Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

[3.13] gh-125660: Reject invalid unicode escapes for Python implementation of JSON decoder (GH-125683) (GH-125694) 

(cherry picked from commit df751363e3)

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
This commit is contained in:
Miss Islington (bot) 2024-10-21 15:07:56 +02:00 committed by GitHub
parent 6715afe349
commit d9dafc790d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Lib/json/decoder.py
View File

@ -50,17 +50,18 @@ _CONSTANTS = {
} }
HEXDIGITS = re.compile(r'[0-9A-Fa-f]{4}', FLAGS)
STRINGCHUNK = re.compile(r'(.*?)(["\\\x00-\x1f])', FLAGS) STRINGCHUNK = re.compile(r'(.*?)(["\\\x00-\x1f])', FLAGS)
BACKSLASH = { BACKSLASH = {
'"': '"', '\\': '\\', '/': '/', '"': '"', '\\': '\\', '/': '/',
'b': '\b', 'f': '\f', 'n': '\n', 'r': '\r', 't': '\t', 'b': '\b', 'f': '\f', 'n': '\n', 'r': '\r', 't': '\t',
} }
def _decode_uXXXX(s, pos): def _decode_uXXXX(s, pos, _m=HEXDIGITS.match):
esc = s[pos + 1:pos + 5] esc = _m(s, pos + 1)
if len(esc) == 4 and esc[1] not in 'xX': if esc is not None:
try: try:
return int(esc, 16) return int(esc.group(), 16)
except ValueError: except ValueError:
pass pass
msg = "Invalid \\uXXXX escape" msg = "Invalid \\uXXXX escape"

10
Lib/test/test_json/test_scanstring.py
View File

@ -116,6 +116,11 @@ class TestScanstring:
'"\\u012z"', '"\\u012z"',
'"\\u0x12"', '"\\u0x12"',
'"\\u0X12"', '"\\u0X12"',
'"\\u{0}"'.format("\uff10" * 4),
'"\\u 123"',
'"\\u-123"',
'"\\u+123"',
'"\\u1_23"',
'"\\ud834\\"', '"\\ud834\\"',
'"\\ud834\\u"', '"\\ud834\\u"',
'"\\ud834\\ud"', '"\\ud834\\ud"',
@ -127,6 +132,11 @@ class TestScanstring:
'"\\ud834\\udd2z"', '"\\ud834\\udd2z"',
'"\\ud834\\u0x20"', '"\\ud834\\u0x20"',
'"\\ud834\\u0X20"', '"\\ud834\\u0X20"',
'"\\ud834\\u{0}"'.format("\uff10" * 4),
'"\\ud834\\u 123"',
'"\\ud834\\u-123"',
'"\\ud834\\u+123"',
'"\\ud834\\u1_23"',
] ]
for s in bad_escapes: for s in bad_escapes:
with self.assertRaises(self.JSONDecodeError, msg=s): with self.assertRaises(self.JSONDecodeError, msg=s):

1
Misc/NEWS.d/next/Library/2024-10-18-08-58-10.gh-issue-125660.sDdDqO.rst Normal file
View File

@ -0,0 +1 @@
Reject invalid unicode escapes for Python implementation of :func:`json.loads`.