RFC 8259 on string contents:
All Unicode characters may be placed within the quotation marks,
except for the characters that MUST be escaped: quotation mark,
reverse solidus, and the control characters (U+0000 through
U+001F).
The QAPI schema parser accepts both less and more than JSON: it
accepts only ASCII (less), and accepts control characters other than
LF (new line) unescaped.
Make it accept strictly less: require control characters to be
escaped. All of them, even DEL, because treating DEL different than
other control characters feels wrong.
Signed-off-by: Markus Armbruster <arm...@redhat.com>
---
tests/qapi-schema/string-control.json | 2 ++
scripts/qapi/common.py | 3 +++
tests/Makefile.include | 1 +
tests/qapi-schema/string-control.err | 1 +
tests/qapi-schema/string-control.exit | 1 +
tests/qapi-schema/string-control.out | 0
6 files changed, 8 insertions(+)
create mode 100644 tests/qapi-schema/string-control.json
create mode 100644 tests/qapi-schema/string-control.err
create mode 100644 tests/qapi-schema/string-control.exit
create mode 100644 tests/qapi-schema/string-control.out
diff --git a/tests/qapi-schema/string-control.json
b/tests/qapi-schema/string-control.json
new file mode 100644
index 0000000000..a14be4659a
--- /dev/null
+++ b/tests/qapi-schema/string-control.json
@@ -0,0 +1,2 @@
+# control characters in strings
+{ 'command': '�' }
diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index c54c148263..d8c47ac2ac 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -564,6 +564,9 @@ class QAPISchemaParser(object):
elif ch == "'":
self.val = string
return
+ elif ord(ch) < 32 or ch == '\x7f':
+ raise QAPIParseError(self,
+ 'Control character in string')
else:
string += ch
elif self.src.startswith('true', self.pos):
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 49684fd4f4..543bac6f93 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -452,6 +452,7 @@ qapi-schema += returns-array-bad.json
qapi-schema += returns-dict.json
qapi-schema += returns-unknown.json
qapi-schema += returns-whitelist.json
+qapi-schema += string-control.json
qapi-schema += struct-base-clash-deep.json
qapi-schema += struct-base-clash.json
qapi-schema += struct-data-invalid.json
diff --git a/tests/qapi-schema/string-control.err
b/tests/qapi-schema/string-control.err
new file mode 100644
index 0000000000..30a9d57d57
--- /dev/null
+++ b/tests/qapi-schema/string-control.err
@@ -0,0 +1 @@
+tests/qapi-schema/string-control.json:2:14: Control character in string
diff --git a/tests/qapi-schema/string-control.exit
b/tests/qapi-schema/string-control.exit
new file mode 100644
index 0000000000..d00491fd7e
--- /dev/null
+++ b/tests/qapi-schema/string-control.exit
@@ -0,0 +1 @@
+1
diff --git a/tests/qapi-schema/string-control.out
b/tests/qapi-schema/string-control.out
new file mode 100644
index 0000000000..e69de29bb2
--
2.21.0
