brakeman 4.10.0 → 5.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (197) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +46 -0
  3. data/README.md +11 -2
  4. data/bundle/load.rb +5 -3
  5. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/CHANGELOG.md +16 -0
  6. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/FAQ.md +0 -0
  7. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/Gemfile +1 -4
  8. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/MIT-LICENSE +0 -0
  9. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/README.md +2 -3
  10. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/REFERENCE.md +29 -7
  11. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/TODO +0 -0
  12. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/haml.gemspec +2 -1
  13. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml.rb +0 -0
  14. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_builder.rb +3 -3
  15. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_compiler.rb +42 -31
  16. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/attribute_parser.rb +0 -0
  17. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/buffer.rb +0 -0
  18. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/compiler.rb +0 -0
  19. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/engine.rb +0 -0
  20. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/error.rb +0 -0
  21. data/bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb +77 -0
  22. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/exec.rb +0 -0
  23. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/filters.rb +0 -0
  24. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/generator.rb +0 -0
  25. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers.rb +7 -1
  26. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_extensions.rb +0 -0
  27. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_mods.rb +0 -0
  28. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  29. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/safe_erubi_template.rb +0 -0
  30. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/safe_erubis_template.rb +0 -0
  31. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/helpers/xss_mods.rb +6 -3
  32. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/options.rb +0 -0
  33. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/parser.rb +32 -4
  34. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/plugin.rb +0 -0
  35. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/railtie.rb +0 -0
  36. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/sass_rails_filter.rb +0 -0
  37. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/template.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/template/options.rb +0 -0
  39. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/temple_engine.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/temple_line_counter.rb +0 -0
  41. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/util.rb +1 -1
  42. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/lib/haml/version.rb +1 -1
  43. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/yard/default/fulldoc/html/css/common.sass +0 -0
  44. data/bundle/ruby/2.7.0/gems/{haml-5.1.2 → haml-5.2.1}/yard/default/layout/html/footer.erb +0 -0
  45. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/MIT-LICENSE.txt +20 -0
  46. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel.rb +523 -0
  47. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/processor_count.rb +42 -0
  48. data/bundle/ruby/2.7.0/gems/parallel-1.20.1/lib/parallel/version.rb +3 -0
  49. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/LICENSE.txt +22 -0
  50. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/NEWS.md +178 -0
  51. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/README.md +48 -0
  52. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml.rb +3 -0
  53. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attlistdecl.rb +63 -0
  54. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/attribute.rb +205 -0
  55. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/cdata.rb +68 -0
  56. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/child.rb +97 -0
  57. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/comment.rb +80 -0
  58. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/doctype.rb +311 -0
  59. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/document.rb +451 -0
  60. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/attlistdecl.rb +11 -0
  61. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/dtd.rb +47 -0
  62. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/elementdecl.rb +18 -0
  63. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/entitydecl.rb +57 -0
  64. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/dtd/notationdecl.rb +40 -0
  65. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/element.rb +2599 -0
  66. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/encoding.rb +51 -0
  67. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/entity.rb +171 -0
  68. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/default.rb +116 -0
  69. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb +142 -0
  70. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/formatters/transitive.rb +58 -0
  71. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/functions.rb +447 -0
  72. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/instruction.rb +79 -0
  73. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/light/node.rb +188 -0
  74. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/namespace.rb +59 -0
  75. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/node.rb +76 -0
  76. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/output.rb +30 -0
  77. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parent.rb +166 -0
  78. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parseexception.rb +52 -0
  79. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +694 -0
  80. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/lightparser.rb +59 -0
  81. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb +197 -0
  82. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb +273 -0
  83. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb +61 -0
  84. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb +101 -0
  85. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/ultralightparser.rb +57 -0
  86. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/parsers/xpathparser.rb +689 -0
  87. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/quickpath.rb +266 -0
  88. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/rexml.rb +37 -0
  89. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/sax2listener.rb +98 -0
  90. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/security.rb +28 -0
  91. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/source.rb +298 -0
  92. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/streamlistener.rb +93 -0
  93. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/text.rb +424 -0
  94. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/undefinednamespaceexception.rb +9 -0
  95. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/relaxng.rb +539 -0
  96. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validation.rb +144 -0
  97. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/validation/validationexception.rb +10 -0
  98. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmldecl.rb +130 -0
  99. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xmltokens.rb +85 -0
  100. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath.rb +81 -0
  101. data/bundle/ruby/2.7.0/gems/rexml-3.2.5/lib/rexml/xpath_parser.rb +974 -0
  102. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/History.rdoc +25 -0
  103. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/Manifest.txt +2 -0
  104. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/README.rdoc +0 -0
  105. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/compare/normalize.rb +2 -2
  106. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/debugging.md +190 -0
  107. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/rp_extensions.rb +0 -0
  108. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/rp_stringscanner.rb +0 -0
  109. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby20_parser.rb +2392 -2384
  110. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby20_parser.y +6 -1
  111. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby21_parser.rb +2553 -2550
  112. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby21_parser.y +6 -1
  113. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby22_parser.rb +2491 -2471
  114. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby22_parser.y +6 -1
  115. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby23_parser.rb +2422 -2403
  116. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby23_parser.y +6 -1
  117. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby24_parser.rb +2460 -2450
  118. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby24_parser.y +6 -1
  119. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby25_parser.rb +2450 -2441
  120. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby25_parser.y +6 -1
  121. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby26_parser.rb +2444 -2433
  122. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby26_parser.y +7 -1
  123. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby27_parser.rb +7310 -0
  124. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby27_parser.y +21 -1
  125. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.rb +7310 -0
  126. data/bundle/ruby/2.7.0/gems/ruby_parser-3.16.0/lib/ruby30_parser.y +2677 -0
  127. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rb +19 -0
  128. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rex +1 -1
  129. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_lexer.rex.rb +1 -1
  130. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser.rb +2 -0
  131. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser.yy +27 -1
  132. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/lib/ruby_parser_extras.rb +2 -2
  133. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/tools/munge.rb +2 -2
  134. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.16.0}/tools/ripper.rb +0 -0
  135. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/History.rdoc +12 -0
  136. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/Manifest.txt +0 -0
  137. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/README.rdoc +0 -0
  138. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/composite_sexp_processor.rb +0 -0
  139. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/pt_testcase.rb +2 -2
  140. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp.rb +0 -0
  141. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp_matcher.rb +0 -0
  142. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/sexp_processor.rb +1 -1
  143. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/strict_sexp.rb +0 -0
  144. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.3}/lib/unique.rb +0 -0
  145. data/lib/brakeman.rb +21 -4
  146. data/lib/brakeman/app_tree.rb +36 -3
  147. data/lib/brakeman/checks/base_check.rb +7 -1
  148. data/lib/brakeman/checks/check_detailed_exceptions.rb +1 -1
  149. data/lib/brakeman/checks/check_evaluation.rb +1 -1
  150. data/lib/brakeman/checks/check_execute.rb +2 -1
  151. data/lib/brakeman/checks/check_mass_assignment.rb +4 -6
  152. data/lib/brakeman/checks/check_regex_dos.rb +1 -1
  153. data/lib/brakeman/checks/check_sanitize_methods.rb +2 -1
  154. data/lib/brakeman/checks/check_sql.rb +16 -3
  155. data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
  156. data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
  157. data/lib/brakeman/file_parser.rb +50 -22
  158. data/lib/brakeman/options.rb +5 -1
  159. data/lib/brakeman/parsers/template_parser.rb +26 -3
  160. data/lib/brakeman/processors/alias_processor.rb +91 -19
  161. data/lib/brakeman/processors/base_processor.rb +4 -4
  162. data/lib/brakeman/processors/controller_alias_processor.rb +6 -43
  163. data/lib/brakeman/processors/controller_processor.rb +1 -1
  164. data/lib/brakeman/processors/haml_template_processor.rb +8 -1
  165. data/lib/brakeman/processors/lib/call_conversion_helper.rb +10 -0
  166. data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
  167. data/lib/brakeman/processors/lib/rails3_config_processor.rb +16 -16
  168. data/lib/brakeman/processors/lib/rails4_config_processor.rb +2 -1
  169. data/lib/brakeman/processors/library_processor.rb +9 -0
  170. data/lib/brakeman/processors/output_processor.rb +1 -1
  171. data/lib/brakeman/processors/template_alias_processor.rb +5 -0
  172. data/lib/brakeman/report.rb +12 -1
  173. data/lib/brakeman/report/ignore/interactive.rb +1 -1
  174. data/lib/brakeman/report/report_base.rb +0 -2
  175. data/lib/brakeman/report/report_csv.rb +37 -60
  176. data/lib/brakeman/report/report_github.rb +31 -0
  177. data/lib/brakeman/report/report_junit.rb +2 -2
  178. data/lib/brakeman/report/report_sarif.rb +1 -1
  179. data/lib/brakeman/report/report_sonar.rb +38 -0
  180. data/lib/brakeman/report/report_tabs.rb +1 -1
  181. data/lib/brakeman/report/report_text.rb +1 -1
  182. data/lib/brakeman/rescanner.rb +7 -5
  183. data/lib/brakeman/scanner.rb +47 -18
  184. data/lib/brakeman/tracker.rb +39 -4
  185. data/lib/brakeman/tracker/collection.rb +27 -5
  186. data/lib/brakeman/tracker/config.rb +73 -0
  187. data/lib/brakeman/tracker/controller.rb +1 -1
  188. data/lib/brakeman/tracker/method_info.rb +29 -0
  189. data/lib/brakeman/util.rb +17 -4
  190. data/lib/brakeman/version.rb +1 -1
  191. data/lib/brakeman/warning.rb +10 -2
  192. data/lib/brakeman/warning_codes.rb +2 -0
  193. data/lib/ruby_parser/bm_sexp.rb +9 -9
  194. metadata +149 -84
  195. data/bundle/ruby/2.7.0/gems/haml-5.1.2/lib/haml/escapable.rb +0 -50
  196. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/debugging.md +0 -57
  197. data/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby27_parser.rb +0 -7224
@@ -0,0 +1,144 @@
1
+ # frozen_string_literal: false
2
+ require_relative 'validationexception'
3
+
4
+ module REXML
5
+ module Validation
6
+ module Validator
7
+ NILEVENT = [ nil ]
8
+ def reset
9
+ @current = @root
10
+ @root.reset
11
+ @root.previous = true
12
+ @attr_stack = []
13
+ self
14
+ end
15
+ def dump
16
+ puts @root.inspect
17
+ end
18
+ def validate( event )
19
+ @attr_stack = [] unless defined? @attr_stack
20
+ match = @current.next(event)
21
+ raise ValidationException.new( "Validation error. Expected: "+
22
+ @current.expected.join( " or " )+" from #{@current.inspect} "+
23
+ " but got #{Event.new( event[0], event[1] ).inspect}" ) unless match
24
+ @current = match
25
+
26
+ # Check for attributes
27
+ case event[0]
28
+ when :start_element
29
+ @attr_stack << event[2]
30
+ begin
31
+ sattr = [:start_attribute, nil]
32
+ eattr = [:end_attribute]
33
+ text = [:text, nil]
34
+ k, = event[2].find { |key,value|
35
+ sattr[1] = key
36
+ m = @current.next( sattr )
37
+ if m
38
+ # If the state has text children...
39
+ if m.matches?( eattr )
40
+ @current = m
41
+ else
42
+ text[1] = value
43
+ m = m.next( text )
44
+ text[1] = nil
45
+ return false unless m
46
+ @current = m if m
47
+ end
48
+ m = @current.next( eattr )
49
+ if m
50
+ @current = m
51
+ true
52
+ else
53
+ false
54
+ end
55
+ else
56
+ false
57
+ end
58
+ }
59
+ event[2].delete(k) if k
60
+ end while k
61
+ when :end_element
62
+ attrs = @attr_stack.pop
63
+ raise ValidationException.new( "Validation error. Illegal "+
64
+ " attributes: #{attrs.inspect}") if attrs.length > 0
65
+ end
66
+ end
67
+ end
68
+
69
+ class Event
70
+ def initialize(event_type, event_arg=nil )
71
+ @event_type = event_type
72
+ @event_arg = event_arg
73
+ end
74
+
75
+ attr_reader :event_type
76
+ attr_accessor :event_arg
77
+
78
+ def done?
79
+ @done
80
+ end
81
+
82
+ def single?
83
+ return (@event_type != :start_element and @event_type != :start_attribute)
84
+ end
85
+
86
+ def matches?( event )
87
+ return false unless event[0] == @event_type
88
+ case event[0]
89
+ when nil
90
+ return true
91
+ when :start_element
92
+ return true if event[1] == @event_arg
93
+ when :end_element
94
+ return true
95
+ when :start_attribute
96
+ return true if event[1] == @event_arg
97
+ when :end_attribute
98
+ return true
99
+ when :end_document
100
+ return true
101
+ when :text
102
+ return (@event_arg.nil? or @event_arg == event[1])
103
+ =begin
104
+ when :processing_instruction
105
+ false
106
+ when :xmldecl
107
+ false
108
+ when :start_doctype
109
+ false
110
+ when :end_doctype
111
+ false
112
+ when :externalentity
113
+ false
114
+ when :elementdecl
115
+ false
116
+ when :entity
117
+ false
118
+ when :attlistdecl
119
+ false
120
+ when :notationdecl
121
+ false
122
+ when :end_doctype
123
+ false
124
+ =end
125
+ else
126
+ false
127
+ end
128
+ end
129
+
130
+ def ==( other )
131
+ return false unless other.kind_of? Event
132
+ @event_type == other.event_type and @event_arg == other.event_arg
133
+ end
134
+
135
+ def to_s
136
+ inspect
137
+ end
138
+
139
+ def inspect
140
+ "#{@event_type.inspect}( #@event_arg )"
141
+ end
142
+ end
143
+ end
144
+ end
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: false
2
+ module REXML
3
+ module Validation
4
+ class ValidationException < RuntimeError
5
+ def initialize msg
6
+ super
7
+ end
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,130 @@
1
+ # frozen_string_literal: false
2
+
3
+ require_relative 'encoding'
4
+ require_relative 'source'
5
+
6
+ module REXML
7
+ # NEEDS DOCUMENTATION
8
+ class XMLDecl < Child
9
+ include Encoding
10
+
11
+ DEFAULT_VERSION = "1.0"
12
+ DEFAULT_ENCODING = "UTF-8"
13
+ DEFAULT_STANDALONE = "no"
14
+ START = "<?xml"
15
+ STOP = "?>"
16
+
17
+ attr_accessor :version, :standalone
18
+ attr_reader :writeencoding, :writethis
19
+
20
+ def initialize(version=DEFAULT_VERSION, encoding=nil, standalone=nil)
21
+ @writethis = true
22
+ @writeencoding = !encoding.nil?
23
+ if version.kind_of? XMLDecl
24
+ super()
25
+ @version = version.version
26
+ self.encoding = version.encoding
27
+ @writeencoding = version.writeencoding
28
+ @standalone = version.standalone
29
+ @writethis = version.writethis
30
+ else
31
+ super()
32
+ @version = version
33
+ self.encoding = encoding
34
+ @standalone = standalone
35
+ end
36
+ @version = DEFAULT_VERSION if @version.nil?
37
+ end
38
+
39
+ def clone
40
+ XMLDecl.new(self)
41
+ end
42
+
43
+ # indent::
44
+ # Ignored. There must be no whitespace before an XML declaration
45
+ # transitive::
46
+ # Ignored
47
+ # ie_hack::
48
+ # Ignored
49
+ def write(writer, indent=-1, transitive=false, ie_hack=false)
50
+ return nil unless @writethis or writer.kind_of? Output
51
+ writer << START
52
+ writer << " #{content encoding}"
53
+ writer << STOP
54
+ end
55
+
56
+ def ==( other )
57
+ other.kind_of?(XMLDecl) and
58
+ other.version == @version and
59
+ other.encoding == self.encoding and
60
+ other.standalone == @standalone
61
+ end
62
+
63
+ def xmldecl version, encoding, standalone
64
+ @version = version
65
+ self.encoding = encoding
66
+ @standalone = standalone
67
+ end
68
+
69
+ def node_type
70
+ :xmldecl
71
+ end
72
+
73
+ alias :stand_alone? :standalone
74
+ alias :old_enc= :encoding=
75
+
76
+ def encoding=( enc )
77
+ if enc.nil?
78
+ self.old_enc = "UTF-8"
79
+ @writeencoding = false
80
+ else
81
+ self.old_enc = enc
82
+ @writeencoding = true
83
+ end
84
+ self.dowrite
85
+ end
86
+
87
+ # Only use this if you do not want the XML declaration to be written;
88
+ # this object is ignored by the XML writer. Otherwise, instantiate your
89
+ # own XMLDecl and add it to the document.
90
+ #
91
+ # Note that XML 1.1 documents *must* include an XML declaration
92
+ def XMLDecl.default
93
+ rv = XMLDecl.new( "1.0" )
94
+ rv.nowrite
95
+ rv
96
+ end
97
+
98
+ def nowrite
99
+ @writethis = false
100
+ end
101
+
102
+ def dowrite
103
+ @writethis = true
104
+ end
105
+
106
+ def inspect
107
+ "#{START} ... #{STOP}"
108
+ end
109
+
110
+ private
111
+ def content(enc)
112
+ context = nil
113
+ context = parent.context if parent
114
+ if context and context[:prologue_quote] == :quote
115
+ quote = "\""
116
+ else
117
+ quote = "'"
118
+ end
119
+
120
+ rv = "version=#{quote}#{@version}#{quote}"
121
+ if @writeencoding or enc !~ /\Autf-8\z/i
122
+ rv << " encoding=#{quote}#{enc}#{quote}"
123
+ end
124
+ if @standalone
125
+ rv << " standalone=#{quote}#{@standalone}#{quote}"
126
+ end
127
+ rv
128
+ end
129
+ end
130
+ end
@@ -0,0 +1,85 @@
1
+ # frozen_string_literal: false
2
+ module REXML
3
+ # Defines a number of tokens used for parsing XML. Not for general
4
+ # consumption.
5
+ module XMLTokens
6
+ # From http://www.w3.org/TR/REC-xml/#sec-common-syn
7
+ #
8
+ # [4] NameStartChar ::=
9
+ # ":" |
10
+ # [A-Z] |
11
+ # "_" |
12
+ # [a-z] |
13
+ # [#xC0-#xD6] |
14
+ # [#xD8-#xF6] |
15
+ # [#xF8-#x2FF] |
16
+ # [#x370-#x37D] |
17
+ # [#x37F-#x1FFF] |
18
+ # [#x200C-#x200D] |
19
+ # [#x2070-#x218F] |
20
+ # [#x2C00-#x2FEF] |
21
+ # [#x3001-#xD7FF] |
22
+ # [#xF900-#xFDCF] |
23
+ # [#xFDF0-#xFFFD] |
24
+ # [#x10000-#xEFFFF]
25
+ name_start_chars = [
26
+ ":",
27
+ "A-Z",
28
+ "_",
29
+ "a-z",
30
+ "\\u00C0-\\u00D6",
31
+ "\\u00D8-\\u00F6",
32
+ "\\u00F8-\\u02FF",
33
+ "\\u0370-\\u037D",
34
+ "\\u037F-\\u1FFF",
35
+ "\\u200C-\\u200D",
36
+ "\\u2070-\\u218F",
37
+ "\\u2C00-\\u2FEF",
38
+ "\\u3001-\\uD7FF",
39
+ "\\uF900-\\uFDCF",
40
+ "\\uFDF0-\\uFFFD",
41
+ "\\u{10000}-\\u{EFFFF}",
42
+ ]
43
+ # From http://www.w3.org/TR/REC-xml/#sec-common-syn
44
+ #
45
+ # [4a] NameChar ::=
46
+ # NameStartChar |
47
+ # "-" |
48
+ # "." |
49
+ # [0-9] |
50
+ # #xB7 |
51
+ # [#x0300-#x036F] |
52
+ # [#x203F-#x2040]
53
+ name_chars = name_start_chars + [
54
+ "\\-",
55
+ "\\.",
56
+ "0-9",
57
+ "\\u00B7",
58
+ "\\u0300-\\u036F",
59
+ "\\u203F-\\u2040",
60
+ ]
61
+ NAME_START_CHAR = "[#{name_start_chars.join('')}]"
62
+ NAME_CHAR = "[#{name_chars.join('')}]"
63
+ NAMECHAR = NAME_CHAR # deprecated. Use NAME_CHAR instead.
64
+
65
+ # From http://www.w3.org/TR/xml-names11/#NT-NCName
66
+ #
67
+ # [6] NCNameStartChar ::= NameStartChar - ':'
68
+ ncname_start_chars = name_start_chars - [":"]
69
+ # From http://www.w3.org/TR/xml-names11/#NT-NCName
70
+ #
71
+ # [5] NCNameChar ::= NameChar - ':'
72
+ ncname_chars = name_chars - [":"]
73
+ NCNAME_STR = "[#{ncname_start_chars.join('')}][#{ncname_chars.join('')}]*"
74
+ NAME_STR = "(?:#{NCNAME_STR}:)?#{NCNAME_STR}"
75
+
76
+ NAME = "(#{NAME_START_CHAR}#{NAME_CHAR}*)"
77
+ NMTOKEN = "(?:#{NAME_CHAR})+"
78
+ NMTOKENS = "#{NMTOKEN}(\\s+#{NMTOKEN})*"
79
+ REFERENCE = "(?:&#{NAME};|&#\\d+;|&#x[0-9a-fA-F]+;)"
80
+
81
+ #REFERENCE = "(?:#{ENTITYREF}|#{CHARREF})"
82
+ #ENTITYREF = "&#{NAME};"
83
+ #CHARREF = "&#\\d+;|&#x[0-9a-fA-F]+;"
84
+ end
85
+ end
@@ -0,0 +1,81 @@
1
+ # frozen_string_literal: false
2
+ require_relative 'functions'
3
+ require_relative 'xpath_parser'
4
+
5
+ module REXML
6
+ # Wrapper class. Use this class to access the XPath functions.
7
+ class XPath
8
+ include Functions
9
+ # A base Hash object, supposing to be used when initializing a
10
+ # default empty namespaces set, but is currently unused.
11
+ # TODO: either set the namespaces=EMPTY_HASH, or deprecate this.
12
+ EMPTY_HASH = {}
13
+
14
+ # Finds and returns the first node that matches the supplied xpath.
15
+ # element::
16
+ # The context element
17
+ # path::
18
+ # The xpath to search for. If not supplied or nil, returns the first
19
+ # node matching '*'.
20
+ # namespaces::
21
+ # If supplied, a Hash which defines a namespace mapping.
22
+ # variables::
23
+ # If supplied, a Hash which maps $variables in the query
24
+ # to values. This can be used to avoid XPath injection attacks
25
+ # or to automatically handle escaping string values.
26
+ #
27
+ # XPath.first( node )
28
+ # XPath.first( doc, "//b"} )
29
+ # XPath.first( node, "a/x:b", { "x"=>"http://doofus" } )
30
+ # XPath.first( node, '/book/publisher/text()=$publisher', {}, {"publisher"=>"O'Reilly"})
31
+ def XPath::first(element, path=nil, namespaces=nil, variables={}, options={})
32
+ raise "The namespaces argument, if supplied, must be a hash object." unless namespaces.nil? or namespaces.kind_of?(Hash)
33
+ raise "The variables argument, if supplied, must be a hash object." unless variables.kind_of?(Hash)
34
+ parser = XPathParser.new(**options)
35
+ parser.namespaces = namespaces
36
+ parser.variables = variables
37
+ path = "*" unless path
38
+ element = [element] unless element.kind_of? Array
39
+ parser.parse(path, element).flatten[0]
40
+ end
41
+
42
+ # Iterates over nodes that match the given path, calling the supplied
43
+ # block with the match.
44
+ # element::
45
+ # The context element
46
+ # path::
47
+ # The xpath to search for. If not supplied or nil, defaults to '*'
48
+ # namespaces::
49
+ # If supplied, a Hash which defines a namespace mapping
50
+ # variables::
51
+ # If supplied, a Hash which maps $variables in the query
52
+ # to values. This can be used to avoid XPath injection attacks
53
+ # or to automatically handle escaping string values.
54
+ #
55
+ # XPath.each( node ) { |el| ... }
56
+ # XPath.each( node, '/*[@attr='v']' ) { |el| ... }
57
+ # XPath.each( node, 'ancestor::x' ) { |el| ... }
58
+ # XPath.each( node, '/book/publisher/text()=$publisher', {}, {"publisher"=>"O'Reilly"}) \
59
+ # {|el| ... }
60
+ def XPath::each(element, path=nil, namespaces=nil, variables={}, options={}, &block)
61
+ raise "The namespaces argument, if supplied, must be a hash object." unless namespaces.nil? or namespaces.kind_of?(Hash)
62
+ raise "The variables argument, if supplied, must be a hash object." unless variables.kind_of?(Hash)
63
+ parser = XPathParser.new(**options)
64
+ parser.namespaces = namespaces
65
+ parser.variables = variables
66
+ path = "*" unless path
67
+ element = [element] unless element.kind_of? Array
68
+ parser.parse(path, element).each( &block )
69
+ end
70
+
71
+ # Returns an array of nodes matching a given XPath.
72
+ def XPath::match(element, path=nil, namespaces=nil, variables={}, options={})
73
+ parser = XPathParser.new(**options)
74
+ parser.namespaces = namespaces
75
+ parser.variables = variables
76
+ path = "*" unless path
77
+ element = [element] unless element.kind_of? Array
78
+ parser.parse(path,element)
79
+ end
80
+ end
81
+ end