[Yaml] Throw on unquoted exclamation mark

fancyweb · fancyweb · commit 5bf5e0e4a72a · 2020-01-16T15:27:16.000+01:00
diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php
@@ -669,6 +669,10 @@ private static function parseTag(string $value, int &$i, int $flags): ?string
         $nextOffset = $i + $tagLength + 1;
         $nextOffset += strspn($value, ' ', $nextOffset);
 
+        if ('' === $tag && (!isset($value[$nextOffset]) || \in_array($value[$nextOffset], [']', '}', ','], true))) {
+            throw new ParseException(sprintf('Using the unquoted scalar value "!" is not supported. You must quote it at line 1 (near "%s")', $value), self::$parsedLineNumber + 1, $value, self::$parsedFilename);
+        }
+
         // Is followed by a scalar and is a built-in tag
         if ('' !== $tag && (!isset($value[$nextOffset]) || !\in_array($value[$nextOffset], ['[', '{'], true)) && ('!' === $tag[0] || 'str' === $tag || 'php/const' === $tag || 'php/object' === $tag)) {
             // Manage in {@link self::evaluateScalar()}
diff --git a/src/Symfony/Component/Yaml/Tests/InlineTest.php b/src/Symfony/Component/Yaml/Tests/InlineTest.php
@@ -736,4 +736,69 @@ public function getTestsForOctalNumbers()
             'negative octal number' => [-28, '-034'],
         ];
     }
+
+    /**
+     * @dataProvider unquotedExclamationMarkThrowsProvider
+     */
+    public function testUnquotedExclamationMarkThrows($value)
+    {
+        $this->expectException(ParseException::class);
+        $this->expectExceptionMessageRegExp('/^Using the unquoted scalar value "!" is not supported\. You must quote it at line 1/');
+
+        Inline::parse($value);
+    }
+
+    public function unquotedExclamationMarkThrowsProvider()
+    {
+        return [
+            ['!'],
+            ['! '],
+            ['!  '],
+            [' ! '],
+            ['[!]'],
+            ['[! ]'],
+            ['[!  ]'],
+            ['[!, "foo"]'],
+            ['["foo", !, "ccc"]'],
+            ['{foo: !}'],
+            ['{foo:     !}'],
+            ['{foo: !, bar: "ccc"}'],
+            ['{bar: "ccc", foo: ! }'],
+            ['!]]]'],
+            ['!}'],
+            ['!,}foo,]'],
+            ['! [!]'],
+        ];
+    }
+
+    /**
+     * @dataProvider quotedExclamationMarkProvider
+     */
+    public function testQuotedExclamationMark($expected, $value)
+    {
+        $this->assertSame($expected, Inline::parse($value));
+    }
+
+    // This provider should ideally stay consistent with unquotedExclamationMarkThrowsProvider
+    public function quotedExclamationMarkProvider()
+    {
+        return [
+            ['!', '"!"'],
+            ['! ', '"! "'],
+            [' !', '" !"'],
+            [' ! ', '" ! "'],
+            [['!'], '["!"]'],
+            [['!  '], '["!  "]'],
+            [['!', 'foo'], '["!", "foo"]'],
+            [['foo', '!', 'ccc'], '["foo", "!", "ccc"]'],
+            [['foo' => '!'], '{foo: "!"}'],
+            [['foo' => '    !'], '{foo: "    !"}'],
+            [['foo' => '!', 'bar' => 'ccc'], '{foo: "!", bar: "ccc"}'],
+            [['bar' => 'ccc', 'foo' => '! '], '{bar: "ccc", foo: "! "}'],
+            ['!]]]', '"!]]]"'],
+            ['!}', '"!}"'],
+            ['!,}foo,]', '"!,}foo,]"'],
+            [['!'], '! ["!"]'],
+        ];
+    }
 }
