Merge pull request #769 from phadej/issue-515

Fix #515. Don't accept unescaped control characters

Author: bergmark

CONTRIBUTING.md

@@ -87,7 +87,7 @@ Of course before submitting a PR, the following steps are recommended:
 
 A ghci development experience would be:
 
-1. `cabal new-repl test:tests`
+1. `cabal new-repl aeson-tests`
 2. `:r` to recompile
 3. `Main.main`  to run all tests, or `:m Main; :main --pattern Foo` to run specific tests matched by pattern.
 

Data/Aeson/Parser/Internal.hs

@@ -55,7 +55,6 @@ import Data.Aeson.Types.Internal (IResult(..), JSONPath, Object, Result(..), Val
 import Data.Attoparsec.ByteString.Char8 (Parser, char, decimal, endOfInput, isDigit_w8, signed, string)
 import Data.Function (fix)
 import Data.Functor.Compat (($>))
-import Data.Bits (testBit)
 import Data.Scientific (Scientific)
 import Data.Text (Text)
 import qualified Data.Text.Encoding as TE
@@ -320,13 +319,16 @@ jstring = A.word8 DOUBLE_QUOTE *> jstring_
 jstring_ :: Parser Text
 {-# INLINE jstring_ #-}
 jstring_ = do
-  s <- A.takeWhile (\w -> w /= DOUBLE_QUOTE && w /= BACKSLASH && not (testBit w 7))
+  -- not sure whether >= or bit hackery is faster
+  -- perfectly, we shouldn't care, it's compiler job.
+  s <- A.takeWhile (\w -> w /= DOUBLE_QUOTE && w /= BACKSLASH && w >= 0x20 && w < 0x80)
   let txt = TE.decodeUtf8 s
-  w <- A.peekWord8
-  case w of
-    Nothing -> fail "string without end"
+  mw <- A.peekWord8
+  case mw of
+    Nothing           -> fail "string without end"
     Just DOUBLE_QUOTE -> A.anyWord8 $> txt
-    _ -> jstringSlow s
+    Just w | w < 0x20 -> fail "unescaped control character"
+    _                 -> jstringSlow s
 
 jstringSlow :: B.ByteString -> Parser Text
 {-# INLINE jstringSlow #-}

aeson.cabal

@@ -175,7 +175,7 @@ library
     hs-source-dirs: ffi
     other-modules: Data.Aeson.Parser.UnescapeFFI
 
-test-suite tests
+test-suite aeson-tests
   default-language: Haskell2010
   type: exitcode-stdio-1.0
   hs-source-dirs: tests ffi pure

tests/UnitTests.hs

@@ -505,9 +505,6 @@ _blacklist = HashSet.fromList [
   , "i_string_not_in_unicode_range.json"
   , "i_string_truncated-utf-8.json"
   , "i_structure_UTF-8_BOM_empty_object.json"
-  , "n_string_unescaped_crtl_char.json"
-  , "n_string_unescaped_newline.json"
-  , "n_string_unescaped_tab.json"
   , "string_1_escaped_invalid_codepoint.json"
   , "string_1_invalid_codepoint.json"
   , "string_1_invalid_codepoints.json"