Handle special characters in Json and Yaml writers (#104)

* Escape control characters and special characters in Json and Yaml writers.

* Add unit tests for special characters handling in Json and Yaml writers

Author: PerthCharern

src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj

@@ -6,7 +6,7 @@
     <Company>Microsoft</Company>
     <Product>Microsoft.OpenApi.Readers</Product>
     <PackageId>Microsoft.OpenApi.Readers</PackageId>
-    <Version>1.0.0-beta005</Version>
+    <Version>1.0.0-beta006</Version>
     <Description>OpenAPI.NET Readers for JSON and YAML documents</Description>
     <AssemblyName>Microsoft.OpenApi.Readers</AssemblyName>
     <RootNamespace>Microsoft.OpenApi.Readers</RootNamespace>

src/Microsoft.OpenApi/Microsoft.OpenApi.csproj

@@ -6,7 +6,7 @@
     <Company>Microsoft</Company>
     <Product>Microsoft.OpenApi</Product>
     <PackageId>Microsoft.OpenApi</PackageId>
-    <Version>1.0.0-beta005</Version>
+    <Version>1.0.0-beta006</Version>
     <Description>.NET models and JSON/YAML writers for OpenAPI specification</Description>
     <AssemblyName>Microsoft.OpenApi</AssemblyName>
     <RootNamespace>Microsoft.OpenApi</RootNamespace>

src/Microsoft.OpenApi/Writers/OpenApiJsonWriter.cs

@@ -32,7 +32,7 @@ public OpenApiJsonWriter(TextWriter textWriter, OpenApiSerializerSettings settin
         }
 
         /// <summary>
-        /// Base Indentation Level. 
+        /// Base Indentation Level.
         /// This denotes how many indentations are needed for the property in the base object.
         /// </summary>
         protected override int BaseIndentation => 1;
@@ -150,12 +150,13 @@ public override void WritePropertyName(string name)
             Writer.WriteLine();
 
             currentScope.ObjectCount++;
-            
+
             WriteIndentation();
 
-            Writer.Write(WriterConstants.QuoteCharacter);
+            name = name.GetJsonCompatibleString();
+
             Writer.Write(name);
-            Writer.Write(WriterConstants.QuoteCharacter);
+
             Writer.Write(WriterConstants.NameValueSeparator);
         }
 
@@ -167,11 +168,9 @@ public override void WriteValue(string value)
         {
             WriteValueSeparator();
 
-            value = value.Replace("\n", "\\n");
-
-            Writer.Write(WriterConstants.QuoteCharacter);
+            value = value.GetJsonCompatibleString();
+                
             Writer.Write(value);
-            Writer.Write(WriterConstants.QuoteCharacter);
         }
 
         /// <summary>

src/Microsoft.OpenApi/Writers/OpenApiYamlWriter.cs

@@ -4,6 +4,7 @@
 // ------------------------------------------------------------
 
 using System.IO;
+using System.Linq;
 
 namespace Microsoft.OpenApi.Writers
 {
@@ -30,9 +31,9 @@ public OpenApiYamlWriter(TextWriter textWriter, OpenApiSerializerSettings settin
             : base(textWriter, settings)
         {
         }
-        
+
         /// <summary>
-        /// Base Indentation Level. 
+        /// Base Indentation Level.
         /// This denotes how many indentations are needed for the property in the base object.
         /// </summary>
         protected override int BaseIndentation => 0;
@@ -147,12 +148,14 @@ public override void WritePropertyName(string name)
             // Only add newline and indentation when this object is not in the top level scope and not in an array.
             // The top level scope should have no indentation and it is already in its own line.
             // The first property of an object inside array can go after the array prefix (-) directly.
-            else if (! IsTopLevelScope() && !currentScope.IsInArray )
+            else if (!IsTopLevelScope() && !currentScope.IsInArray)
             {
                 Writer.WriteLine();
                 WriteIndentation();
             }
 
+            name = name.GetYamlCompatibleString();
+
             Writer.Write(name);
             Writer.Write(":");
 
@@ -167,32 +170,7 @@ public override void WriteValue(string value)
         {
             WriteValueSeparator();
 
-            value = value.Replace("\n", "\\n");
-
-            // If string is an empty string, wrap it in quote to ensure it is not recognized as null.
-            if (value == "")
-            {
-                value = "''";
-            }
-
-            // If string is the word null, wrap it in quote to ensure it is not recognized as empty scalar null.
-            if (value == "null")
-            {
-                value = "'null'";
-            }
-
-            // If string includes special character, wrap it in quote to avoid conflicts.
-            if (value.StartsWith("#"))
-            {
-                value = $"'{value}'";
-            }
-
-            // If string can be mistaken as a number or a boolean, wrap it in quote to indicate that this is
-            // indeed a string, not a number of a boolean.
-            if (decimal.TryParse(value, out var _) || bool.TryParse(value, out var _))
-            {
-                value = $"'{value}'";
-            }
+            value = value.GetYamlCompatibleString();
 
             Writer.Write(value);
         }

src/Microsoft.OpenApi/Writers/SpecialCharacterStringExtensions.cs

@@ -0,0 +1,216 @@
+// ------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//  Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
+// ------------------------------------------------------------
+
+using System;
+using System.Linq;
+
+namespace Microsoft.OpenApi.Writers
+{
+    /// <summary>
+    /// Extensions class for strings to handle special characters.
+    /// </summary>
+    public static class SpecialCharacterStringExtensions
+    {
+        // Plain style strings cannot start with indicators. 
+        // http://www.yaml.org/spec/1.2/spec.html#indicator//
+        private static readonly char[] _yamlIndicators =
+        {
+            '-',
+            '?',
+            ':',
+            ',',
+            '{',
+            '}',
+            '[',
+            ']',
+            '&',
+            '*',
+            '#',
+            '?',
+            '|',
+            '-',
+            '>',
+            '!',
+            '%',
+            '@',
+            '`',
+            '\'',
+            '"',
+        };
+
+        // Plain style strings cannot contain these character combinations.
+        // http://www.yaml.org/spec/1.2/spec.html#style/flow/plain
+        private static readonly string[] _yamlPlainStringForbiddenCombinations =
+        {
+            ": ",
+            " #",
+
+            // These are technically forbidden only inside flow collections, but
+            // for the sake of simplicity, we will never allow them in our generated plain string.
+            "[",
+            "]",
+            "{",
+            "}",
+            ","
+        };
+
+        // Double-quoted strings are needed for these non-printable control characters.
+        // http://www.yaml.org/spec/1.2/spec.html#style/flow/double-quoted
+        private static readonly char[] _yamlControlCharacters =
+        {
+            '\0',
+            '\x01',
+            '\x02',
+            '\x03',
+            '\x04',
+            '\x05',
+            '\x06',
+            '\a',
+            '\b',
+            '\t',
+            '\n',
+            '\v',
+            '\f',
+            '\r',
+            '\x0e',
+            '\x0f',
+            '\x10',
+            '\x11',
+            '\x12',
+            '\x13',
+            '\x14',
+            '\x15',
+            '\x16',
+            '\x17',
+            '\x18',
+            '\x19',
+            '\x1a',
+            '\x1b',
+            '\x1c',
+            '\x1d',
+            '\x1e',
+            '\x1f'
+        };
+
+        /// <summary>
+        /// Escapes all special characters and put the string in quotes if necessary to
+        /// get a YAML-compatible string.
+        /// </summary>
+        internal static string GetYamlCompatibleString(this string input)
+        {
+            // If string is an empty string, wrap it in quote to ensure it is not recognized as null.
+            if (input == "")
+            {
+                return "''";
+            }
+
+            // If string is the word null, wrap it in quote to ensure it is not recognized as empty scalar null.
+            if (input == "null")
+            {
+                return "'null'";
+            }
+
+            // If string is the letter ~, wrap it in quote to ensure it is not recognized as empty scalar null.
+            if (input == "~")
+            {
+                return "'~'";
+            }
+
+            // If string includes a control character, wrapping in double quote is required.
+            if (input.Any(c => _yamlControlCharacters.Contains(c)))
+            {
+                // Replace the backslash first, so that the new backslashes created by other Replaces are not duplicated.
+                input = input.Replace("\\", "\\\\");
+
+                // Escape the double quotes.
+                input = input.Replace("\"", "\\\"");
+
+                // Escape all the control characters.
+                input = input.Replace("\0", "\\0");
+                input = input.Replace("\x01", "\\x01");
+                input = input.Replace("\x02", "\\x02");
+                input = input.Replace("\x03", "\\x03");
+                input = input.Replace("\x04", "\\x04");
+                input = input.Replace("\x05", "\\x05");
+                input = input.Replace("\x06", "\\x06");
+                input = input.Replace("\a", "\\a");
+                input = input.Replace("\b", "\\b");
+                input = input.Replace("\t", "\\t");
+                input = input.Replace("\n", "\\n");
+                input = input.Replace("\v", "\\v");
+                input = input.Replace("\f", "\\f");
+                input = input.Replace("\r", "\\r");
+                input = input.Replace("\x0e", "\\x0e");
+                input = input.Replace("\x0f", "\\x0f");
+                input = input.Replace("\x10", "\\x10");
+                input = input.Replace("\x11", "\\x11");
+                input = input.Replace("\x12", "\\x12");
+                input = input.Replace("\x13", "\\x13");
+                input = input.Replace("\x14", "\\x14");
+                input = input.Replace("\x15", "\\x15");
+                input = input.Replace("\x16", "\\x16");
+                input = input.Replace("\x17", "\\x17");
+                input = input.Replace("\x18", "\\x18");
+                input = input.Replace("\x19", "\\x19");
+                input = input.Replace("\x1a", "\\x1a");
+                input = input.Replace("\x1b", "\\x1b");
+                input = input.Replace("\x1c", "\\x1c");
+                input = input.Replace("\x1d", "\\x1d");
+                input = input.Replace("\x1e", "\\x1e");
+                input = input.Replace("\x1f", "\\x1f");
+
+                return $"\"{input}\"";
+            }
+
+            // If string 
+            // 1) includes a character forbidden in plain string,
+            // 2) starts with an indicator, OR 
+            // 3) has trailing/leading white spaces,
+            // wrap the string in single quote.
+            // http://www.yaml.org/spec/1.2/spec.html#style/flow/plain
+            if (_yamlPlainStringForbiddenCombinations.Any( fc => input.Contains(fc) )
+                || _yamlIndicators.Any( i => input.StartsWith(i.ToString()) ) 
+                || input.Trim() != input)
+            {
+                // Escape single quotes with two single quotes.
+                input = input.Replace("'", "''");
+
+                return $"'{input}'";
+            }
+
+            // If string can be mistaken as a number, a boolean, or a timestamp,
+            // wrap it in quote to indicate that this is indeed a string, not a number, a boolean, or a timestamp
+            if (decimal.TryParse(input, out var _) || bool.TryParse(input, out var _)
+                || DateTime.TryParse(input, out var _))
+            {
+                return $"'{input}'";
+            }
+
+            return input;
+        }
+
+        /// <summary>
+        /// Handles control characters and backslashes and adds double quotes
+        /// to get JSON-compatible string.
+        /// </summary>
+        internal static string GetJsonCompatibleString(this string value)
+        {
+            // Show the control characters as strings
+            // http://json.org/
+
+            // Replace the backslash first, so that the new backslashes created by other Replaces are not duplicated.
+            value = value.Replace("\\", "\\\\");
+
+            value = value.Replace("\b", "\\b");
+            value = value.Replace("\f", "\\f");
+            value = value.Replace("\n", "\\n");
+            value = value.Replace("\r", "\\r");
+            value = value.Replace("\t", "\\t");
+            value = value.Replace("\"", "\\\"");
+
+            return $"\"{value}\"";
+        }
+    }
+}

src/Microsoft.OpenApi/Writers/WriterConstants.cs

@@ -85,11 +85,6 @@ internal static class WriterConstants
         /// </summary>
         internal const string NameValueSeparator = ": ";
 
-        /// <summary>
-        /// The quote character.
-        /// </summary>
-        internal const char QuoteCharacter = '"';
-
         /// <summary>
         /// The white space for empty object
         /// </summary>

test/Microsoft.OpenApi.Tests/Models/OpenApiEncodingTests.cs

@@ -61,7 +61,7 @@ public void SerializeAdvanceEncodingAsV3YamlWorks()
         {
             // Arrange
             string expected = 
-@"contentType: image/png, image/jpeg
+@"contentType: 'image/png, image/jpeg'
 style: simple
 explode: true
 allowReserved: true";

test/Microsoft.OpenApi.Tests/Models/OpenApiInfoTests.cs

@@ -154,7 +154,7 @@ public static IEnumerable<object[]> AdvanceInfoYamlExpect()
   name: Apache 2.0
   url: http://www.apache.org/licenses/LICENSE-2.0.html
   x-copyright: Abc
-version: 1.1.1
+version: '1.1.1'
 x-updated: metadata"
                 };
             }
@@ -185,7 +185,7 @@ public void InfoVersionShouldAcceptDateStyledAsVersions()
 
             var expected =
                 @"title: Sample Pet Store App
-version: 2017-03-01";
+version: '2017-03-01'";
 
             // Act
             var actual = info.Serialize(OpenApiSpecVersion.OpenApi3_0_0, OpenApiFormat.Yaml);

test/Microsoft.OpenApi.Tests/Models/OpenApiMediaTypeTests.cs

@@ -72,7 +72,7 @@ public void SerializeAdvanceMediaTypeAsV3YamlWorks()
 @"example: 42
 encoding:
   testEncoding:
-    contentType: image/png, image/jpeg
+    contentType: 'image/png, image/jpeg'
     style: simple
     explode: true
     allowReserved: true";