hcl: error if we scan a null char before end of input text

This was allowing very strange input to be allowed through to Terraform since some encryped output will contain null characters (such as from git crypt).
2016-11-21 18:08:30 -08:00 · 2016-11-21 18:08:30 -08:00 · d02cd46b72
commit d02cd46b72
parent c3e054bfd4
5 changed files with 16 additions and 0 deletions
--- a/decoder_test.go
+++ b/decoder_test.go
@ -379,6 +379,12 @@ func TestDecode_interface(t *testing.T) {
 				},
 			},
 		},
+
+		{
+			"git_crypt.hcl",
+			true,
+			nil,
+		},
 	}

 	for _, tc := range cases {
--- a/hcl/parser/parser_test.go
+++ b/hcl/parser/parser_test.go
@ -504,6 +504,10 @@ func TestParse(t *testing.T) {
 			"object_key_assign_without_value3.hcl",
 			true,
 		},
+		{
+			"git_crypt.hcl",
+			true,
+		},
 	}

 	const fixtureDir = "./test-fixtures"
--- a/hcl/parser/test-fixtures/git_crypt.hcl
+++ b/hcl/parser/test-fixtures/git_crypt.hcl
--- a/hcl/scanner/scanner.go
+++ b/hcl/scanner/scanner.go
@ -95,6 +95,12 @@ func (s *Scanner) next() rune {
 		s.srcPos.Column = 0
 	}

+	// If we see a null character with data left, then that is an error
+	if ch == '\x00' && s.buf.Len() > 0 {
+		s.err("unexpected null character (0x00)")
+		return eof
+	}
+
 	// debug
 	// fmt.Printf("ch: %q, offset:column: %d:%d\n", ch, s.srcPos.Offset, s.srcPos.Column)
 	return ch
--- a/test-fixtures/git_crypt.hcl
+++ b/test-fixtures/git_crypt.hcl