asciidoctor-plantuml 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 06c1cf16fb57543cec6f90c9d907894ebe6c8b8888396f5cfeb9305340f130c1
4
- data.tar.gz: 82488d9c4c5431c9244e0ad834bfbb2ae88ef1fe38146cca7d369352f967ff4f
3
+ metadata.gz: fa9d42baca46ef240d1621640dce548f96a46e4e535a6405cace400e2495f097
4
+ data.tar.gz: b7320f06086d5230ceb3507945971f48efe988edfd159ebde0cc1c5609bc86f6
5
5
  SHA512:
6
- metadata.gz: 71e3258bc87c722dc6c393129ca5b5984c4ac45f4ea3f6c7ef49907d9dc71c605a1650852bcf6b6f9201115179f3672724883eaa6db0947dca387bb1a7ecf47c
7
- data.tar.gz: 41993506e615c6ce9180b5677d2bb40a83e18b33abae1b1d16e96ed5b0493d773a747659a4c08be24a13728ac0303e3c63f31ea194b109decec8f0148f7ef79f
6
+ metadata.gz: e0f9dc73e4f6f116b1321d2d25a23a268d8158777abeb2c3984c5ce642dd1aecbe2febeb602d9d8e0fb038cb310fb934f460300996170e2e83d81a57fc159588
7
+ data.tar.gz: b9aea5f39cb2c27e48b1239518a9d8a63b7938cc81899c3454782a6afe235a0597817525bdfe125441e09f03dcc4b6abd276fc1509f5b8aa86abcf64e2287afd
@@ -91,10 +91,16 @@ module Asciidoctor
91
91
 
92
92
  # insert global plantuml config after first line
93
93
  config_path = parent.attr('plantuml-include', '', true)
94
- begin
95
- content = insert_config_to_content(parent, config_path, content, attrs) unless config_path.empty?
96
- rescue StandardError => e
97
- return plantuml_invalid_file(config_path, e.message, attrs)
94
+
95
+ unless config_path.empty?
96
+ begin
97
+ source_file = parent.document.normalize_system_path(config_path, nil, nil, recover: false)
98
+ content = insert_config_to_content(parent, source_file, content, attrs)
99
+ rescue StandardError => e
100
+ return plantuml_invalid_file(source_file, e.message, attrs)
101
+ rescue SecurityError => e
102
+ return plantuml_insecure_file(source_file, e.message, attrs)
103
+ end
98
104
  end
99
105
 
100
106
  if %w[png svg txt].include?(format) && method("#{format}_enabled?").call
@@ -114,12 +120,14 @@ module Asciidoctor
114
120
  plantuml_content_format(parent, code, format, attrs)
115
121
  end
116
122
 
117
- def plantuml_content_from_file(parent, source_file, attrs = {})
118
- File.open(source_file) do |f|
119
- return plantuml_content(parent, f, attrs)
120
- end
123
+ def plantuml_content_from_file(parent, target, attrs = {})
124
+ source_file = parent.document.normalize_system_path(target, nil, nil, recover: false)
125
+ content = ::File.open(source_file, mode: FILE_READ_MODE)
126
+ plantuml_content(parent, content, attrs)
121
127
  rescue StandardError => e
122
128
  plantuml_invalid_file(source_file, e.message, attrs)
129
+ rescue SecurityError => e
130
+ plantuml_insecure_file(source_file, e.message, attrs)
123
131
  end
124
132
 
125
133
  # Compression code used to generate PlantUML URLs. Taken directly from
@@ -149,12 +157,10 @@ module Asciidoctor
149
157
  private
150
158
 
151
159
  def insert_config_to_content(parent, config_path, content, attrs)
152
- File.open(config_path) do |file|
153
- config = file.read
154
- subs = attrs['subs']
155
- config = parent.apply_subs(config, parent.resolve_subs(subs)) if subs
156
- return content.dup.insert(content.index("\n"), "\n#{config}") unless config.empty?
157
- end
160
+ config = File.read(config_path, mode: FILE_READ_MODE)
161
+ subs = attrs['subs']
162
+ config = parent.apply_subs(config, parent.resolve_subs(subs)) if subs
163
+ return content.dup.insert(content.index("\n"), "\n#{config}") unless config.empty?
158
164
  end
159
165
 
160
166
  def plantuml_txt_content(code, format, attrs = {})
@@ -227,6 +233,11 @@ module Asciidoctor
227
233
  _plantuml_error_content(error, attrs)
228
234
  end
229
235
 
236
+ def plantuml_insecure_file(file, error, attrs = {})
237
+ error = "PlantUML Error: Could not read \"#{file}\": #{error}"
238
+ _plantuml_error_content(error, attrs)
239
+ end
240
+
230
241
  def _plantuml_error_content(error, attrs = {})
231
242
  content = '<div class="listingblock">'
232
243
  content += '<div class="content">'
@@ -321,9 +332,7 @@ module Asciidoctor
321
332
  named :plantuml
322
333
 
323
334
  def process(parent, target, attrs)
324
- base_dir = parent.document.base_dir
325
- source_file = parent.document.path_resolver.system_path(target, base_dir, base_dir)
326
- content = Processor.plantuml_content_from_file(parent, source_file, attrs)
335
+ content = Processor.plantuml_content_from_file(parent, target, attrs)
327
336
  Processor.create_plantuml_block(parent, content, attrs)
328
337
  end
329
338
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Asciidoctor
4
4
  module PlantUML
5
- VERSION = '0.1.0'
5
+ VERSION = '0.1.1'
6
6
  end
7
7
  end
@@ -198,6 +198,13 @@ DOC_BLOCK_MACRO_MISSING_FILE = <<~ENDOFSTRING
198
198
  plantuml::test/fixtures/missing.puml[]
199
199
  ENDOFSTRING
200
200
 
201
+ DOC_BLOCK_MACRO_INSECURE_FILE = <<~ENDOFSTRING
202
+ = Hello PlantUML!
203
+
204
+ .Title Of this
205
+ plantuml::/etc/passwd[]
206
+ ENDOFSTRING
207
+
201
208
  DOC_SUBS_ATTRIBUTES = <<~ENDOFSTRING
202
209
  = Hello PlantUML!
203
210
  :text: Label
@@ -234,6 +241,18 @@ DOC_CONFIG_INCLUDE_MISSING_FILE = <<~ENDOFSTRING
234
241
  ----
235
242
  ENDOFSTRING
236
243
 
244
+ DOC_CONFIG_INCLUDE_INSECURE_FILE = <<~ENDOFSTRING
245
+ = Hello PlantUML!
246
+ :plantuml-include: /etc/passwd
247
+
248
+ [plantuml, format="png"]
249
+ .Title Of this
250
+ ----
251
+ User -> (Start)
252
+ User --> (Use the application) : Label
253
+ ----
254
+ ENDOFSTRING
255
+
237
256
  DOC_CONFIG_INCLUDE_MACRO_BLOCK = <<~ENDOFSTRING
238
257
  = Hello PlantUML!
239
258
  :plantuml-include: test/fixtures/config.puml
@@ -375,7 +394,7 @@ class PlantUmlTest < Test::Unit::TestCase
375
394
  end
376
395
 
377
396
  def test_should_show_file_error
378
- html = ::Asciidoctor.convert(StringIO.new(DOC_BLOCK_MACRO_MISSING_FILE), backend: 'html5')
397
+ html = ::Asciidoctor.convert(StringIO.new(DOC_BLOCK_MACRO_MISSING_FILE), backend: 'html5', safe: :secure)
379
398
  page = Nokogiri::HTML(html)
380
399
 
381
400
  elements = page.css('pre.plantuml-error')
@@ -383,6 +402,15 @@ class PlantUmlTest < Test::Unit::TestCase
383
402
  assert_includes html, 'No such file or directory'
384
403
  end
385
404
 
405
+ def test_should_show_insecure_error
406
+ html = ::Asciidoctor.convert(StringIO.new(DOC_BLOCK_MACRO_INSECURE_FILE), backend: 'html5', safe: :secure)
407
+ page = Nokogiri::HTML(html)
408
+
409
+ elements = page.css('pre.plantuml-error')
410
+ assert_equal elements.size, 1
411
+ assert_includes html, 'is outside of jail'
412
+ end
413
+
386
414
  def test_plantuml_subs_attributes
387
415
  html = ::Asciidoctor.convert(StringIO.new(DOC_SUBS_ATTRIBUTES), backend: 'html5')
388
416
  page = Nokogiri::HTML(html)
@@ -397,7 +425,7 @@ class PlantUmlTest < Test::Unit::TestCase
397
425
  end
398
426
 
399
427
  def test_plantuml_config_include
400
- html = ::Asciidoctor.convert(StringIO.new(DOC_CONFIG_INCLUDE), backend: 'html5')
428
+ html = ::Asciidoctor.convert(StringIO.new(DOC_CONFIG_INCLUDE), backend: 'html5', safe: :secure)
401
429
  page = Nokogiri::HTML(html)
402
430
 
403
431
  elements = page.css('img.plantuml')
@@ -418,8 +446,17 @@ class PlantUmlTest < Test::Unit::TestCase
418
446
  assert_includes html, 'No such file or directory'
419
447
  end
420
448
 
449
+ def test_plantuml_config_include_insecure_file
450
+ html = ::Asciidoctor.convert(StringIO.new(DOC_CONFIG_INCLUDE_INSECURE_FILE), backend: 'html5', safe: :secure)
451
+ page = Nokogiri::HTML(html)
452
+
453
+ elements = page.css('pre.plantuml-error')
454
+ assert_equal elements.size, 1
455
+ assert_includes html, 'is outside of jail'
456
+ end
457
+
421
458
  def test_plantuml_config_include_macro_block
422
- html = ::Asciidoctor.convert(StringIO.new(DOC_CONFIG_INCLUDE_MACRO_BLOCK), backend: 'html5')
459
+ html = ::Asciidoctor.convert(StringIO.new(DOC_CONFIG_INCLUDE_MACRO_BLOCK), backend: 'html5', safe: :secure)
423
460
  page = Nokogiri::HTML(html)
424
461
 
425
462
  elements = page.css('img.plantuml')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: asciidoctor-plantuml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Horacio Sanson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-30 00:00:00.000000000 Z
11
+ date: 2022-05-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler