaped. How it treats unescaped non-ASCII input differs between Python 2 and Python 3. Make it accept strictly less: require printable ASCII. Drop support for \b, \f, \n, \r, \t. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <20190913201349.24332-7-armbru@redhat.com> --- tests/qapi-schema/string-code-point-127.err | 1 + tests/qapi-schema/string-code-point-127.exit | 1 + tests/qapi-schema/string-code-point-127.json | 2 ++ tests/qapi-schema/string-code-point-127.out | 0 tests/qapi-schema/string-code-point-31.err | 1 + tests/qapi-schema/string-code-point-31.exit | 1 + tests/qapi-schema/string-code-point-31.json | 2 ++ tests/qapi-schema/string-code-point-31.out | 0 tests/qapi-schema/unicode-str.err | 1 - tests/qapi-schema/unicode-str.exit | 1 - tests/qapi-schema/unicode-str.json | 2 -- tests/qapi-schema/unicode-str.out | 0 12 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 tests/qapi-schema/string-code-point-127.err create mode 100644 tests/qapi-schema/string-code-point-127.exit create mode 100644 tests/qapi-schema/string-code-point-127.json create mode 100644 tests/qapi-schema/string-code-point-127.out create mode 100644 tests/qapi-schema/string-code-point-31.err create mode 100644 tests/qapi-schema/string-code-point-31.exit create mode 100644 tests/qapi-schema/string-code-point-31.json create mode 100644 tests/qapi-schema/string-code-point-31.out delete mode 100644 tests/qapi-schema/unicode-str.err delete mode 100644 tests/qapi-schema/unicode-str.exit delete mode 100644 tests/qapi-schema/unicode-str.json delete mode 100644 tests/qapi-schema/unicode-str.out (limited to 'tests/qapi-schema') diff --git a/tests/qapi-schema/string-code-point-127.err b/tests/qapi-schema/string-code-point-127.err new file mode 100644 index 0000000..c310910 --- /dev/null +++ b/tests/qapi-schema/string-code-point-127.err @@ -0,0 +1 @@ +tests/qapi-schema/string-code-point-127.json:2:14: Funny character in string diff --git a/tests/qapi-schema/string-code-point-127.exit b/tests/qapi-schema/string-code-point-127.exit new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/tests/qapi-schema/string-code-point-127.exit @@ -0,0 +1 @@ +1 diff --git a/tests/qapi-schema/string-code-point-127.json b/tests/qapi-schema/string-code-point-127.json new file mode 100644 index 0000000..480318a --- /dev/null +++ b/tests/qapi-schema/string-code-point-127.json @@ -0,0 +1,2 @@ +# We accept printable ASCII: code points 32..126. Test code point 127: +{ 'command': '' } diff --git a/tests/qapi-schema/string-code-point-127.out b/tests/qapi-schema/string-code-point-127.out new file mode 100644 index 0000000..e69de29 diff --git a/tests/qapi-schema/string-code-point-31.err b/tests/qapi-schema/string-code-point-31.err new file mode 100644 index 0000000..4579792 --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.err @@ -0,0 +1 @@ +tests/qapi-schema/string-code-point-31.json:2:14: Funny character in string diff --git a/tests/qapi-schema/string-code-point-31.exit b/tests/qapi-schema/string-code-point-31.exit new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.exit @@ -0,0 +1 @@ +1 diff --git a/tests/qapi-schema/string-code-point-31.json b/tests/qapi-schema/string-code-point-31.json new file mode 100644 index 0000000..f186cbd --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.json @@ -0,0 +1,2 @@ +# We accept printable ASCII: code points 32..126. Test code point 127: +{ 'command': '' } diff --git a/tests/qapi-schema/string-code-point-31.out b/tests/qapi-schema/string-code-point-31.out new file mode 100644 index 0000000..e69de29 diff --git a/tests/qapi-schema/unicode-str.err b/tests/qapi-schema/unicode-str.err deleted file mode 100644 index f621cd6..0000000 --- a/tests/qapi-schema/unicode-str.err +++ /dev/null @@ -1 +0,0 @@ -tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name 'é' diff --git a/tests/qapi-schema/unicode-str.exit b/tests/qapi-schema/unicode-str.exit deleted file mode 100644 index d00491f..0000000 --- a/tests/qapi-schema/unicode-str.exit +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/tests/qapi-schema/unicode-str.json b/tests/qapi-schema/unicode-str.json deleted file mode 100644 index 5253a1b..0000000 --- a/tests/qapi-schema/unicode-str.json +++ /dev/null @@ -1,2 +0,0 @@ -# we don't support full Unicode strings, yet -{ 'command': 'é' } diff --git a/tests/qapi-schema/unicode-str.out b/tests/qapi-schema/unicode-str.out deleted file mode 100644 index e69de29..0000000 -- cgit v1.1