[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable AS
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII |
Date: |
Tue, 10 Sep 2019 10:22:32 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
On 9/10/19 1:37 AM, Markus Armbruster wrote:
> RFC 8259 on string contents:
>
> All Unicode characters may be placed within the quotation marks,
> except for the characters that MUST be escaped: quotation mark,
> reverse solidus, and the control characters (U+0000 through
> U+001F).
>
> The QAPI schema parser accepts both less and more than JSON: it
> accepts only ASCII with \u (less), and accepts control characters
> other than LF (new line) unescaped. How it treats unescaped non-ASCII
> input differs between Python 2 and Python 3.
>
> Make it accept strictly less: require printable ASCII. Drop support
> for \b, \f, \n, \r, \t.
Fair enough. It doesn't prevent QMP clients from sending strings with
non-ASCII characters, merely that those strings will never match the
schema because we have guaranteed our schema is limited to ASCII. (This
change means we are promising to never allow { "execute": "a\tb" } as a
valid QMP command, for instance.)
>
> Signed-off-by: Markus Armbruster <address@hidden>
> ---
> @@ -523,17 +523,7 @@ class QAPISchemaParser(object):
> if ch == '\n':
> raise QAPIParseError(self, 'Missing terminating
> "\'"')
> if esc:
> - if ch == 'b':
> - string += '\b'
> - elif ch == 'f':
> - string += '\f'
> - elif ch == 'n':
> - string += '\n'
Is it worth a comment in the code that we are specifically not parsing
all possible JSON escapes, because of the later requirement that QAPI
strings be limited to the subset of printable ASCII?
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [PATCH v2 01/16] scripts/git.orderfile: Match QAPI schema more precisely, (continued)
- [Qemu-devel] [PATCH v2 04/16] docs/devel/qapi-code-gen: Minor specification fixes, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 11/16] qapi: Adjust frontend errors to say enum value, not member, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 10/16] qapi: Permit omitting all flat union branches, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII, Markus Armbruster, 2019/09/10
- Re: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII,
Eric Blake <=
- [Qemu-devel] [PATCH v2 09/16] qapi: Permit alternates with just one branch, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 12/16] docs/devel/qapi-code-gen: Reorder sections for readability, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 16/16] qapi: Tweak code to match docs/devel/qapi-code-gen.txt, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 07/16] qapi: Drop support for escape sequences other than \\, Markus Armbruster, 2019/09/10