Software /
code /
prosody
Annotate
util/format.lua @ 12559:865631ebb9f2
util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
MD5() is deprecated, but EVP_md5() is not.
Functions in macros like this make it awkward to apply static analysis
and code formatting.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 10 Sep 2020 21:58:23 +0200 |
parent | 12261:f7946c8e502f |
child | 12573:0f4feaf9ca64 |
rev | line source |
---|---|
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- |
12221
056b7920b686
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se>
parents:
12220
diff
changeset
|
2 -- A string.format wrapper that gracefully handles invalid arguments since |
12261
f7946c8e502f
util.format: Fix typo in comment [codespell]
Kim Alvefur <zash@zash.se>
parents:
12221
diff
changeset
|
3 -- certain format string and argument combinations may cause errors or other |
12221
056b7920b686
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se>
parents:
12220
diff
changeset
|
4 -- issues like log spoofing |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- |
12221
056b7920b686
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se>
parents:
12220
diff
changeset
|
6 -- Provides some protection from e.g. CAPEC-135, CWE-117, CWE-134, CWE-93 |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 local tostring = tostring; |
8417
e88db5668cfb
util.format: Import unpack from table lib in Lua 5.2+
Kim Alvefur <zash@zash.se>
parents:
8383
diff
changeset
|
9 local unpack = table.unpack or unpack; -- luacheck: ignore 113/unpack |
9687
8c92ef4270c9
util.format: Use pack from util.table
Kim Alvefur <zash@zash.se>
parents:
9656
diff
changeset
|
10 local pack = require "util.table".pack; -- TODO table.pack in 5.2+ |
12031
87bc26f23d9b
util.format: Escape invalid UTF-8 by passing trough serialization
Kim Alvefur <zash@zash.se>
parents:
11648
diff
changeset
|
11 local valid_utf8 = require "util.encodings".utf8.valid; |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 local type = type; |
9693
6ed0d6224d64
util.format: Serialize values for the %q format
Kim Alvefur <zash@zash.se>
parents:
9687
diff
changeset
|
13 local dump = require "util.serialization".new("debug"); |
10035
386f085820e6
util.format: Handle integer formats the same way on Lua versions without integer support
Kim Alvefur <zash@zash.se>
parents:
10034
diff
changeset
|
14 local num_type = math.type or function (n) |
386f085820e6
util.format: Handle integer formats the same way on Lua versions without integer support
Kim Alvefur <zash@zash.se>
parents:
10034
diff
changeset
|
15 return n % 1 == 0 and n <= 9007199254740992 and n >= -9007199254740992 and "integer" or "float"; |
386f085820e6
util.format: Handle integer formats the same way on Lua versions without integer support
Kim Alvefur <zash@zash.se>
parents:
10034
diff
changeset
|
16 end |
10034
4fca92d60040
util.format: Handle formats expecting an integer in Lua 5.3+ (fixes #1371)
Kim Alvefur <zash@zash.se>
parents:
9693
diff
changeset
|
17 |
10035
386f085820e6
util.format: Handle integer formats the same way on Lua versions without integer support
Kim Alvefur <zash@zash.se>
parents:
10034
diff
changeset
|
18 -- In Lua 5.3+ these formats throw an error if given a float |
386f085820e6
util.format: Handle integer formats the same way on Lua versions without integer support
Kim Alvefur <zash@zash.se>
parents:
10034
diff
changeset
|
19 local expects_integer = { c = true, d = true, i = true, o = true, u = true, X = true, x = true, }; |
12036
2ce06f788093
util.format: Fix some formats expecting positive numbers in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
12035
diff
changeset
|
20 -- In Lua 5.2 these throw an error given a negative number |
2ce06f788093
util.format: Fix some formats expecting positive numbers in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
12035
diff
changeset
|
21 local expects_positive = { o = true; u = true; x = true; X = true }; |
11638
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
22 -- Printable Unicode replacements for control characters |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
23 local control_symbols = { |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
24 -- 0x00 .. 0x1F --> U+2400 .. U+241F, 0x7F --> U+2421 |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
25 ["\000"] = "\226\144\128", ["\001"] = "\226\144\129", ["\002"] = "\226\144\130", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
26 ["\003"] = "\226\144\131", ["\004"] = "\226\144\132", ["\005"] = "\226\144\133", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
27 ["\006"] = "\226\144\134", ["\007"] = "\226\144\135", ["\008"] = "\226\144\136", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
28 ["\009"] = "\226\144\137", ["\010"] = "\226\144\138", ["\011"] = "\226\144\139", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
29 ["\012"] = "\226\144\140", ["\013"] = "\226\144\141", ["\014"] = "\226\144\142", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
30 ["\015"] = "\226\144\143", ["\016"] = "\226\144\144", ["\017"] = "\226\144\145", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
31 ["\018"] = "\226\144\146", ["\019"] = "\226\144\147", ["\020"] = "\226\144\148", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
32 ["\021"] = "\226\144\149", ["\022"] = "\226\144\150", ["\023"] = "\226\144\151", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
33 ["\024"] = "\226\144\152", ["\025"] = "\226\144\153", ["\026"] = "\226\144\154", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
34 ["\027"] = "\226\144\155", ["\028"] = "\226\144\156", ["\029"] = "\226\144\157", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
35 ["\030"] = "\226\144\158", ["\031"] = "\226\144\159", ["\127"] = "\226\144\161", |
5f4a657136bc
util.format: Escape ASCII control characters in output
Kim Alvefur <zash@zash.se>
parents:
10035
diff
changeset
|
36 }; |
12035
dc7ab05005e8
util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTS
Kim Alvefur <zash@zash.se>
parents:
12033
diff
changeset
|
37 local supports_p = pcall(string.format, "%p", ""); -- >= Lua 5.4 |
dc7ab05005e8
util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTS
Kim Alvefur <zash@zash.se>
parents:
12033
diff
changeset
|
38 local supports_a = pcall(string.format, "%a", 0.0); -- > Lua 5.1 |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 |
8382
e5d00bf4a4d5
util: Various minor changes to please [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8225
diff
changeset
|
40 local function format(formatstring, ...) |
9687
8c92ef4270c9
util.format: Use pack from util.table
Kim Alvefur <zash@zash.se>
parents:
9656
diff
changeset
|
41 local args = pack(...); |
8c92ef4270c9
util.format: Use pack from util.table
Kim Alvefur <zash@zash.se>
parents:
9656
diff
changeset
|
42 local args_length = args.n; |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 -- format specifier spec: |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 -- 1. Start: '%%' |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 -- 2. Flags: '[%-%+ #0]' |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 -- 3. Width: '%d?%d?' |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 -- 4. Precision: '%.?%d?%d?' |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 -- 5. Option: '[cdiouxXaAeEfgGqs%%]' |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 -- |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 -- The options c, d, E, e, f, g, G, i, o, u, X, and x all expect a number as argument, whereas q and s expect a string. |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 -- This function does not accept string values containing embedded zeros, except as arguments to the q option. |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 -- a and A are only in Lua 5.2+ |
12033
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
54 -- Lua 5.4 adds a p format that produces a pointer |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
56 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 -- process each format specifier |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 local i = 0; |
12033
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
59 formatstring = formatstring:gsub("%%[^cdiouxXaAeEfgGpqs%%]*[cdiouxXaAeEfgGpqs%%]", function(spec) |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
60 if spec == "%%" then return end |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
61 i = i + 1; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
62 local arg = args[i]; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
63 |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
64 if arg == nil then |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
65 args[i] = "nil"; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
66 return "(%s)"; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
67 end |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
68 |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
69 local option = spec:sub(-1); |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
70 local t = type(arg); |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
71 |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
72 if option == "s" and t == "string" and not arg:find("[%z\1-\31\128-\255]") then |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
73 -- No UTF-8 or control characters, assumed to be the common case. |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
74 return |
12040
337b489532b7
util.format: Optimize most common integer format
Kim Alvefur <zash@zash.se>
parents:
12039
diff
changeset
|
75 elseif t == "number" then |
337b489532b7
util.format: Optimize most common integer format
Kim Alvefur <zash@zash.se>
parents:
12039
diff
changeset
|
76 if option == "g" or (option == "d" and num_type(arg) == "integer") then return end |
12035
dc7ab05005e8
util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTS
Kim Alvefur <zash@zash.se>
parents:
12033
diff
changeset
|
77 elseif option == "s" and t ~= "string" then |
12039
e0a8c5b1ab4f
util.format: Ensure metatable __tostring results are also sanitized
Kim Alvefur <zash@zash.se>
parents:
12036
diff
changeset
|
78 arg = tostring(arg); |
e0a8c5b1ab4f
util.format: Ensure metatable __tostring results are also sanitized
Kim Alvefur <zash@zash.se>
parents:
12036
diff
changeset
|
79 t = "string"; |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
80 end |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
81 |
12033
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
82 if option ~= "s" and option ~= "q" and option ~= "p" then |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
83 -- all other options expect numbers |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
84 if t ~= "number" then |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
85 -- arg isn't number as expected? |
12031
87bc26f23d9b
util.format: Escape invalid UTF-8 by passing trough serialization
Kim Alvefur <zash@zash.se>
parents:
11648
diff
changeset
|
86 arg = tostring(arg); |
87bc26f23d9b
util.format: Escape invalid UTF-8 by passing trough serialization
Kim Alvefur <zash@zash.se>
parents:
11648
diff
changeset
|
87 option = "s"; |
87bc26f23d9b
util.format: Escape invalid UTF-8 by passing trough serialization
Kim Alvefur <zash@zash.se>
parents:
11648
diff
changeset
|
88 spec = "[%s]"; |
87bc26f23d9b
util.format: Escape invalid UTF-8 by passing trough serialization
Kim Alvefur <zash@zash.se>
parents:
11648
diff
changeset
|
89 t = "string"; |
10034
4fca92d60040
util.format: Handle formats expecting an integer in Lua 5.3+ (fixes #1371)
Kim Alvefur <zash@zash.se>
parents:
9693
diff
changeset
|
90 elseif expects_integer[option] and num_type(arg) ~= "integer" then |
4fca92d60040
util.format: Handle formats expecting an integer in Lua 5.3+ (fixes #1371)
Kim Alvefur <zash@zash.se>
parents:
9693
diff
changeset
|
91 args[i] = tostring(arg); |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
92 return "[%s]"; |
12036
2ce06f788093
util.format: Fix some formats expecting positive numbers in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
12035
diff
changeset
|
93 elseif expects_positive[option] and arg < 0 then |
2ce06f788093
util.format: Fix some formats expecting positive numbers in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
12035
diff
changeset
|
94 args[i] = tostring(arg); |
2ce06f788093
util.format: Fix some formats expecting positive numbers in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
12035
diff
changeset
|
95 return "[%s]"; |
12035
dc7ab05005e8
util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTS
Kim Alvefur <zash@zash.se>
parents:
12033
diff
changeset
|
96 elseif (option == "a" or option == "A") and not supports_a then |
dc7ab05005e8
util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTS
Kim Alvefur <zash@zash.se>
parents:
12033
diff
changeset
|
97 return "%x"; |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
98 else |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
99 return -- acceptable number |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
100 end |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
101 end |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
102 |
12033
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
103 |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
104 if option == "p" and not supports_p then |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
105 arg = tostring(arg); |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
106 option = "s"; |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
107 spec = "[%s]"; |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
108 t = "string"; |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
109 end |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
110 |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
111 if t == "string" and option ~= "p" then |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
112 if not valid_utf8(arg) then |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
113 option = "q"; |
12220
25b853e64d83
util.format: Skip control code escaping when doing full serialization
Kim Alvefur <zash@zash.se>
parents:
12040
diff
changeset
|
114 elseif option ~= "q" then -- gets fully escaped in the next block |
12221
056b7920b686
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se>
parents:
12220
diff
changeset
|
115 -- Prevent funny things with ASCII control characters and ANSI escape codes (CWE-117) |
056b7920b686
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se>
parents:
12220
diff
changeset
|
116 -- Also ensure embedded newlines can't look like another log line (CWE-93) |
12032
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
117 args[i] = arg:gsub("[%z\1-\8\11-\31\127]", control_symbols):gsub("\n\t?", "\n\t"); |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
118 return spec; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
119 end |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
120 end |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
121 |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
122 if option == "q" then |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
123 args[i] = dump(arg); |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
124 return "%s"; |
3db09eb4c43b
util.format: Ensure sanitation of strings passed to wrong format
Kim Alvefur <zash@zash.se>
parents:
12031
diff
changeset
|
125 end |
12033
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
126 |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
127 if option == "p" and (t == "boolean" or t == "number") then |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
128 args[i] = tostring(arg); |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
129 return "[%s]"; |
161f8268c4b3
util.format: Also handle the %p format added in Lua 5.4
Kim Alvefur <zash@zash.se>
parents:
12032
diff
changeset
|
130 end |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
131 end); |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
132 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
133 -- process extra args |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
134 while i < args_length do |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
135 i = i + 1; |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
136 local arg = args[i]; |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
137 if arg == nil then |
11644
fc1b8fe94d04
util.format: Change formatting of nil values to avoid looking like XML
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
138 args[i] = "(nil)"; |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
139 else |
11648
96d3cbeb9275
util.format: Escape ASCII control characters also in extra arguments
Kim Alvefur <zash@zash.se>
parents:
11647
diff
changeset
|
140 args[i] = tostring(arg):gsub("[%z\1-\8\11-\31\127]", control_symbols):gsub("\n\t?", "\n\t"); |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
141 end |
8382
e5d00bf4a4d5
util: Various minor changes to please [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8225
diff
changeset
|
142 formatstring = formatstring .. " [%s]" |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
143 end |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
144 |
8382
e5d00bf4a4d5
util: Various minor changes to please [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8225
diff
changeset
|
145 return formatstring:format(unpack(args)); |
8225
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
146 end |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
147 |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
148 return { |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
149 format = format; |
70cb72f46a3b
util.format: A string.format wrapper that gracefully handles invalid arguments
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
150 }; |