Merge pull request #152 from bastelfreak/test_for_invalid_escape

Fail on escape sequences in metadata.json
voxpupuli · Jan 24, 2025 · d0c1cd5 · d0c1cd5
2 parents 76a9a59 + f0b04de
commit d0c1cd5
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 0 deletions.
diff --git a/lib/metadata_json_lint.rb b/lib/metadata_json_lint.rb
@@ -8,6 +8,9 @@
 
 module MetadataJsonLint
   MIN_PUPPET_VER = '4.10.0'.freeze
+  # Regex looks for:
+  # 1. Invalid escape sequences (\x or incomplete \u)
+  INVALID_ESCAPE_REGEX = %r{\\[^"/bfnrtu]|\\u(?![0-9a-fA-F]{4})}.freeze
 
   def options
     @options ||= Struct.new(
@@ -69,6 +72,11 @@ def run
   end
   module_function :run
 
+  def contains_invalid_escape?(content)
+    content.match?(INVALID_ESCAPE_REGEX)
+  end
+  module_function :contains_invalid_escape?
+
   def parse(metadata)
     @errors = []
     @warnings = []
@@ -83,6 +91,8 @@ def parse(metadata)
       abort("Error: Unable to read metadata file: #{e.exception}")
     end
 
+    abort('Error: Unable to parse metadata.json: Invalid escape character in string') if contains_invalid_escape?(f)
+
     begin
       parsed = JSON.parse(f)
     rescue Exception => e

diff --git a/tests/invalid_escape_char/Rakefile b/tests/invalid_escape_char/Rakefile
@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift(File.expand_path('../../lib', __dir__))
+require 'metadata-json-lint/rake_task'
diff --git a/tests/invalid_escape_char/expected b/tests/invalid_escape_char/expected
@@ -0,0 +1 @@
+Error: Unable to parse metadata.json: Invalid escape character in string
diff --git a/tests/invalid_escape_char/metadata.json b/tests/invalid_escape_char/metadata.json
@@ -0,0 +1,16 @@
+{
+  "name": "puppetlabs-postgresql",
+  "version": "3.4.1",
+  "author": "Inkling/Puppet Labs",
+  "summary": "A description with an invalid \( escape sequence",
+  "license": "Apache-2.0",
+  "source": "git://github.com/puppetlabs/puppet-postgresql.git",
+  "project_page": "https://github.com/puppetlabs/puppet-postgresql",
+  "issues_url": "https://github.com/puppetlabs/puppet-postgresql/issues",
+  "operatingsystem_support": [
+  ],
+  "requirements": [
+  ],
+  "dependencies": [
+  ]
+}
diff --git a/tests/test.sh b/tests/test.sh
@@ -103,6 +103,9 @@ test "bad_license" $SUCCESS --no-strict-license
 # Run with --no-fail-on-warnings, expect SUCCESS
 test "bad_license" $SUCCESS --no-fail-on-warnings
 
+# Run a broken one, expect FAILURE
+test "invalid_escape_char" $FAILURE
+
 # Run a broken one, expect FAILURE
 test "long_summary" $FAILURE
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		$LOAD_PATH.unshift(File.expand_path('../../lib', __dir__))
		require 'metadata-json-lint/rake_task'
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Error: Unable to parse metadata.json: Invalid escape character in string