diff options
author | David Robillard <d@drobilla.net> | 2020-08-15 11:58:54 +0200 |
---|---|---|
committer | David Robillard <d@drobilla.net> | 2020-08-15 22:52:03 +0200 |
commit | 92c783d6a5c80af365434c28d9c4717e7e31a1e0 (patch) | |
tree | 8329ec4227f0e78c774cc34ab1f4eb2c5b840844 | |
parent | a23f71a0854a8e6e42fe3b2890ef2ab0ebc15aaf (diff) | |
download | serd-92c783d6a5c80af365434c28d9c4717e7e31a1e0.tar.gz serd-92c783d6a5c80af365434c28d9c4717e7e31a1e0.tar.bz2 serd-92c783d6a5c80af365434c28d9c4717e7e31a1e0.zip |
Harden prefixed name parsing
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | src/n3.c | 48 | ||||
-rw-r--r-- | tests/bad/bad-pn-escape.ttl | 2 | ||||
-rw-r--r-- | tests/bad/manifest.ttl | 6 |
4 files changed, 49 insertions, 10 deletions
@@ -1,8 +1,9 @@ serd (0.30.5) unstable; * Fix various minor warnings and other code quality issues + * Parse prefixed names more strictly - -- David Robillard <d@drobilla.net> Sun, 21 Jun 2020 16:05:27 +0000 + -- David Robillard <d@drobilla.net> Sat, 15 Aug 2020 09:58:54 +0000 serd (0.30.4) stable; @@ -497,9 +497,46 @@ read_PERCENT(SerdReader* reader, Ref dest) } static SerdStatus +read_PN_LOCAL_ESC(SerdReader* reader, Ref dest) +{ + eat_byte_safe(reader, '\\'); + + const int c = peek_byte(reader); + switch (c) { + case '!': + case '#': + case '$': + case '%': + case '&': + case '\'': + case '(': + case ')': + case '*': + case '+': + case ',': + case '-': + case '.': + case '/': + case ';': + case '=': + case '?': + case '@': + case '_': + case '~': + push_byte(reader, dest, eat_byte_safe(reader, c)); + break; + default: + r_err(reader, SERD_ERR_BAD_SYNTAX, "invalid escape\n"); + return SERD_ERR_BAD_SYNTAX; + } + + return SERD_SUCCESS; +} + +static SerdStatus read_PLX(SerdReader* reader, Ref dest) { - int c = peek_byte(reader); + const int c = peek_byte(reader); switch (c) { case '%': if (!read_PERCENT(reader, dest)) { @@ -507,14 +544,7 @@ read_PLX(SerdReader* reader, Ref dest) } return SERD_SUCCESS; case '\\': - eat_byte_safe(reader, c); - if (is_alpha(c = peek_byte(reader))) { - // Escapes like \u \n etc. are not supported - return SERD_ERR_BAD_SYNTAX; - } - // Allow escaping of pretty much any other character - push_byte(reader, dest, eat_byte_safe(reader, c)); - return SERD_SUCCESS; + return read_PN_LOCAL_ESC(reader, dest); default: return SERD_FAILURE; } diff --git a/tests/bad/bad-pn-escape.ttl b/tests/bad/bad-pn-escape.ttl new file mode 100644 index 00000000..2b363e89 --- /dev/null +++ b/tests/bad/bad-pn-escape.ttl @@ -0,0 +1,2 @@ +@prefix : <http://example.org/> . +:s :p :\a diff --git a/tests/bad/manifest.ttl b/tests/bad/manifest.ttl index d294f120..57fb02f7 100644 --- a/tests/bad/manifest.ttl +++ b/tests/bad/manifest.ttl @@ -62,6 +62,7 @@ <#bad-num> <#bad-object2> <#bad-object> + <#bad-pn-escape> <#bad-prefix> <#bad-semicolon-after-subject> <#bad-string> @@ -351,6 +352,11 @@ mf:name "bad-object" ; mf:action <bad-object.ttl> . +<#bad-pn-escape> + rdf:type rdft:TestTurtleNegativeSyntax ; + mf:name "bad-pn-escape" ; + mf:action <bad-pn-escape.ttl> . + <#bad-prefix> rdf:type rdft:TestTurtleNegativeSyntax ; mf:name "bad-prefix" ; |