brakeman 4.10.0 → 4.10.1

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb

@@ -0,0 +1,266 @@
+# frozen_string_literal: false
+require_relative 'functions'
+require_relative 'xmltokens'
+
+module REXML
+  class QuickPath
+    include Functions
+    include XMLTokens
+
+    # A base Hash object to be used when initializing a
+    # default empty namespaces set.
+    EMPTY_HASH = {}
+
+    def QuickPath::first element, path, namespaces=EMPTY_HASH
+      match(element, path, namespaces)[0]
+    end
+
+    def QuickPath::each element, path, namespaces=EMPTY_HASH, &block
+      path = "*" unless path
+      match(element, path, namespaces).each( &block )
+    end
+
+    def QuickPath::match element, path, namespaces=EMPTY_HASH
+      raise "nil is not a valid xpath" unless path
+      results = nil
+      Functions::namespace_context = namespaces
+      case path
+      when /^\/([^\/]|$)/u
+        # match on root
+        path = path[1..-1]
+        return [element.root.parent] if path == ''
+        results = filter([element.root], path)
+      when /^[-\w]*::/u
+        results = filter([element], path)
+      when /^\*/u
+        results = filter(element.to_a, path)
+      when /^[\[!\w:]/u
+        # match on child
+        children = element.to_a
+        results = filter(children, path)
+      else
+        results = filter([element], path)
+      end
+      return results
+    end
+
+    # Given an array of nodes it filters the array based on the path. The
+    # result is that when this method returns, the array will contain elements
+    # which match the path
+    def QuickPath::filter elements, path
+      return elements if path.nil? or path == '' or elements.size == 0
+      case path
+      when /^\/\//u                                                                                     # Descendant
+        return axe( elements, "descendant-or-self", $' )
+      when /^\/?\b(\w[-\w]*)\b::/u                                                      # Axe
+        return axe( elements, $1, $' )
+      when /^\/(?=\b([:!\w][-\.\w]*:)?[-!\*\.\w]*\b([^:(]|$)|\*)/u      # Child
+        rest = $'
+        results = []
+        elements.each do |element|
+          results |= filter( element.to_a, rest )
+        end
+        return results
+      when /^\/?(\w[-\w]*)\(/u                                                  # / Function
+        return function( elements, $1, $' )
+      when Namespace::NAMESPLIT         # Element name
+        name = $2
+        ns = $1
+        rest = $'
+        elements.delete_if do |element|
+          !(element.kind_of? Element and
+            (element.expanded_name == name or
+             (element.name == name and
+              element.namespace == Functions.namespace_context[ns])))
+        end
+        return filter( elements, rest )
+      when /^\/\[/u
+        matches = []
+        elements.each do |element|
+          matches |= predicate( element.to_a, path[1..-1] ) if element.kind_of? Element
+        end
+        return matches
+      when /^\[/u                                                                                               # Predicate
+        return predicate( elements, path )
+      when /^\/?\.\.\./u                                                                                # Ancestor
+        return axe( elements, "ancestor", $' )
+      when /^\/?\.\./u                                                                                  # Parent
+        return filter( elements.collect{|e|e.parent}, $' )
+      when /^\/?\./u                                                                                            # Self
+        return filter( elements, $' )
+      when /^\*/u                                                                                                       # Any
+        results = []
+        elements.each do |element|
+          results |= filter( [element], $' ) if element.kind_of? Element
+          #if element.kind_of? Element
+          #     children = element.to_a
+          #     children.delete_if { |child| !child.kind_of?(Element) }
+          #     results |= filter( children, $' )
+          #end
+        end
+        return results
+      end
+      return []
+    end
+
+    def QuickPath::axe( elements, axe_name, rest )
+      matches = []
+      matches = filter( elements.dup, rest ) if axe_name =~ /-or-self$/u
+      case axe_name
+      when /^descendant/u
+        elements.each do |element|
+          matches |= filter( element.to_a, "descendant-or-self::#{rest}" ) if element.kind_of? Element
+        end
+      when /^ancestor/u
+        elements.each do |element|
+          while element.parent
+            matches << element.parent
+            element = element.parent
+          end
+        end
+        matches = filter( matches, rest )
+      when "self"
+        matches = filter( elements, rest )
+      when "child"
+        elements.each do |element|
+          matches |= filter( element.to_a, rest ) if element.kind_of? Element
+        end
+      when "attribute"
+        elements.each do |element|
+          matches << element.attributes[ rest ] if element.kind_of? Element
+        end
+      when "parent"
+        matches = filter(elements.collect{|element| element.parent}.uniq, rest)
+      when "following-sibling"
+        matches = filter(elements.collect{|element| element.next_sibling}.uniq,
+          rest)
+      when "previous-sibling"
+        matches = filter(elements.collect{|element|
+          element.previous_sibling}.uniq, rest )
+      end
+      return matches.uniq
+    end
+
+    OPERAND_ = '((?=(?:(?!and|or).)*[^\s<>=])[^\s<>=]+)'
+    # A predicate filters a node-set with respect to an axis to produce a
+    # new node-set. For each node in the node-set to be filtered, the
+    # PredicateExpr is evaluated with that node as the context node, with
+    # the number of nodes in the node-set as the context size, and with the
+    # proximity position of the node in the node-set with respect to the
+    # axis as the context position; if PredicateExpr evaluates to true for
+    # that node, the node is included in the new node-set; otherwise, it is
+    # not included.
+    #
+    # A PredicateExpr is evaluated by evaluating the Expr and converting
+    # the result to a boolean. If the result is a number, the result will
+    # be converted to true if the number is equal to the context position
+    # and will be converted to false otherwise; if the result is not a
+    # number, then the result will be converted as if by a call to the
+    # boolean function. Thus a location path para[3] is equivalent to
+    # para[position()=3].
+    def QuickPath::predicate( elements, path )
+      ind = 1
+      bcount = 1
+      while bcount > 0
+        bcount += 1 if path[ind] == ?[
+        bcount -= 1 if path[ind] == ?]
+        ind += 1
+      end
+      ind -= 1
+      predicate = path[1..ind-1]
+      rest = path[ind+1..-1]
+
+      # have to change 'a [=<>] b [=<>] c' into 'a [=<>] b and b [=<>] c'
+      #
+      predicate.gsub!(
+        /#{OPERAND_}\s*([<>=])\s*#{OPERAND_}\s*([<>=])\s*#{OPERAND_}/u,
+        '\1 \2 \3 and \3 \4 \5' )
+      # Let's do some Ruby trickery to avoid some work:
+      predicate.gsub!( /&/u, "&&" )
+      predicate.gsub!( /=/u, "==" )
+      predicate.gsub!( /@(\w[-\w.]*)/u, 'attribute("\1")' )
+      predicate.gsub!( /\bmod\b/u, "%" )
+      predicate.gsub!( /\b(\w[-\w.]*\()/u ) {
+        fname = $1
+        fname.gsub( /-/u, "_" )
+      }
+
+      Functions.pair = [ 0, elements.size ]
+      results = []
+      elements.each do |element|
+        Functions.pair[0] += 1
+        Functions.node = element
+        res = eval( predicate )
+        case res
+        when true
+          results << element
+        when Integer
+          results << element if Functions.pair[0] == res
+        when String
+          results << element
+        end
+      end
+      return filter( results, rest )
+    end
+
+    def QuickPath::attribute( name )
+      return Functions.node.attributes[name] if Functions.node.kind_of? Element
+    end
+
+    def QuickPath::name()
+      return Functions.node.name if Functions.node.kind_of? Element
+    end
+
+    def QuickPath::method_missing( id, *args )
+      begin
+        Functions.send( id.id2name, *args )
+      rescue Exception
+        raise "METHOD: #{id.id2name}(#{args.join ', '})\n#{$!.message}"
+      end
+    end
+
+    def QuickPath::function( elements, fname, rest )
+      args = parse_args( elements, rest )
+      Functions.pair = [0, elements.size]
+      results = []
+      elements.each do |element|
+        Functions.pair[0] += 1
+        Functions.node = element
+        res = Functions.send( fname, *args )
+        case res
+        when true
+          results << element
+        when Integer
+          results << element if Functions.pair[0] == res
+        end
+      end
+      return results
+    end
+
+    def QuickPath::parse_args( element, string )
+      # /.*?(?:\)|,)/
+      arguments = []
+      buffer = ""
+      while string and string != ""
+        c = string[0]
+        string.sub!(/^./u, "")
+        case c
+        when ?,
+          # if depth = 1, then we start a new argument
+          arguments << evaluate( buffer )
+          #arguments << evaluate( string[0..count] )
+        when ?(
+          # start a new method call
+          function( element, buffer, string )
+          buffer = ""
+        when ?)
+          # close the method call and return arguments
+          return arguments
+        else
+          buffer << c
+        end
+      end
+      ""
+    end
+  end
+end

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb

@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# frozen_string_literal: false
+# REXML is an XML toolkit for Ruby[http://www.ruby-lang.org], in Ruby.
+#
+# REXML is a _pure_ Ruby, XML 1.0 conforming,
+# non-validating[http://www.w3.org/TR/2004/REC-xml-20040204/#sec-conformance]
+# toolkit with an intuitive API.  REXML passes 100% of the non-validating Oasis
+# tests[http://www.oasis-open.org/committees/xml-conformance/xml-test-suite.shtml],
+# and provides tree, stream, SAX2, pull, and lightweight APIs.  REXML also
+# includes a full XPath[http://www.w3c.org/tr/xpath] 1.0 implementation. Since
+# Ruby 1.8, REXML is included in the standard Ruby distribution.
+#
+# Main page:: http://www.germane-software.com/software/rexml
+# Author:: Sean Russell <serATgermaneHYPHENsoftwareDOTcom>
+# Date:: 2008/019
+# Version:: 3.1.7.3
+#
+# This API documentation can be downloaded from the REXML home page, or can
+# be accessed online[http://www.germane-software.com/software/rexml_doc]
+#
+# A tutorial is available in the REXML distribution in docs/tutorial.html,
+# or can be accessed
+# online[http://www.germane-software.com/software/rexml/docs/tutorial.html]
+module REXML
+  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
+  DATE = "2008/019"
+  VERSION = "3.2.4"
+  REVISION = ""
+
+  Copyright = COPYRIGHT
+  Version = VERSION
+end

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: false
+module REXML
+  # A template for stream parser listeners.
+  # Note that the declarations (attlistdecl, elementdecl, etc) are trivially
+  # processed; REXML doesn't yet handle doctype entity declarations, so you
+  # have to parse them out yourself.
+  # === Missing methods from SAX2
+  #  ignorable_whitespace
+  # === Methods extending SAX2
+  # +WARNING+
+  # These methods are certainly going to change, until DTDs are fully
+  # supported.  Be aware of this.
+  #  start_document
+  #  end_document
+  #  doctype
+  #  elementdecl
+  #  attlistdecl
+  #  entitydecl
+  #  notationdecl
+  #  cdata
+  #  xmldecl
+  #  comment
+  module SAX2Listener
+    def start_document
+    end
+    def end_document
+    end
+    def start_prefix_mapping prefix, uri
+    end
+    def end_prefix_mapping prefix
+    end
+    def start_element uri, localname, qname, attributes
+    end
+    def end_element uri, localname, qname
+    end
+    def characters text
+    end
+    def processing_instruction target, data
+    end
+    # Handles a doctype declaration. Any attributes of the doctype which are
+    # not supplied will be nil.  # EG, <!DOCTYPE me PUBLIC "foo" "bar">
+    # @p name the name of the doctype; EG, "me"
+    # @p pub_sys "PUBLIC", "SYSTEM", or nil.  EG, "PUBLIC"
+    # @p long_name the supplied long name, or nil.  EG, "foo"
+    # @p uri the uri of the doctype, or nil.  EG, "bar"
+    def doctype name, pub_sys, long_name, uri
+    end
+    # If a doctype includes an ATTLIST declaration, it will cause this
+    # method to be called.  The content is the declaration itself, unparsed.
+    # EG, <!ATTLIST el attr CDATA #REQUIRED> will come to this method as "el
+    # attr CDATA #REQUIRED".  This is the same for all of the .*decl
+    # methods.
+    def attlistdecl(element, pairs, contents)
+    end
+    # <!ELEMENT ...>
+    def elementdecl content
+    end
+    # <!ENTITY ...>
+    # The argument passed to this method is an array of the entity
+    # declaration.  It can be in a number of formats, but in general it
+    # returns (example, result):
+    #  <!ENTITY % YN '"Yes"'>
+    #  ["%", "YN", "\"Yes\""]
+    #  <!ENTITY % YN 'Yes'>
+    #  ["%", "YN", "Yes"]
+    #  <!ENTITY WhatHeSaid "He said %YN;">
+    #  ["WhatHeSaid", "He said %YN;"]
+    #  <!ENTITY open-hatch SYSTEM "http://www.textuality.com/boilerplate/OpenHatch.xml">
+    #  ["open-hatch", "SYSTEM", "http://www.textuality.com/boilerplate/OpenHatch.xml"]
+    #  <!ENTITY open-hatch PUBLIC "-//Textuality//TEXT Standard open-hatch boilerplate//EN" "http://www.textuality.com/boilerplate/OpenHatch.xml">
+    # ["open-hatch", "PUBLIC", "-//Textuality//TEXT Standard open-hatch boilerplate//EN", "http://www.textuality.com/boilerplate/OpenHatch.xml"]
+    #  <!ENTITY hatch-pic SYSTEM "../grafix/OpenHatch.gif" NDATA gif>
+    #  ["hatch-pic", "SYSTEM", "../grafix/OpenHatch.gif", "NDATA", "gif"]
+    def entitydecl declaration
+    end
+    # <!NOTATION ...>
+    def notationdecl name, public_or_system, public_id, system_id
+    end
+    # Called when <![CDATA[ ... ]]> is encountered in a document.
+    # @p content "..."
+    def cdata content
+    end
+    # Called when an XML PI is encountered in the document.
+    # EG: <?xml version="1.0" encoding="utf"?>
+    # @p version the version attribute value.  EG, "1.0"
+    # @p encoding the encoding attribute value, or nil.  EG, "utf"
+    # @p standalone the standalone attribute value, or nil.  EG, nil
+    # @p spaced the declaration is followed by a line break
+    def xmldecl version, encoding, standalone
+    end
+    # Called when a comment is encountered.
+    # @p comment The content of the comment
+    def comment comment
+    end
+    def progress position
+    end
+  end
+end

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: false
+module REXML
+  module Security
+    @@entity_expansion_limit = 10_000
+
+    # Set the entity expansion limit. By default the limit is set to 10000.
+    def self.entity_expansion_limit=( val )
+      @@entity_expansion_limit = val
+    end
+
+    # Get the entity expansion limit. By default the limit is set to 10000.
+    def self.entity_expansion_limit
+      return @@entity_expansion_limit
+    end
+
+    @@entity_expansion_text_limit = 10_240
+
+    # Set the entity expansion limit. By default the limit is set to 10240.
+    def self.entity_expansion_text_limit=( val )
+      @@entity_expansion_text_limit = val
+    end
+
+    # Get the entity expansion limit. By default the limit is set to 10240.
+    def self.entity_expansion_text_limit
+      return @@entity_expansion_text_limit
+    end
+  end
+end

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb

@@ -0,0 +1,298 @@
+# coding: US-ASCII
+# frozen_string_literal: false
+require_relative 'encoding'
+
+module REXML
+  # Generates Source-s.  USE THIS CLASS.
+  class SourceFactory
+    # Generates a Source object
+    # @param arg Either a String, or an IO
+    # @return a Source, or nil if a bad argument was given
+    def SourceFactory::create_from(arg)
+      if arg.respond_to? :read and
+          arg.respond_to? :readline and
+          arg.respond_to? :nil? and
+          arg.respond_to? :eof?
+        IOSource.new(arg)
+      elsif arg.respond_to? :to_str
+        require 'stringio'
+        IOSource.new(StringIO.new(arg))
+      elsif arg.kind_of? Source
+        arg
+      else
+        raise "#{arg.class} is not a valid input stream.  It must walk \n"+
+          "like either a String, an IO, or a Source."
+      end
+    end
+  end
+
+  # A Source can be searched for patterns, and wraps buffers and other
+  # objects and provides consumption of text
+  class Source
+    include Encoding
+    # The current buffer (what we're going to read next)
+    attr_reader :buffer
+    # The line number of the last consumed text
+    attr_reader :line
+    attr_reader :encoding
+
+    # Constructor
+    # @param arg must be a String, and should be a valid XML document
+    # @param encoding if non-null, sets the encoding of the source to this
+    # value, overriding all encoding detection
+    def initialize(arg, encoding=nil)
+      @orig = @buffer = arg
+      if encoding
+        self.encoding = encoding
+      else
+        detect_encoding
+      end
+      @line = 0
+    end
+
+
+    # Inherited from Encoding
+    # Overridden to support optimized en/decoding
+    def encoding=(enc)
+      return unless super
+      encoding_updated
+    end
+
+    # Scans the source for a given pattern.  Note, that this is not your
+    # usual scan() method.  For one thing, the pattern argument has some
+    # requirements; for another, the source can be consumed.  You can easily
+    # confuse this method.  Originally, the patterns were easier
+    # to construct and this method more robust, because this method
+    # generated search regexps on the fly; however, this was
+    # computationally expensive and slowed down the entire REXML package
+    # considerably, since this is by far the most commonly called method.
+    # @param pattern must be a Regexp, and must be in the form of
+    # /^\s*(#{your pattern, with no groups})(.*)/.  The first group
+    # will be returned; the second group is used if the consume flag is
+    # set.
+    # @param consume if true, the pattern returned will be consumed, leaving
+    # everything after it in the Source.
+    # @return the pattern, if found, or nil if the Source is empty or the
+    # pattern is not found.
+    def scan(pattern, cons=false)
+      return nil if @buffer.nil?
+      rv = @buffer.scan(pattern)
+      @buffer = $' if cons and rv.size>0
+      rv
+    end
+
+    def read
+    end
+
+    def consume( pattern )
+      @buffer = $' if pattern.match( @buffer )
+    end
+
+    def match_to( char, pattern )
+      return pattern.match(@buffer)
+    end
+
+    def match_to_consume( char, pattern )
+      md = pattern.match(@buffer)
+      @buffer = $'
+      return md
+    end
+
+    def match(pattern, cons=false)
+      md = pattern.match(@buffer)
+      @buffer = $' if cons and md
+      return md
+    end
+
+    # @return true if the Source is exhausted
+    def empty?
+      @buffer == ""
+    end
+
+    def position
+      @orig.index( @buffer )
+    end
+
+    # @return the current line in the source
+    def current_line
+      lines = @orig.split
+      res = lines.grep @buffer[0..30]
+      res = res[-1] if res.kind_of? Array
+      lines.index( res ) if res
+    end
+
+    private
+    def detect_encoding
+      buffer_encoding = @buffer.encoding
+      detected_encoding = "UTF-8"
+      begin
+        @buffer.force_encoding("ASCII-8BIT")
+        if @buffer[0, 2] == "\xfe\xff"
+          @buffer[0, 2] = ""
+          detected_encoding = "UTF-16BE"
+        elsif @buffer[0, 2] == "\xff\xfe"
+          @buffer[0, 2] = ""
+          detected_encoding = "UTF-16LE"
+        elsif @buffer[0, 3] == "\xef\xbb\xbf"
+          @buffer[0, 3] = ""
+          detected_encoding = "UTF-8"
+        end
+      ensure
+        @buffer.force_encoding(buffer_encoding)
+      end
+      self.encoding = detected_encoding
+    end
+
+    def encoding_updated
+      if @encoding != 'UTF-8'
+        @buffer = decode(@buffer)
+        @to_utf = true
+      else
+        @to_utf = false
+        @buffer.force_encoding ::Encoding::UTF_8
+      end
+    end
+  end
+
+  # A Source that wraps an IO.  See the Source class for method
+  # documentation
+  class IOSource < Source
+    #attr_reader :block_size
+
+    # block_size has been deprecated
+    def initialize(arg, block_size=500, encoding=nil)
+      @er_source = @source = arg
+      @to_utf = false
+      @pending_buffer = nil
+
+      if encoding
+        super("", encoding)
+      else
+        super(@source.read(3) || "")
+      end
+
+      if !@to_utf and
+          @buffer.respond_to?(:force_encoding) and
+          @source.respond_to?(:external_encoding) and
+          @source.external_encoding != ::Encoding::UTF_8
+        @force_utf8 = true
+      else
+        @force_utf8 = false
+      end
+    end
+
+    def scan(pattern, cons=false)
+      rv = super
+      # You'll notice that this next section is very similar to the same
+      # section in match(), but just a liiittle different.  This is
+      # because it is a touch faster to do it this way with scan()
+      # than the way match() does it; enough faster to warrant duplicating
+      # some code
+      if rv.size == 0
+        until @buffer =~ pattern or @source.nil?
+          begin
+            @buffer << readline
+          rescue Iconv::IllegalSequence
+            raise
+          rescue
+            @source = nil
+          end
+        end
+        rv = super
+      end
+      rv.taint if RUBY_VERSION < '2.7'
+      rv
+    end
+
+    def read
+      begin
+        @buffer << readline
+      rescue Exception, NameError
+        @source = nil
+      end
+    end
+
+    def consume( pattern )
+      match( pattern, true )
+    end
+
+    def match( pattern, cons=false )
+      rv = pattern.match(@buffer)
+      @buffer = $' if cons and rv
+      while !rv and @source
+        begin
+          @buffer << readline
+          rv = pattern.match(@buffer)
+          @buffer = $' if cons and rv
+        rescue
+          @source = nil
+        end
+      end
+      rv.taint if RUBY_VERSION < '2.7'
+      rv
+    end
+
+    def empty?
+      super and ( @source.nil? || @source.eof? )
+    end
+
+    def position
+      @er_source.pos rescue 0
+    end
+
+    # @return the current line in the source
+    def current_line
+      begin
+        pos = @er_source.pos        # The byte position in the source
+        lineno = @er_source.lineno  # The XML < position in the source
+        @er_source.rewind
+        line = 0                    # The \r\n position in the source
+        begin
+          while @er_source.pos < pos
+            @er_source.readline
+            line += 1
+          end
+        rescue
+        end
+        @er_source.seek(pos)
+      rescue IOError
+        pos = -1
+        line = -1
+      end
+      [pos, lineno, line]
+    end
+
+    private
+    def readline
+      str = @source.readline(@line_break)
+      if @pending_buffer
+        if str.nil?
+          str = @pending_buffer
+        else
+          str = @pending_buffer + str
+        end
+        @pending_buffer = nil
+      end
+      return nil if str.nil?
+
+      if @to_utf
+        decode(str)
+      else
+        str.force_encoding(::Encoding::UTF_8) if @force_utf8
+        str
+      end
+    end
+
+    def encoding_updated
+      case @encoding
+      when "UTF-16BE", "UTF-16LE"
+        @source.binmode
+        @source.set_encoding(@encoding, @encoding)
+      end
+      @line_break = encode(">")
+      @pending_buffer, @buffer = @buffer, ""
+      @pending_buffer.force_encoding(@encoding)
+      super
+    end
+  end
+end