brakeman 4.10.1 → 5.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +9 -7
- data/README.md +1 -1
- data/bundle/load.rb +8 -9
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/CHANGELOG.md +1 -8
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/FAQ.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/Gemfile +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/MIT-LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/README.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/REFERENCE.md +5 -9
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/haml.gemspec +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/attribute_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/buffer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/error.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/escapable.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/exec.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/filters.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/generator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/safe_erubi_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/safe_erubis_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/helpers/xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/parser.rb +3 -31
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/plugin.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/railtie.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/sass_rails_filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/template/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/temple_engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/temple_line_counter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/util.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/lib/haml/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/yard/default/fulldoc/html/css/common.sass +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.1 → haml-5.2.0}/yard/default/layout/html/footer.erb +0 -0
- data/lib/brakeman.rb +6 -0
- data/lib/brakeman/app_tree.rb +36 -3
- data/lib/brakeman/checks/check_execute.rb +1 -1
- data/lib/brakeman/checks/check_regex_dos.rb +1 -1
- data/lib/brakeman/checks/check_unsafe_reflection_methods.rb +68 -0
- data/lib/brakeman/checks/check_verb_confusion.rb +75 -0
- data/lib/brakeman/file_parser.rb +19 -23
- data/lib/brakeman/options.rb +5 -1
- data/lib/brakeman/parsers/template_parser.rb +2 -3
- data/lib/brakeman/processors/alias_processor.rb +2 -2
- data/lib/brakeman/processors/controller_processor.rb +1 -1
- data/lib/brakeman/processors/lib/file_type_detector.rb +64 -0
- data/lib/brakeman/processors/output_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +0 -5
- data/lib/brakeman/report.rb +8 -0
- data/lib/brakeman/report/report_sonar.rb +38 -0
- data/lib/brakeman/rescanner.rb +7 -5
- data/lib/brakeman/scanner.rb +42 -18
- data/lib/brakeman/tracker.rb +6 -0
- data/lib/brakeman/tracker/controller.rb +1 -1
- data/lib/brakeman/util.rb +9 -4
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +2 -0
- data/lib/ruby_parser/bm_sexp.rb +9 -9
- metadata +49 -99
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile +0 -6
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt +0 -22
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md +0 -141
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md +0 -60
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb +0 -63
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb +0 -205
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb +0 -68
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb +0 -97
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb +0 -80
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb +0 -287
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb +0 -291
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb +0 -11
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb +0 -47
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb +0 -18
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb +0 -57
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb +0 -40
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb +0 -1269
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb +0 -51
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb +0 -171
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb +0 -116
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb +0 -142
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb +0 -58
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb +0 -447
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb +0 -79
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb +0 -196
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb +0 -59
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb +0 -76
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb +0 -30
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb +0 -166
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb +0 -52
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb +0 -594
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb +0 -59
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb +0 -197
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb +0 -273
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb +0 -61
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb +0 -101
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb +0 -57
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb +0 -675
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb +0 -266
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb +0 -32
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb +0 -98
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb +0 -28
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb +0 -298
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb +0 -93
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb +0 -424
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb +0 -9
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb +0 -539
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb +0 -144
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb +0 -10
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb +0 -130
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb +0 -85
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb +0 -81
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb +0 -968
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec +0 -84
@@ -1,80 +0,0 @@
|
|
1
|
-
# frozen_string_literal: false
|
2
|
-
require_relative "child"
|
3
|
-
|
4
|
-
module REXML
|
5
|
-
##
|
6
|
-
# Represents an XML comment; that is, text between \<!-- ... -->
|
7
|
-
class Comment < Child
|
8
|
-
include Comparable
|
9
|
-
START = "<!--"
|
10
|
-
STOP = "-->"
|
11
|
-
|
12
|
-
# The content text
|
13
|
-
|
14
|
-
attr_accessor :string
|
15
|
-
|
16
|
-
##
|
17
|
-
# Constructor. The first argument can be one of three types:
|
18
|
-
# @param first If String, the contents of this comment are set to the
|
19
|
-
# argument. If Comment, the argument is duplicated. If
|
20
|
-
# Source, the argument is scanned for a comment.
|
21
|
-
# @param second If the first argument is a Source, this argument
|
22
|
-
# should be nil, not supplied, or a Parent to be set as the parent
|
23
|
-
# of this object
|
24
|
-
def initialize( first, second = nil )
|
25
|
-
super(second)
|
26
|
-
if first.kind_of? String
|
27
|
-
@string = first
|
28
|
-
elsif first.kind_of? Comment
|
29
|
-
@string = first.string
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
def clone
|
34
|
-
Comment.new self
|
35
|
-
end
|
36
|
-
|
37
|
-
# == DEPRECATED
|
38
|
-
# See REXML::Formatters
|
39
|
-
#
|
40
|
-
# output::
|
41
|
-
# Where to write the string
|
42
|
-
# indent::
|
43
|
-
# An integer. If -1, no indenting will be used; otherwise, the
|
44
|
-
# indentation will be this number of spaces, and children will be
|
45
|
-
# indented an additional amount.
|
46
|
-
# transitive::
|
47
|
-
# Ignored by this class. The contents of comments are never modified.
|
48
|
-
# ie_hack::
|
49
|
-
# Needed for conformity to the child API, but not used by this class.
|
50
|
-
def write( output, indent=-1, transitive=false, ie_hack=false )
|
51
|
-
Kernel.warn("Comment.write is deprecated. See REXML::Formatters", uplevel: 1)
|
52
|
-
indent( output, indent )
|
53
|
-
output << START
|
54
|
-
output << @string
|
55
|
-
output << STOP
|
56
|
-
end
|
57
|
-
|
58
|
-
alias :to_s :string
|
59
|
-
|
60
|
-
##
|
61
|
-
# Compares this Comment to another; the contents of the comment are used
|
62
|
-
# in the comparison.
|
63
|
-
def <=>(other)
|
64
|
-
other.to_s <=> @string
|
65
|
-
end
|
66
|
-
|
67
|
-
##
|
68
|
-
# Compares this Comment to another; the contents of the comment are used
|
69
|
-
# in the comparison.
|
70
|
-
def ==( other )
|
71
|
-
other.kind_of? Comment and
|
72
|
-
(other <=> self) == 0
|
73
|
-
end
|
74
|
-
|
75
|
-
def node_type
|
76
|
-
:comment
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
#vim:ts=2 sw=2 noexpandtab:
|
@@ -1,287 +0,0 @@
|
|
1
|
-
# frozen_string_literal: false
|
2
|
-
require_relative "parent"
|
3
|
-
require_relative "parseexception"
|
4
|
-
require_relative "namespace"
|
5
|
-
require_relative 'entity'
|
6
|
-
require_relative 'attlistdecl'
|
7
|
-
require_relative 'xmltokens'
|
8
|
-
|
9
|
-
module REXML
|
10
|
-
# Represents an XML DOCTYPE declaration; that is, the contents of <!DOCTYPE
|
11
|
-
# ... >. DOCTYPES can be used to declare the DTD of a document, as well as
|
12
|
-
# being used to declare entities used in the document.
|
13
|
-
class DocType < Parent
|
14
|
-
include XMLTokens
|
15
|
-
START = "<!DOCTYPE"
|
16
|
-
STOP = ">"
|
17
|
-
SYSTEM = "SYSTEM"
|
18
|
-
PUBLIC = "PUBLIC"
|
19
|
-
DEFAULT_ENTITIES = {
|
20
|
-
'gt'=>EntityConst::GT,
|
21
|
-
'lt'=>EntityConst::LT,
|
22
|
-
'quot'=>EntityConst::QUOT,
|
23
|
-
"apos"=>EntityConst::APOS
|
24
|
-
}
|
25
|
-
|
26
|
-
# name is the name of the doctype
|
27
|
-
# external_id is the referenced DTD, if given
|
28
|
-
attr_reader :name, :external_id, :entities, :namespaces
|
29
|
-
|
30
|
-
# Constructor
|
31
|
-
#
|
32
|
-
# dt = DocType.new( 'foo', '-//I/Hate/External/IDs' )
|
33
|
-
# # <!DOCTYPE foo '-//I/Hate/External/IDs'>
|
34
|
-
# dt = DocType.new( doctype_to_clone )
|
35
|
-
# # Incomplete. Shallow clone of doctype
|
36
|
-
#
|
37
|
-
# +Note+ that the constructor:
|
38
|
-
#
|
39
|
-
# Doctype.new( Source.new( "<!DOCTYPE foo 'bar'>" ) )
|
40
|
-
#
|
41
|
-
# is _deprecated_. Do not use it. It will probably disappear.
|
42
|
-
def initialize( first, parent=nil )
|
43
|
-
@entities = DEFAULT_ENTITIES
|
44
|
-
@long_name = @uri = nil
|
45
|
-
if first.kind_of? String
|
46
|
-
super()
|
47
|
-
@name = first
|
48
|
-
@external_id = parent
|
49
|
-
elsif first.kind_of? DocType
|
50
|
-
super( parent )
|
51
|
-
@name = first.name
|
52
|
-
@external_id = first.external_id
|
53
|
-
elsif first.kind_of? Array
|
54
|
-
super( parent )
|
55
|
-
@name = first[0]
|
56
|
-
@external_id = first[1]
|
57
|
-
@long_name = first[2]
|
58
|
-
@uri = first[3]
|
59
|
-
elsif first.kind_of? Source
|
60
|
-
super( parent )
|
61
|
-
parser = Parsers::BaseParser.new( first )
|
62
|
-
event = parser.pull
|
63
|
-
if event[0] == :start_doctype
|
64
|
-
@name, @external_id, @long_name, @uri, = event[1..-1]
|
65
|
-
end
|
66
|
-
else
|
67
|
-
super()
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
def node_type
|
72
|
-
:doctype
|
73
|
-
end
|
74
|
-
|
75
|
-
def attributes_of element
|
76
|
-
rv = []
|
77
|
-
each do |child|
|
78
|
-
child.each do |key,val|
|
79
|
-
rv << Attribute.new(key,val)
|
80
|
-
end if child.kind_of? AttlistDecl and child.element_name == element
|
81
|
-
end
|
82
|
-
rv
|
83
|
-
end
|
84
|
-
|
85
|
-
def attribute_of element, attribute
|
86
|
-
att_decl = find do |child|
|
87
|
-
child.kind_of? AttlistDecl and
|
88
|
-
child.element_name == element and
|
89
|
-
child.include? attribute
|
90
|
-
end
|
91
|
-
return nil unless att_decl
|
92
|
-
att_decl[attribute]
|
93
|
-
end
|
94
|
-
|
95
|
-
def clone
|
96
|
-
DocType.new self
|
97
|
-
end
|
98
|
-
|
99
|
-
# output::
|
100
|
-
# Where to write the string
|
101
|
-
# indent::
|
102
|
-
# An integer. If -1, no indentation will be used; otherwise, the
|
103
|
-
# indentation will be this number of spaces, and children will be
|
104
|
-
# indented an additional amount.
|
105
|
-
# transitive::
|
106
|
-
# Ignored
|
107
|
-
# ie_hack::
|
108
|
-
# Ignored
|
109
|
-
def write( output, indent=0, transitive=false, ie_hack=false )
|
110
|
-
f = REXML::Formatters::Default.new
|
111
|
-
c = context
|
112
|
-
if c and c[:prologue_quote] == :apostrophe
|
113
|
-
quote = "'"
|
114
|
-
else
|
115
|
-
quote = "\""
|
116
|
-
end
|
117
|
-
indent( output, indent )
|
118
|
-
output << START
|
119
|
-
output << ' '
|
120
|
-
output << @name
|
121
|
-
output << " #{@external_id}" if @external_id
|
122
|
-
output << " #{quote}#{@long_name}#{quote}" if @long_name
|
123
|
-
output << " #{quote}#{@uri}#{quote}" if @uri
|
124
|
-
unless @children.empty?
|
125
|
-
output << ' ['
|
126
|
-
@children.each { |child|
|
127
|
-
output << "\n"
|
128
|
-
f.write( child, output )
|
129
|
-
}
|
130
|
-
output << "\n]"
|
131
|
-
end
|
132
|
-
output << STOP
|
133
|
-
end
|
134
|
-
|
135
|
-
def context
|
136
|
-
if @parent
|
137
|
-
@parent.context
|
138
|
-
else
|
139
|
-
nil
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
def entity( name )
|
144
|
-
@entities[name].unnormalized if @entities[name]
|
145
|
-
end
|
146
|
-
|
147
|
-
def add child
|
148
|
-
super(child)
|
149
|
-
@entities = DEFAULT_ENTITIES.clone if @entities == DEFAULT_ENTITIES
|
150
|
-
@entities[ child.name ] = child if child.kind_of? Entity
|
151
|
-
end
|
152
|
-
|
153
|
-
# This method retrieves the public identifier identifying the document's
|
154
|
-
# DTD.
|
155
|
-
#
|
156
|
-
# Method contributed by Henrik Martensson
|
157
|
-
def public
|
158
|
-
case @external_id
|
159
|
-
when "SYSTEM"
|
160
|
-
nil
|
161
|
-
when "PUBLIC"
|
162
|
-
strip_quotes(@long_name)
|
163
|
-
end
|
164
|
-
end
|
165
|
-
|
166
|
-
# This method retrieves the system identifier identifying the document's DTD
|
167
|
-
#
|
168
|
-
# Method contributed by Henrik Martensson
|
169
|
-
def system
|
170
|
-
case @external_id
|
171
|
-
when "SYSTEM"
|
172
|
-
strip_quotes(@long_name)
|
173
|
-
when "PUBLIC"
|
174
|
-
@uri.kind_of?(String) ? strip_quotes(@uri) : nil
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
# This method returns a list of notations that have been declared in the
|
179
|
-
# _internal_ DTD subset. Notations in the external DTD subset are not
|
180
|
-
# listed.
|
181
|
-
#
|
182
|
-
# Method contributed by Henrik Martensson
|
183
|
-
def notations
|
184
|
-
children().select {|node| node.kind_of?(REXML::NotationDecl)}
|
185
|
-
end
|
186
|
-
|
187
|
-
# Retrieves a named notation. Only notations declared in the internal
|
188
|
-
# DTD subset can be retrieved.
|
189
|
-
#
|
190
|
-
# Method contributed by Henrik Martensson
|
191
|
-
def notation(name)
|
192
|
-
notations.find { |notation_decl|
|
193
|
-
notation_decl.name == name
|
194
|
-
}
|
195
|
-
end
|
196
|
-
|
197
|
-
private
|
198
|
-
|
199
|
-
# Method contributed by Henrik Martensson
|
200
|
-
def strip_quotes(quoted_string)
|
201
|
-
quoted_string =~ /^[\'\"].*[\'\"]$/ ?
|
202
|
-
quoted_string[1, quoted_string.length-2] :
|
203
|
-
quoted_string
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
# We don't really handle any of these since we're not a validating
|
208
|
-
# parser, so we can be pretty dumb about them. All we need to be able
|
209
|
-
# to do is spew them back out on a write()
|
210
|
-
|
211
|
-
# This is an abstract class. You never use this directly; it serves as a
|
212
|
-
# parent class for the specific declarations.
|
213
|
-
class Declaration < Child
|
214
|
-
def initialize src
|
215
|
-
super()
|
216
|
-
@string = src
|
217
|
-
end
|
218
|
-
|
219
|
-
def to_s
|
220
|
-
@string+'>'
|
221
|
-
end
|
222
|
-
|
223
|
-
# == DEPRECATED
|
224
|
-
# See REXML::Formatters
|
225
|
-
#
|
226
|
-
def write( output, indent )
|
227
|
-
output << to_s
|
228
|
-
end
|
229
|
-
end
|
230
|
-
|
231
|
-
public
|
232
|
-
class ElementDecl < Declaration
|
233
|
-
def initialize( src )
|
234
|
-
super
|
235
|
-
end
|
236
|
-
end
|
237
|
-
|
238
|
-
class ExternalEntity < Child
|
239
|
-
def initialize( src )
|
240
|
-
super()
|
241
|
-
@entity = src
|
242
|
-
end
|
243
|
-
def to_s
|
244
|
-
@entity
|
245
|
-
end
|
246
|
-
def write( output, indent )
|
247
|
-
output << @entity
|
248
|
-
end
|
249
|
-
end
|
250
|
-
|
251
|
-
class NotationDecl < Child
|
252
|
-
attr_accessor :public, :system
|
253
|
-
def initialize name, middle, pub, sys
|
254
|
-
super(nil)
|
255
|
-
@name = name
|
256
|
-
@middle = middle
|
257
|
-
@public = pub
|
258
|
-
@system = sys
|
259
|
-
end
|
260
|
-
|
261
|
-
def to_s
|
262
|
-
c = nil
|
263
|
-
c = parent.context if parent
|
264
|
-
if c and c[:prologue_quote] == :apostrophe
|
265
|
-
quote = "'"
|
266
|
-
else
|
267
|
-
quote = "\""
|
268
|
-
end
|
269
|
-
notation = "<!NOTATION #{@name} #{@middle}"
|
270
|
-
notation << " #{quote}#{@public}#{quote}" if @public
|
271
|
-
notation << " #{quote}#{@system}#{quote}" if @system
|
272
|
-
notation << ">"
|
273
|
-
notation
|
274
|
-
end
|
275
|
-
|
276
|
-
def write( output, indent=-1 )
|
277
|
-
output << to_s
|
278
|
-
end
|
279
|
-
|
280
|
-
# This method retrieves the name of the notation.
|
281
|
-
#
|
282
|
-
# Method contributed by Henrik Martensson
|
283
|
-
def name
|
284
|
-
@name
|
285
|
-
end
|
286
|
-
end
|
287
|
-
end
|
@@ -1,291 +0,0 @@
|
|
1
|
-
# frozen_string_literal: false
|
2
|
-
require_relative "security"
|
3
|
-
require_relative "element"
|
4
|
-
require_relative "xmldecl"
|
5
|
-
require_relative "source"
|
6
|
-
require_relative "comment"
|
7
|
-
require_relative "doctype"
|
8
|
-
require_relative "instruction"
|
9
|
-
require_relative "rexml"
|
10
|
-
require_relative "parseexception"
|
11
|
-
require_relative "output"
|
12
|
-
require_relative "parsers/baseparser"
|
13
|
-
require_relative "parsers/streamparser"
|
14
|
-
require_relative "parsers/treeparser"
|
15
|
-
|
16
|
-
module REXML
|
17
|
-
# Represents a full XML document, including PIs, a doctype, etc. A
|
18
|
-
# Document has a single child that can be accessed by root().
|
19
|
-
# Note that if you want to have an XML declaration written for a document
|
20
|
-
# you create, you must add one; REXML documents do not write a default
|
21
|
-
# declaration for you. See |DECLARATION| and |write|.
|
22
|
-
class Document < Element
|
23
|
-
# A convenient default XML declaration. If you want an XML declaration,
|
24
|
-
# the easiest way to add one is mydoc << Document::DECLARATION
|
25
|
-
# +DEPRECATED+
|
26
|
-
# Use: mydoc << XMLDecl.default
|
27
|
-
DECLARATION = XMLDecl.default
|
28
|
-
|
29
|
-
# Constructor
|
30
|
-
# @param source if supplied, must be a Document, String, or IO.
|
31
|
-
# Documents have their context and Element attributes cloned.
|
32
|
-
# Strings are expected to be valid XML documents. IOs are expected
|
33
|
-
# to be sources of valid XML documents.
|
34
|
-
# @param context if supplied, contains the context of the document;
|
35
|
-
# this should be a Hash.
|
36
|
-
def initialize( source = nil, context = {} )
|
37
|
-
@entity_expansion_count = 0
|
38
|
-
super()
|
39
|
-
@context = context
|
40
|
-
return if source.nil?
|
41
|
-
if source.kind_of? Document
|
42
|
-
@context = source.context
|
43
|
-
super source
|
44
|
-
else
|
45
|
-
build( source )
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def node_type
|
50
|
-
:document
|
51
|
-
end
|
52
|
-
|
53
|
-
# Should be obvious
|
54
|
-
def clone
|
55
|
-
Document.new self
|
56
|
-
end
|
57
|
-
|
58
|
-
# According to the XML spec, a root node has no expanded name
|
59
|
-
def expanded_name
|
60
|
-
''
|
61
|
-
#d = doc_type
|
62
|
-
#d ? d.name : "UNDEFINED"
|
63
|
-
end
|
64
|
-
|
65
|
-
alias :name :expanded_name
|
66
|
-
|
67
|
-
# We override this, because XMLDecls and DocTypes must go at the start
|
68
|
-
# of the document
|
69
|
-
def add( child )
|
70
|
-
if child.kind_of? XMLDecl
|
71
|
-
if @children[0].kind_of? XMLDecl
|
72
|
-
@children[0] = child
|
73
|
-
else
|
74
|
-
@children.unshift child
|
75
|
-
end
|
76
|
-
child.parent = self
|
77
|
-
elsif child.kind_of? DocType
|
78
|
-
# Find first Element or DocType node and insert the decl right
|
79
|
-
# before it. If there is no such node, just insert the child at the
|
80
|
-
# end. If there is a child and it is an DocType, then replace it.
|
81
|
-
insert_before_index = @children.find_index { |x|
|
82
|
-
x.kind_of?(Element) || x.kind_of?(DocType)
|
83
|
-
}
|
84
|
-
if insert_before_index # Not null = not end of list
|
85
|
-
if @children[ insert_before_index ].kind_of? DocType
|
86
|
-
@children[ insert_before_index ] = child
|
87
|
-
else
|
88
|
-
@children[ insert_before_index-1, 0 ] = child
|
89
|
-
end
|
90
|
-
else # Insert at end of list
|
91
|
-
@children << child
|
92
|
-
end
|
93
|
-
child.parent = self
|
94
|
-
else
|
95
|
-
rv = super
|
96
|
-
raise "attempted adding second root element to document" if @elements.size > 1
|
97
|
-
rv
|
98
|
-
end
|
99
|
-
end
|
100
|
-
alias :<< :add
|
101
|
-
|
102
|
-
def add_element(arg=nil, arg2=nil)
|
103
|
-
rv = super
|
104
|
-
raise "attempted adding second root element to document" if @elements.size > 1
|
105
|
-
rv
|
106
|
-
end
|
107
|
-
|
108
|
-
# @return the root Element of the document, or nil if this document
|
109
|
-
# has no children.
|
110
|
-
def root
|
111
|
-
elements[1]
|
112
|
-
#self
|
113
|
-
#@children.find { |item| item.kind_of? Element }
|
114
|
-
end
|
115
|
-
|
116
|
-
# @return the DocType child of the document, if one exists,
|
117
|
-
# and nil otherwise.
|
118
|
-
def doctype
|
119
|
-
@children.find { |item| item.kind_of? DocType }
|
120
|
-
end
|
121
|
-
|
122
|
-
# @return the XMLDecl of this document; if no XMLDecl has been
|
123
|
-
# set, the default declaration is returned.
|
124
|
-
def xml_decl
|
125
|
-
rv = @children[0]
|
126
|
-
return rv if rv.kind_of? XMLDecl
|
127
|
-
@children.unshift(XMLDecl.default)[0]
|
128
|
-
end
|
129
|
-
|
130
|
-
# @return the XMLDecl version of this document as a String.
|
131
|
-
# If no XMLDecl has been set, returns the default version.
|
132
|
-
def version
|
133
|
-
xml_decl().version
|
134
|
-
end
|
135
|
-
|
136
|
-
# @return the XMLDecl encoding of this document as an
|
137
|
-
# Encoding object.
|
138
|
-
# If no XMLDecl has been set, returns the default encoding.
|
139
|
-
def encoding
|
140
|
-
xml_decl().encoding
|
141
|
-
end
|
142
|
-
|
143
|
-
# @return the XMLDecl standalone value of this document as a String.
|
144
|
-
# If no XMLDecl has been set, returns the default setting.
|
145
|
-
def stand_alone?
|
146
|
-
xml_decl().stand_alone?
|
147
|
-
end
|
148
|
-
|
149
|
-
# :call-seq:
|
150
|
-
# doc.write(output=$stdout, indent=-1, transtive=false, ie_hack=false, encoding=nil)
|
151
|
-
# doc.write(options={:output => $stdout, :indent => -1, :transtive => false, :ie_hack => false, :encoding => nil})
|
152
|
-
#
|
153
|
-
# Write the XML tree out, optionally with indent. This writes out the
|
154
|
-
# entire XML document, including XML declarations, doctype declarations,
|
155
|
-
# and processing instructions (if any are given).
|
156
|
-
#
|
157
|
-
# A controversial point is whether Document should always write the XML
|
158
|
-
# declaration (<?xml version='1.0'?>) whether or not one is given by the
|
159
|
-
# user (or source document). REXML does not write one if one was not
|
160
|
-
# specified, because it adds unnecessary bandwidth to applications such
|
161
|
-
# as XML-RPC.
|
162
|
-
#
|
163
|
-
# Accept Nth argument style and options Hash style as argument.
|
164
|
-
# The recommended style is options Hash style for one or more
|
165
|
-
# arguments case.
|
166
|
-
#
|
167
|
-
# _Examples_
|
168
|
-
# Document.new("<a><b/></a>").write
|
169
|
-
#
|
170
|
-
# output = ""
|
171
|
-
# Document.new("<a><b/></a>").write(output)
|
172
|
-
#
|
173
|
-
# output = ""
|
174
|
-
# Document.new("<a><b/></a>").write(:output => output, :indent => 2)
|
175
|
-
#
|
176
|
-
# See also the classes in the rexml/formatters package for the proper way
|
177
|
-
# to change the default formatting of XML output.
|
178
|
-
#
|
179
|
-
# _Examples_
|
180
|
-
#
|
181
|
-
# output = ""
|
182
|
-
# tr = Transitive.new
|
183
|
-
# tr.write(Document.new("<a><b/></a>"), output)
|
184
|
-
#
|
185
|
-
# output::
|
186
|
-
# output an object which supports '<< string'; this is where the
|
187
|
-
# document will be written.
|
188
|
-
# indent::
|
189
|
-
# An integer. If -1, no indenting will be used; otherwise, the
|
190
|
-
# indentation will be twice this number of spaces, and children will be
|
191
|
-
# indented an additional amount. For a value of 3, every item will be
|
192
|
-
# indented 3 more levels, or 6 more spaces (2 * 3). Defaults to -1
|
193
|
-
# transitive::
|
194
|
-
# If transitive is true and indent is >= 0, then the output will be
|
195
|
-
# pretty-printed in such a way that the added whitespace does not affect
|
196
|
-
# the absolute *value* of the document -- that is, it leaves the value
|
197
|
-
# and number of Text nodes in the document unchanged.
|
198
|
-
# ie_hack::
|
199
|
-
# This hack inserts a space before the /> on empty tags to address
|
200
|
-
# a limitation of Internet Explorer. Defaults to false
|
201
|
-
# encoding::
|
202
|
-
# Encoding name as String. Change output encoding to specified encoding
|
203
|
-
# instead of encoding in XML declaration.
|
204
|
-
# Defaults to nil. It means encoding in XML declaration is used.
|
205
|
-
def write(*arguments)
|
206
|
-
if arguments.size == 1 and arguments[0].class == Hash
|
207
|
-
options = arguments[0]
|
208
|
-
|
209
|
-
output = options[:output]
|
210
|
-
indent = options[:indent]
|
211
|
-
transitive = options[:transitive]
|
212
|
-
ie_hack = options[:ie_hack]
|
213
|
-
encoding = options[:encoding]
|
214
|
-
else
|
215
|
-
output, indent, transitive, ie_hack, encoding, = *arguments
|
216
|
-
end
|
217
|
-
|
218
|
-
output ||= $stdout
|
219
|
-
indent ||= -1
|
220
|
-
transitive = false if transitive.nil?
|
221
|
-
ie_hack = false if ie_hack.nil?
|
222
|
-
encoding ||= xml_decl.encoding
|
223
|
-
|
224
|
-
if encoding != 'UTF-8' && !output.kind_of?(Output)
|
225
|
-
output = Output.new( output, encoding )
|
226
|
-
end
|
227
|
-
formatter = if indent > -1
|
228
|
-
if transitive
|
229
|
-
require_relative "formatters/transitive"
|
230
|
-
REXML::Formatters::Transitive.new( indent, ie_hack )
|
231
|
-
else
|
232
|
-
REXML::Formatters::Pretty.new( indent, ie_hack )
|
233
|
-
end
|
234
|
-
else
|
235
|
-
REXML::Formatters::Default.new( ie_hack )
|
236
|
-
end
|
237
|
-
formatter.write( self, output )
|
238
|
-
end
|
239
|
-
|
240
|
-
|
241
|
-
def Document::parse_stream( source, listener )
|
242
|
-
Parsers::StreamParser.new( source, listener ).parse
|
243
|
-
end
|
244
|
-
|
245
|
-
# Set the entity expansion limit. By default the limit is set to 10000.
|
246
|
-
#
|
247
|
-
# Deprecated. Use REXML::Security.entity_expansion_limit= instead.
|
248
|
-
def Document::entity_expansion_limit=( val )
|
249
|
-
Security.entity_expansion_limit = val
|
250
|
-
end
|
251
|
-
|
252
|
-
# Get the entity expansion limit. By default the limit is set to 10000.
|
253
|
-
#
|
254
|
-
# Deprecated. Use REXML::Security.entity_expansion_limit= instead.
|
255
|
-
def Document::entity_expansion_limit
|
256
|
-
return Security.entity_expansion_limit
|
257
|
-
end
|
258
|
-
|
259
|
-
# Set the entity expansion limit. By default the limit is set to 10240.
|
260
|
-
#
|
261
|
-
# Deprecated. Use REXML::Security.entity_expansion_text_limit= instead.
|
262
|
-
def Document::entity_expansion_text_limit=( val )
|
263
|
-
Security.entity_expansion_text_limit = val
|
264
|
-
end
|
265
|
-
|
266
|
-
# Get the entity expansion limit. By default the limit is set to 10240.
|
267
|
-
#
|
268
|
-
# Deprecated. Use REXML::Security.entity_expansion_text_limit instead.
|
269
|
-
def Document::entity_expansion_text_limit
|
270
|
-
return Security.entity_expansion_text_limit
|
271
|
-
end
|
272
|
-
|
273
|
-
attr_reader :entity_expansion_count
|
274
|
-
|
275
|
-
def record_entity_expansion
|
276
|
-
@entity_expansion_count += 1
|
277
|
-
if @entity_expansion_count > Security.entity_expansion_limit
|
278
|
-
raise "number of entity expansions exceeded, processing aborted."
|
279
|
-
end
|
280
|
-
end
|
281
|
-
|
282
|
-
def document
|
283
|
-
self
|
284
|
-
end
|
285
|
-
|
286
|
-
private
|
287
|
-
def build( source )
|
288
|
-
Parsers::TreeParser.new( source, self ).parse
|
289
|
-
end
|
290
|
-
end
|
291
|
-
end
|