[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable AS
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII |
|
Date: |
Fri, 13 Sep 2019 16:28:10 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Eric Blake <address@hidden> writes:
> On 9/10/19 1:37 AM, Markus Armbruster wrote:
>> RFC 8259 on string contents:
>>
>> All Unicode characters may be placed within the quotation marks,
>> except for the characters that MUST be escaped: quotation mark,
>> reverse solidus, and the control characters (U+0000 through
>> U+001F).
>>
>> The QAPI schema parser accepts both less and more than JSON: it
>> accepts only ASCII with \u (less), and accepts control characters
>> other than LF (new line) unescaped. How it treats unescaped non-ASCII
>> input differs between Python 2 and Python 3.
>>
>> Make it accept strictly less: require printable ASCII. Drop support
>> for \b, \f, \n, \r, \t.
>
> Fair enough. It doesn't prevent QMP clients from sending strings with
> non-ASCII characters, merely that those strings will never match the
> schema because we have guaranteed our schema is limited to ASCII. (This
Note that this only affects QMP commands, events, parameter and enum
value names, *not* non-enum string arguments.
> change means we are promising to never allow { "execute": "a\tb" } as a
> valid QMP command, for instance.)
We're not actually promising anything. We're merely making it slightly
harder to do: need to revert this patch first. Feels quite unlikely,
though.
>> Signed-off-by: Markus Armbruster <address@hidden>
>> ---
>
>> @@ -523,17 +523,7 @@ class QAPISchemaParser(object):
>> if ch == '\n':
>> raise QAPIParseError(self, 'Missing terminating
>> "\'"')
>> if esc:
>> - if ch == 'b':
>> - string += '\b'
>> - elif ch == 'f':
>> - string += '\f'
>> - elif ch == 'n':
>> - string += '\n'
>
> Is it worth a comment in the code that we are specifically not parsing
> all possible JSON escapes, because of the later requirement that QAPI
> strings be limited to the subset of printable ASCII?
Can't hurt.
> Reviewed-by: Eric Blake <address@hidden>
Thanks!
- Re: [Qemu-devel] [PATCH v2 01/16] scripts/git.orderfile: Match QAPI schema more precisely, (continued)
- [Qemu-devel] [PATCH v2 04/16] docs/devel/qapi-code-gen: Minor specification fixes, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 11/16] qapi: Adjust frontend errors to say enum value, not member, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 10/16] qapi: Permit omitting all flat union branches, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 06/16] qapi: Restrict strings to printable ASCII, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 09/16] qapi: Permit alternates with just one branch, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 12/16] docs/devel/qapi-code-gen: Reorder sections for readability, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 16/16] qapi: Tweak code to match docs/devel/qapi-code-gen.txt, Markus Armbruster, 2019/09/10
- [Qemu-devel] [PATCH v2 07/16] qapi: Drop support for escape sequences other than \\, Markus Armbruster, 2019/09/10