reject inline notations followed by invalid content

Author: xabbuh

Parser.php

@@ -1167,17 +1167,17 @@ private function lexUnquotedString(int &$cursor): string
         return substr($this->currentLine, $offset, $cursor - $offset);
     }
 
-    private function lexInlineMapping(int &$cursor = 0): string
+    private function lexInlineMapping(int &$cursor = 0, bool $consumeUntilEol = true): string
     {
-        return $this->lexInlineStructure($cursor, '}');
+        return $this->lexInlineStructure($cursor, '}', $consumeUntilEol);
     }
 
-    private function lexInlineSequence(int &$cursor = 0): string
+    private function lexInlineSequence(int &$cursor = 0, bool $consumeUntilEol = true): string
     {
-        return $this->lexInlineStructure($cursor, ']');
+        return $this->lexInlineStructure($cursor, ']', $consumeUntilEol);
     }
 
-    private function lexInlineStructure(int &$cursor, string $closingTag): string
+    private function lexInlineStructure(int &$cursor, string $closingTag, bool $consumeUntilEol = true): string
     {
         $value = $this->currentLine[$cursor];
         ++$cursor;
@@ -1197,15 +1197,19 @@ private function lexInlineStructure(int &$cursor, string $closingTag): string
                         ++$cursor;
                         break;
                     case '{':
-                        $value .= $this->lexInlineMapping($cursor);
+                        $value .= $this->lexInlineMapping($cursor, false);
                         break;
                     case '[':
-                        $value .= $this->lexInlineSequence($cursor);
+                        $value .= $this->lexInlineSequence($cursor, false);
                         break;
                     case $closingTag:
                         $value .= $this->currentLine[$cursor];
                         ++$cursor;
 
+                        if ($consumeUntilEol && isset($this->currentLine[$cursor]) && (strspn($this->currentLine, ' ', $cursor) + $cursor) < strlen($this->currentLine)) {
+                            throw new ParseException(sprintf('Unexpected token "%s".', trim(substr($this->currentLine, $cursor))));
+                        }
+
                         return $value;
                     case '#':
                         break 2;

Tests/ParserTest.php

@@ -1718,7 +1718,8 @@ public function testWrappedUnquotedStringWithMultipleSpacesInValue(string $yaml,
         $this->assertSame($expected, $this->parser->parse($yaml));
     }
 
-    public static function wrappedUnquotedStringsProvider() {
+    public static function wrappedUnquotedStringsProvider()
+    {
         return [
             'mapping' => [
                 '{ foo: bar  bar, fiz: cat      cat }',
@@ -2252,6 +2253,30 @@ public function testRootLevelInlineMappingFollowedByMoreContentIsInvalid()
         $this->parser->parse($yaml);
     }
 
+    public function testInlineMappingFollowedByMoreContentIsInvalid()
+    {
+        $this->expectException(ParseException::class);
+        $this->expectExceptionMessage('Unexpected token "baz" at line 1 (near "{ foo: bar } baz").');
+
+        $yaml = <<<YAML
+{ foo: bar } baz
+YAML;
+
+        $this->parser->parse($yaml);
+    }
+
+    public function testInlineSequenceFollowedByMoreContentIsInvalid()
+    {
+        $this->expectException(ParseException::class);
+        $this->expectExceptionMessage('Unexpected token ",bar," at line 1 (near "[\'foo\'],bar,").');
+
+        $yaml = <<<YAML
+['foo'],bar,
+YAML;
+
+        $this->parser->parse($yaml);
+    }
+
     public function testTaggedInlineMapping()
     {
         $this->assertSameData(new TaggedValue('foo', ['foo' => 'bar']), $this->parser->parse('!foo {foo: bar}', Yaml::PARSE_CUSTOM_TAGS));