diff options
author | Markus Armbruster <armbru@redhat.com> | 2018-08-06 08:53:33 +0200 |
---|---|---|
committer | Markus Armbruster <armbru@redhat.com> | 2018-08-16 08:42:06 +0200 |
commit | 015715f554f19a809cd80ff53a3881fddfda1336 (patch) | |
tree | 0fdd62ad38256540016f4570d28d4831912daa89 /qemu-seccomp.c | |
parent | 62fff696d56b90e5820d2c3c3085b778b23f0d93 (diff) |
tests: Clean up string interpolation into QMP input (simple cases)
When you build QMP input manually like this
cmd = g_strdup_printf("{ 'execute': 'migrate',"
"'arguments': { 'uri': '%s' } }",
uri);
rsp = qmp(cmd);
g_free(cmd);
you're responsible for escaping the interpolated values for JSON. Not
done here, and therefore works only for sufficiently nice @uri. For
instance, if @uri contained a single "'", qobject_from_vjsonf_nofail()
would abort. A sufficiently nasty @uri could even inject unwanted
members into the arguments object.
Leaving interpolation into JSON to qmp() is more robust:
rsp = qmp("{ 'execute': 'migrate', 'arguments': { 'uri': %s } }", uri);
It's also more concise.
Clean up the simple cases where we interpolate exactly a JSON value.
Bonus: gets rid of non-literal format strings. A step towards
compile-time format string checking without triggering
-Wformat-nonliteral.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180806065344.7103-13-armbru@redhat.com>
Diffstat (limited to 'qemu-seccomp.c')
0 files changed, 0 insertions, 0 deletions