From 9bb7db07b5d66d90f6ebf542f09fc67d800e5259 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Wed, 7 Feb 2024 13:57:39 +0100 Subject: [PATCH] Avoid leaking more than one character when showing position of a file that is clearly not json --- src/Seld/JsonLint/Lexer.php | 4 ++++ tests/JsonParserTest.php | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/Seld/JsonLint/Lexer.php b/src/Seld/JsonLint/Lexer.php index fbaf4c7..6db5e1e 100644 --- a/src/Seld/JsonLint/Lexer.php +++ b/src/Seld/JsonLint/Lexer.php @@ -140,6 +140,10 @@ public function setInput($input) */ public function showPosition() { + if ($this->yylineno === 0 && $this->offset === 1 && $this->match !== '{') { + return $this->match.'...' . "\n^"; + } + $pre = str_replace("\n", '', $this->getPastInput()); $c = str_repeat('-', max(0, \strlen($pre) - 1)); // new Array(pre.length + 1).join("-"); diff --git a/tests/JsonParserTest.php b/tests/JsonParserTest.php index 560e303..3eb73c2 100644 --- a/tests/JsonParserTest.php +++ b/tests/JsonParserTest.php @@ -177,6 +177,17 @@ public function testErrorAtBeginning() } } + public function testAvoidLeakingInfoForInvalidFiles() + { + $parser = new JsonParser(); + try { + $parser->parse('ABCD'); + $this->fail('Empty string should be invalid'); + } catch (ParsingException $e) { + $this->assertContains("Parse error on line 1:\nA...\n^", $e->getMessage()); + } + } + public function testParsesMultiInARow() { $parser = new JsonParser();