mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-02-27 02:02:35 -05:00
ee8a0ece23
A diagnostic message can potentially include substrings derived from data fetched from untrusted sources, such as if a network request fails in a way that causes part of the response data to be included verbatim in the error message. This new filtering ensures that if any such data is included then any C0 control characters in the string cannot affect the state of a terminal that stdout/stderr might be connected to, by replacing them with their corresponding printable representations from Unicode's "Control Pictures" block. The filtering of source snippets and source filenames is not technically necessary because those are under control of module authors only and operators are already expected to review modules they use to ensure that they can cause only desirable behavior, since modules are arbitrary code. However, it's included here for defense-in-depth because there is little reason for such characters to appear legitimately in either of those contexts in practice. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>