Skip to content

Commit

Permalink
Cleaned up the parser algorithm and added explicit support for -> in …
Browse files Browse the repository at this point in the history 
…f-string code injection without escaping.
  • Loading branch information
@mkruselj
Nabeel Ansari authored and mkruselj committed Aug 13, 2024
1 parent b73d32c commit bc4284c
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions compiler/ksp_compiler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -366,6 +366,7 @@ def process_f_string(line):
in_string = False
in_f_string = False
f_connect = False
hyphen_connect = False
escaping = False

all_args = []
Expand All @@ -375,38 +376,37 @@ def process_f_string(line):

for i, c in enumerate(line):
if record_arg == True:
if c == '>' and not escaping:
if c == '>' and not escaping and not hyphen_connect:
record_arg = False
escaping = False
all_args.append(arg_content)
arg_content = ''
continue
else:
arg_content += c

if c == 'f' and not in_string:
escaping = False
f_connect = True
elif in_string and c == '\\':
escaping = True
f_connect = False
elif in_string and c == '-':
hyphen_connect = True
elif c == "'" and not escaping:
in_string = not in_string
in_f_string = f_connect and in_string

if in_f_string:
f_spots.append(i - 1)

escaping = False
f_connect = False
elif in_f_string and not escaping:
if c == '<':
record_arg = True
escaping = False

if c != 'f':
f_connect = False
else:
if c != '-':
hyphen_connect = False
if c != '\\':
escaping = False
f_connect = False

new_line = line
deleted = 0
Expand All @@ -416,7 +416,7 @@ def process_f_string(line):
deleted += 1

for a in all_args:
new_line = new_line.replace("<{}>".format(a), "\' & {} & \'".format(a.replace('\\>', '>').replace(('\\<', '<'))))
new_line = new_line.replace("<{}>".format(a), "\' & {} & \'".format(a.replace('\\>', '>').replace('\\<', '<')))

return new_line

Expand Down

0 comments on commit bc4284c

Please sign in to comment.