apache
diff --git a/‎plugins/xdebug/CMakeLists.txt‎
Lines changed: 2 additions & 2 deletions b/‎plugins/xdebug/CMakeLists.txt‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎plugins/xdebug/unit_tests/test_xdebug_utils.cc‎
Lines changed: 130 additions & 0 deletions b/‎plugins/xdebug/unit_tests/test_xdebug_utils.cc‎
Lines changed: 130 additions & 0 deletions
diff --git a/‎plugins/xdebug/xdebug_escape.cc‎
Lines changed: 102 additions & 0 deletions b/‎plugins/xdebug/xdebug_escape.cc‎
Lines changed: 102 additions & 0 deletions
diff --git a/‎plugins/xdebug/xdebug_escape.h‎
Lines changed: 78 additions & 0 deletions b/‎plugins/xdebug/xdebug_escape.h‎
Lines changed: 78 additions & 0 deletions
@@ -15,12 +15,12 @@
 #
 #######################
 
-add_atsplugin(xdebug xdebug.cc xdebug_headers.cc xdebug_transforms.cc xdebug_utils.cc)
+add_atsplugin(xdebug xdebug.cc xdebug_headers.cc xdebug_transforms.cc xdebug_utils.cc xdebug_escape.cc)
 target_link_libraries(xdebug PRIVATE libswoc::libswoc)
 verify_global_plugin(xdebug)
 
 if(BUILD_TESTING)
-  add_executable(test_xdebug unit_tests/test_xdebug_utils.cc xdebug_utils.cc)
+  add_executable(test_xdebug unit_tests/test_xdebug_utils.cc xdebug_utils.cc xdebug_escape.cc)
   target_include_directories(test_xdebug PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}")
   target_link_libraries(test_xdebug PRIVATE Catch2::Catch2WithMain libswoc::libswoc)
   add_catch2_test(NAME test_xdebug COMMAND test_xdebug)
 
@@ -21,7 +21,12 @@
 
 #include "xdebug_utils.h"
 #include "xdebug_types.h"
+#include "xdebug_escape.h"
 #include <catch2/catch_test_macros.hpp>
+#include <catch2/generators/catch_generators.hpp>
+#include <catch2/generators/catch_generators_range.hpp>
+#include <sstream>
+#include <vector>
 
 TEST_CASE("xdebug::parse_probe_full_json_field_value basic functionality", "[xdebug][utils]")
 {
@@ -193,3 +198,128 @@ TEST_CASE("xdebug::is_textual_content_type functionality", "[xdebug][utils]")
     REQUIRE(xdebug::is_textual_content_type("has-xml-in-name"));
   }
 }
+
+// Helper function to process a string through EscapeCharForJson.
+static std::string
+escape_string(std::string_view input, bool full_json)
+{
+  xdebug::EscapeCharForJson escaper(full_json);
+  std::stringstream         ss;
+  for (char c : input) {
+    ss << escaper(c);
+  }
+  return ss.str();
+}
+
+struct EscapeTestCase {
+  std::string description;
+  bool        full_json;
+  std::string input;
+  std::string expected;
+};
+
+TEST_CASE("xdebug::EscapeCharForJson escaping", "[xdebug][headers]")
+{
+  // clang-format off
+  static std::vector<EscapeTestCase> const tests = {
+    // Single quotes are NOT escaped in either mode.
+    {"full JSON: single quotes are not escaped",
+         xdebug::FULL_JSON,
+         R"('self')",
+         R"('self')"},
+
+    {"full JSON: CSP header with multiple single-quoted directives",
+         xdebug::FULL_JSON,
+         R"(child-src blob: 'self'; connect-src 'self' 'unsafe-inline')",
+         R"(child-src blob: 'self'; connect-src 'self' 'unsafe-inline')"},
+
+    {"legacy: single quotes are not escaped",
+         !xdebug::FULL_JSON,
+         R"('self')",
+         R"('self')"},
+
+    {"legacy: CSP header with multiple single-quoted directives",
+         !xdebug::FULL_JSON,
+         R"(child-src blob: 'self'; connect-src 'self' 'unsafe-inline')",
+         R"(child-src blob: 'self'; connect-src 'self' 'unsafe-inline')"},
+
+    // Common escapes work the same in both modes.
+    {"full JSON: double quotes are escaped",
+         xdebug::FULL_JSON,
+         R"(say "hello")",
+         R"(say \"hello\")"},
+
+    {"legacy: double quotes are escaped",
+         !xdebug::FULL_JSON,
+         R"(say "hello")",
+         R"(say \"hello\")"},
+
+    {"full JSON: backslashes are escaped",
+         xdebug::FULL_JSON,
+         R"(path\to\file)",
+         R"(path\\to\\file)"},
+
+    {"legacy: backslashes are escaped",
+         !xdebug::FULL_JSON,
+         R"(path\to\file)",
+         R"(path\\to\\file)"},
+
+    {"full JSON: tab characters are escaped",
+         xdebug::FULL_JSON,
+         "line1\tline2",
+         R"(line1\tline2)"},
+
+    {"full JSON: backspace characters are escaped",
+         xdebug::FULL_JSON,
+         "a\bb",
+         R"(a\bb)"},
+
+    {"full JSON: form feed characters are escaped",
+         xdebug::FULL_JSON,
+         "a\fb",
+         R"(a\fb)"},
+
+    {"full JSON: plain text passes through unchanged",
+         xdebug::FULL_JSON,
+         R"(hello world)",
+         R"(hello world)"},
+
+    {"legacy: plain text passes through unchanged",
+         !xdebug::FULL_JSON,
+         R"(hello world)",
+         R"(hello world)"},
+  };
+  // clang-format on
+
+  auto const &test = GENERATE_REF(from_range(tests));
+  CAPTURE(test.description, test.full_json, test.input, test.expected);
+
+  std::string result = escape_string(test.input, test.full_json);
+  REQUIRE(result == test.expected);
+}
+
+TEST_CASE("xdebug::EscapeCharForJson backup calculation", "[xdebug][headers]")
+{
+  struct BackupTestCase {
+    std::string description;
+    bool        full_json;
+    std::size_t expected_backup;
+  };
+
+  // clang-format off
+  static std::vector<BackupTestCase> const tests = {
+    {R"(full JSON uses "," separator (backup = 2))",
+         xdebug::FULL_JSON,
+         2},
+
+    {R"(legacy uses "',\n\t'" separator (backup = 4))",
+         !xdebug::FULL_JSON,
+         4},
+  };
+  // clang-format on
+
+  auto const &test = GENERATE_REF(from_range(tests));
+  CAPTURE(test.description, test.full_json, test.expected_backup);
+
+  REQUIRE(xdebug::EscapeCharForJson::backup(test.full_json) == test.expected_backup);
+}
@@ -0,0 +1,102 @@
+/** @file
+ *
+ * XDebug plugin JSON escaping implementation.
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include "xdebug_escape.h"
+
+namespace xdebug
+{
+
+std::string_view
+EscapeCharForJson::operator()(char const &c)
+{
+  if ((_state != IN_VALUE) && ((' ' == c) || ('\t' == c))) {
+    return {""};
+  }
+  if ((IN_NAME == _state) && (':' == c)) {
+    _state = BEFORE_VALUE;
+    if (_full_json) {
+      return {R"(":")"};
+    } else {
+      return {"' : '"};
+    }
+  }
+  if ('\r' == c) {
+    return {""};
+  }
+  if ('\n' == c) {
+    std::string_view result{_after_value(_full_json)};
+
+    if (BEFORE_NAME == _state) {
+      return {""};
+    } else if (BEFORE_VALUE == _state) {
+      result = _handle_empty_value(_full_json);
+    }
+    _state = BEFORE_NAME;
+    return result;
+  }
+  if (BEFORE_NAME == _state) {
+    _state = IN_NAME;
+  } else if (BEFORE_VALUE == _state) {
+    _state = IN_VALUE;
+  }
+  switch (c) {
+  case '"':
+    return {"\\\""};
+  case '\\':
+    return {"\\\\"};
+  case '\b':
+    return {"\\b"};
+  case '\f':
+    return {"\\f"};
+  case '\t':
+    return {"\\t"};
+  default:
+    return {&c, 1};
+  }
+}
+
+std::size_t
+EscapeCharForJson::backup(bool full_json)
+{
+  return _after_value(full_json).size() - 1;
+}
+
+std::string_view
+EscapeCharForJson::_after_value(bool full_json)
+{
+  if (full_json) {
+    return {R"(",")"};
+  } else {
+    return {"',\n\t'"};
+  }
+}
+
+std::string_view
+EscapeCharForJson::_handle_empty_value(bool full_json)
+{
+  if (full_json) {
+    return {R"(",")"};
+  } else {
+    return {"',\n\t'"};
+  }
+}
+
+} // namespace xdebug
@@ -0,0 +1,78 @@
+/** @file
+ *
+ * XDebug plugin JSON escaping functionality.
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#pragma once
+
+#include <string_view>
+
+namespace xdebug
+{
+
+/**
+ * Whether to print the headers for the "probe-full-json" format.
+ */
+static constexpr bool FULL_JSON = true;
+
+/** Functor to escape characters for JSON or legacy probe output.
+ *
+ * This class is used to process HTTP header content character by character,
+ * handling the state transitions between header name and value, and escaping
+ * characters appropriately for the output format.
+ *
+ */
+class EscapeCharForJson
+{
+public:
+  /** Construct an EscapeCharForJson functor.
+   *
+   * @param full_json If true, produce valid JSON output. If false, produce
+   * the legacy probe format which uses single-quoted strings.
+   */
+  EscapeCharForJson(bool full_json) : _full_json(full_json) {}
+
+  /** Process a single character and return the escaped output.
+   *
+   * @param c The character to process.
+   * @return The escaped string view for this character.
+   */
+  std::string_view operator()(char const &c);
+
+  /** Get the number of characters to back up after processing all headers.
+   *
+   * After the last header line, the output will have a trailing separator
+   * that needs to be removed. This returns how many characters to back up.
+   *
+   * @param full_json Whether full JSON format is being used.
+   * @return The number of characters to back up.
+   */
+  static std::size_t backup(bool full_json);
+
+private:
+  static std::string_view _after_value(bool full_json);
+  static std::string_view _handle_empty_value(bool full_json);
+
+  enum _State { BEFORE_NAME, IN_NAME, BEFORE_VALUE, IN_VALUE };
+
+  _State _state{BEFORE_VALUE};
+  bool   _full_json = false;
+};
+
+} // namespace xdebug