brakeman 5.0.0.pre1 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +23 -0
- data/bundle/load.rb +9 -8
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/CHANGELOG.md +8 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/FAQ.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/Gemfile +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/MIT-LICENSE +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/README.md +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/REFERENCE.md +9 -5
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/TODO +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/haml.gemspec +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_builder.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/buffer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/compiler.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/error.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/escapable.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/exec.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/filters.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/generator.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/safe_erubi_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/safe_erubis_template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/xss_mods.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/parser.rb +31 -3
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/plugin.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/railtie.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/sass_rails_filter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/template.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/template/options.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/temple_engine.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/temple_line_counter.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/util.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/version.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/yard/default/fulldoc/html/css/common.sass +0 -0
- data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/yard/default/layout/html/footer.erb +0 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile +6 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt +22 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md +141 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md +60 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb +63 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb +205 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb +68 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb +97 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb +80 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb +287 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb +291 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb +11 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb +47 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb +18 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb +40 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb +1269 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb +51 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb +171 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb +116 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb +142 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb +58 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb +447 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb +79 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb +196 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb +76 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb +30 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb +166 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb +52 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb +594 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb +59 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb +197 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb +273 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb +61 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb +101 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb +57 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb +675 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb +266 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb +32 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb +98 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb +28 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb +298 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb +93 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb +424 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb +9 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb +539 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb +144 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb +10 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb +130 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb +85 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb +81 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb +968 -0
- data/bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec +84 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/compare/normalize.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/debugging.md +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby20_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby20_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby21_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby21_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby22_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby22_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby23_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby23_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby24_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby24_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby25_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby25_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby26_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby26_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby27_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby27_parser.y +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rex.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser.yy +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser_extras.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/tools/munge.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/tools/ripper.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/History.rdoc +6 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/Manifest.txt +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/README.rdoc +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/pt_testcase.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp_matcher.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/unique.rb +0 -0
- data/lib/brakeman/checks/base_check.rb +7 -1
- data/lib/brakeman/checks/check_execute.rb +2 -1
- data/lib/brakeman/checks/check_regex_dos.rb +1 -1
- data/lib/brakeman/checks/check_sql.rb +1 -1
- data/lib/brakeman/file_parser.rb +5 -0
- data/lib/brakeman/processors/alias_processor.rb +20 -4
- data/lib/brakeman/processors/controller_processor.rb +1 -1
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +16 -16
- data/lib/brakeman/processors/output_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +5 -0
- data/lib/brakeman/report/report_base.rb +0 -2
- data/lib/brakeman/report/report_csv.rb +37 -60
- data/lib/brakeman/report/report_junit.rb +2 -2
- data/lib/brakeman/report/report_sarif.rb +1 -1
- data/lib/brakeman/report/report_tabs.rb +1 -1
- data/lib/brakeman/report/report_text.rb +1 -1
- data/lib/brakeman/scanner.rb +3 -1
- data/lib/brakeman/tracker/config.rb +73 -0
- data/lib/brakeman/tracker/controller.rb +1 -1
- data/lib/brakeman/util.rb +2 -2
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +10 -2
- data/lib/ruby_parser/bm_sexp.rb +9 -9
- metadata +139 -85
@@ -0,0 +1,287 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
require_relative "parent"
|
3
|
+
require_relative "parseexception"
|
4
|
+
require_relative "namespace"
|
5
|
+
require_relative 'entity'
|
6
|
+
require_relative 'attlistdecl'
|
7
|
+
require_relative 'xmltokens'
|
8
|
+
|
9
|
+
module REXML
|
10
|
+
# Represents an XML DOCTYPE declaration; that is, the contents of <!DOCTYPE
|
11
|
+
# ... >. DOCTYPES can be used to declare the DTD of a document, as well as
|
12
|
+
# being used to declare entities used in the document.
|
13
|
+
class DocType < Parent
|
14
|
+
include XMLTokens
|
15
|
+
START = "<!DOCTYPE"
|
16
|
+
STOP = ">"
|
17
|
+
SYSTEM = "SYSTEM"
|
18
|
+
PUBLIC = "PUBLIC"
|
19
|
+
DEFAULT_ENTITIES = {
|
20
|
+
'gt'=>EntityConst::GT,
|
21
|
+
'lt'=>EntityConst::LT,
|
22
|
+
'quot'=>EntityConst::QUOT,
|
23
|
+
"apos"=>EntityConst::APOS
|
24
|
+
}
|
25
|
+
|
26
|
+
# name is the name of the doctype
|
27
|
+
# external_id is the referenced DTD, if given
|
28
|
+
attr_reader :name, :external_id, :entities, :namespaces
|
29
|
+
|
30
|
+
# Constructor
|
31
|
+
#
|
32
|
+
# dt = DocType.new( 'foo', '-//I/Hate/External/IDs' )
|
33
|
+
# # <!DOCTYPE foo '-//I/Hate/External/IDs'>
|
34
|
+
# dt = DocType.new( doctype_to_clone )
|
35
|
+
# # Incomplete. Shallow clone of doctype
|
36
|
+
#
|
37
|
+
# +Note+ that the constructor:
|
38
|
+
#
|
39
|
+
# Doctype.new( Source.new( "<!DOCTYPE foo 'bar'>" ) )
|
40
|
+
#
|
41
|
+
# is _deprecated_. Do not use it. It will probably disappear.
|
42
|
+
def initialize( first, parent=nil )
|
43
|
+
@entities = DEFAULT_ENTITIES
|
44
|
+
@long_name = @uri = nil
|
45
|
+
if first.kind_of? String
|
46
|
+
super()
|
47
|
+
@name = first
|
48
|
+
@external_id = parent
|
49
|
+
elsif first.kind_of? DocType
|
50
|
+
super( parent )
|
51
|
+
@name = first.name
|
52
|
+
@external_id = first.external_id
|
53
|
+
elsif first.kind_of? Array
|
54
|
+
super( parent )
|
55
|
+
@name = first[0]
|
56
|
+
@external_id = first[1]
|
57
|
+
@long_name = first[2]
|
58
|
+
@uri = first[3]
|
59
|
+
elsif first.kind_of? Source
|
60
|
+
super( parent )
|
61
|
+
parser = Parsers::BaseParser.new( first )
|
62
|
+
event = parser.pull
|
63
|
+
if event[0] == :start_doctype
|
64
|
+
@name, @external_id, @long_name, @uri, = event[1..-1]
|
65
|
+
end
|
66
|
+
else
|
67
|
+
super()
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def node_type
|
72
|
+
:doctype
|
73
|
+
end
|
74
|
+
|
75
|
+
def attributes_of element
|
76
|
+
rv = []
|
77
|
+
each do |child|
|
78
|
+
child.each do |key,val|
|
79
|
+
rv << Attribute.new(key,val)
|
80
|
+
end if child.kind_of? AttlistDecl and child.element_name == element
|
81
|
+
end
|
82
|
+
rv
|
83
|
+
end
|
84
|
+
|
85
|
+
def attribute_of element, attribute
|
86
|
+
att_decl = find do |child|
|
87
|
+
child.kind_of? AttlistDecl and
|
88
|
+
child.element_name == element and
|
89
|
+
child.include? attribute
|
90
|
+
end
|
91
|
+
return nil unless att_decl
|
92
|
+
att_decl[attribute]
|
93
|
+
end
|
94
|
+
|
95
|
+
def clone
|
96
|
+
DocType.new self
|
97
|
+
end
|
98
|
+
|
99
|
+
# output::
|
100
|
+
# Where to write the string
|
101
|
+
# indent::
|
102
|
+
# An integer. If -1, no indentation will be used; otherwise, the
|
103
|
+
# indentation will be this number of spaces, and children will be
|
104
|
+
# indented an additional amount.
|
105
|
+
# transitive::
|
106
|
+
# Ignored
|
107
|
+
# ie_hack::
|
108
|
+
# Ignored
|
109
|
+
def write( output, indent=0, transitive=false, ie_hack=false )
|
110
|
+
f = REXML::Formatters::Default.new
|
111
|
+
c = context
|
112
|
+
if c and c[:prologue_quote] == :apostrophe
|
113
|
+
quote = "'"
|
114
|
+
else
|
115
|
+
quote = "\""
|
116
|
+
end
|
117
|
+
indent( output, indent )
|
118
|
+
output << START
|
119
|
+
output << ' '
|
120
|
+
output << @name
|
121
|
+
output << " #{@external_id}" if @external_id
|
122
|
+
output << " #{quote}#{@long_name}#{quote}" if @long_name
|
123
|
+
output << " #{quote}#{@uri}#{quote}" if @uri
|
124
|
+
unless @children.empty?
|
125
|
+
output << ' ['
|
126
|
+
@children.each { |child|
|
127
|
+
output << "\n"
|
128
|
+
f.write( child, output )
|
129
|
+
}
|
130
|
+
output << "\n]"
|
131
|
+
end
|
132
|
+
output << STOP
|
133
|
+
end
|
134
|
+
|
135
|
+
def context
|
136
|
+
if @parent
|
137
|
+
@parent.context
|
138
|
+
else
|
139
|
+
nil
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
def entity( name )
|
144
|
+
@entities[name].unnormalized if @entities[name]
|
145
|
+
end
|
146
|
+
|
147
|
+
def add child
|
148
|
+
super(child)
|
149
|
+
@entities = DEFAULT_ENTITIES.clone if @entities == DEFAULT_ENTITIES
|
150
|
+
@entities[ child.name ] = child if child.kind_of? Entity
|
151
|
+
end
|
152
|
+
|
153
|
+
# This method retrieves the public identifier identifying the document's
|
154
|
+
# DTD.
|
155
|
+
#
|
156
|
+
# Method contributed by Henrik Martensson
|
157
|
+
def public
|
158
|
+
case @external_id
|
159
|
+
when "SYSTEM"
|
160
|
+
nil
|
161
|
+
when "PUBLIC"
|
162
|
+
strip_quotes(@long_name)
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
166
|
+
# This method retrieves the system identifier identifying the document's DTD
|
167
|
+
#
|
168
|
+
# Method contributed by Henrik Martensson
|
169
|
+
def system
|
170
|
+
case @external_id
|
171
|
+
when "SYSTEM"
|
172
|
+
strip_quotes(@long_name)
|
173
|
+
when "PUBLIC"
|
174
|
+
@uri.kind_of?(String) ? strip_quotes(@uri) : nil
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
# This method returns a list of notations that have been declared in the
|
179
|
+
# _internal_ DTD subset. Notations in the external DTD subset are not
|
180
|
+
# listed.
|
181
|
+
#
|
182
|
+
# Method contributed by Henrik Martensson
|
183
|
+
def notations
|
184
|
+
children().select {|node| node.kind_of?(REXML::NotationDecl)}
|
185
|
+
end
|
186
|
+
|
187
|
+
# Retrieves a named notation. Only notations declared in the internal
|
188
|
+
# DTD subset can be retrieved.
|
189
|
+
#
|
190
|
+
# Method contributed by Henrik Martensson
|
191
|
+
def notation(name)
|
192
|
+
notations.find { |notation_decl|
|
193
|
+
notation_decl.name == name
|
194
|
+
}
|
195
|
+
end
|
196
|
+
|
197
|
+
private
|
198
|
+
|
199
|
+
# Method contributed by Henrik Martensson
|
200
|
+
def strip_quotes(quoted_string)
|
201
|
+
quoted_string =~ /^[\'\"].*[\'\"]$/ ?
|
202
|
+
quoted_string[1, quoted_string.length-2] :
|
203
|
+
quoted_string
|
204
|
+
end
|
205
|
+
end
|
206
|
+
|
207
|
+
# We don't really handle any of these since we're not a validating
|
208
|
+
# parser, so we can be pretty dumb about them. All we need to be able
|
209
|
+
# to do is spew them back out on a write()
|
210
|
+
|
211
|
+
# This is an abstract class. You never use this directly; it serves as a
|
212
|
+
# parent class for the specific declarations.
|
213
|
+
class Declaration < Child
|
214
|
+
def initialize src
|
215
|
+
super()
|
216
|
+
@string = src
|
217
|
+
end
|
218
|
+
|
219
|
+
def to_s
|
220
|
+
@string+'>'
|
221
|
+
end
|
222
|
+
|
223
|
+
# == DEPRECATED
|
224
|
+
# See REXML::Formatters
|
225
|
+
#
|
226
|
+
def write( output, indent )
|
227
|
+
output << to_s
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
231
|
+
public
|
232
|
+
class ElementDecl < Declaration
|
233
|
+
def initialize( src )
|
234
|
+
super
|
235
|
+
end
|
236
|
+
end
|
237
|
+
|
238
|
+
class ExternalEntity < Child
|
239
|
+
def initialize( src )
|
240
|
+
super()
|
241
|
+
@entity = src
|
242
|
+
end
|
243
|
+
def to_s
|
244
|
+
@entity
|
245
|
+
end
|
246
|
+
def write( output, indent )
|
247
|
+
output << @entity
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
251
|
+
class NotationDecl < Child
|
252
|
+
attr_accessor :public, :system
|
253
|
+
def initialize name, middle, pub, sys
|
254
|
+
super(nil)
|
255
|
+
@name = name
|
256
|
+
@middle = middle
|
257
|
+
@public = pub
|
258
|
+
@system = sys
|
259
|
+
end
|
260
|
+
|
261
|
+
def to_s
|
262
|
+
c = nil
|
263
|
+
c = parent.context if parent
|
264
|
+
if c and c[:prologue_quote] == :apostrophe
|
265
|
+
quote = "'"
|
266
|
+
else
|
267
|
+
quote = "\""
|
268
|
+
end
|
269
|
+
notation = "<!NOTATION #{@name} #{@middle}"
|
270
|
+
notation << " #{quote}#{@public}#{quote}" if @public
|
271
|
+
notation << " #{quote}#{@system}#{quote}" if @system
|
272
|
+
notation << ">"
|
273
|
+
notation
|
274
|
+
end
|
275
|
+
|
276
|
+
def write( output, indent=-1 )
|
277
|
+
output << to_s
|
278
|
+
end
|
279
|
+
|
280
|
+
# This method retrieves the name of the notation.
|
281
|
+
#
|
282
|
+
# Method contributed by Henrik Martensson
|
283
|
+
def name
|
284
|
+
@name
|
285
|
+
end
|
286
|
+
end
|
287
|
+
end
|
@@ -0,0 +1,291 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
require_relative "security"
|
3
|
+
require_relative "element"
|
4
|
+
require_relative "xmldecl"
|
5
|
+
require_relative "source"
|
6
|
+
require_relative "comment"
|
7
|
+
require_relative "doctype"
|
8
|
+
require_relative "instruction"
|
9
|
+
require_relative "rexml"
|
10
|
+
require_relative "parseexception"
|
11
|
+
require_relative "output"
|
12
|
+
require_relative "parsers/baseparser"
|
13
|
+
require_relative "parsers/streamparser"
|
14
|
+
require_relative "parsers/treeparser"
|
15
|
+
|
16
|
+
module REXML
|
17
|
+
# Represents a full XML document, including PIs, a doctype, etc. A
|
18
|
+
# Document has a single child that can be accessed by root().
|
19
|
+
# Note that if you want to have an XML declaration written for a document
|
20
|
+
# you create, you must add one; REXML documents do not write a default
|
21
|
+
# declaration for you. See |DECLARATION| and |write|.
|
22
|
+
class Document < Element
|
23
|
+
# A convenient default XML declaration. If you want an XML declaration,
|
24
|
+
# the easiest way to add one is mydoc << Document::DECLARATION
|
25
|
+
# +DEPRECATED+
|
26
|
+
# Use: mydoc << XMLDecl.default
|
27
|
+
DECLARATION = XMLDecl.default
|
28
|
+
|
29
|
+
# Constructor
|
30
|
+
# @param source if supplied, must be a Document, String, or IO.
|
31
|
+
# Documents have their context and Element attributes cloned.
|
32
|
+
# Strings are expected to be valid XML documents. IOs are expected
|
33
|
+
# to be sources of valid XML documents.
|
34
|
+
# @param context if supplied, contains the context of the document;
|
35
|
+
# this should be a Hash.
|
36
|
+
def initialize( source = nil, context = {} )
|
37
|
+
@entity_expansion_count = 0
|
38
|
+
super()
|
39
|
+
@context = context
|
40
|
+
return if source.nil?
|
41
|
+
if source.kind_of? Document
|
42
|
+
@context = source.context
|
43
|
+
super source
|
44
|
+
else
|
45
|
+
build( source )
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def node_type
|
50
|
+
:document
|
51
|
+
end
|
52
|
+
|
53
|
+
# Should be obvious
|
54
|
+
def clone
|
55
|
+
Document.new self
|
56
|
+
end
|
57
|
+
|
58
|
+
# According to the XML spec, a root node has no expanded name
|
59
|
+
def expanded_name
|
60
|
+
''
|
61
|
+
#d = doc_type
|
62
|
+
#d ? d.name : "UNDEFINED"
|
63
|
+
end
|
64
|
+
|
65
|
+
alias :name :expanded_name
|
66
|
+
|
67
|
+
# We override this, because XMLDecls and DocTypes must go at the start
|
68
|
+
# of the document
|
69
|
+
def add( child )
|
70
|
+
if child.kind_of? XMLDecl
|
71
|
+
if @children[0].kind_of? XMLDecl
|
72
|
+
@children[0] = child
|
73
|
+
else
|
74
|
+
@children.unshift child
|
75
|
+
end
|
76
|
+
child.parent = self
|
77
|
+
elsif child.kind_of? DocType
|
78
|
+
# Find first Element or DocType node and insert the decl right
|
79
|
+
# before it. If there is no such node, just insert the child at the
|
80
|
+
# end. If there is a child and it is an DocType, then replace it.
|
81
|
+
insert_before_index = @children.find_index { |x|
|
82
|
+
x.kind_of?(Element) || x.kind_of?(DocType)
|
83
|
+
}
|
84
|
+
if insert_before_index # Not null = not end of list
|
85
|
+
if @children[ insert_before_index ].kind_of? DocType
|
86
|
+
@children[ insert_before_index ] = child
|
87
|
+
else
|
88
|
+
@children[ insert_before_index-1, 0 ] = child
|
89
|
+
end
|
90
|
+
else # Insert at end of list
|
91
|
+
@children << child
|
92
|
+
end
|
93
|
+
child.parent = self
|
94
|
+
else
|
95
|
+
rv = super
|
96
|
+
raise "attempted adding second root element to document" if @elements.size > 1
|
97
|
+
rv
|
98
|
+
end
|
99
|
+
end
|
100
|
+
alias :<< :add
|
101
|
+
|
102
|
+
def add_element(arg=nil, arg2=nil)
|
103
|
+
rv = super
|
104
|
+
raise "attempted adding second root element to document" if @elements.size > 1
|
105
|
+
rv
|
106
|
+
end
|
107
|
+
|
108
|
+
# @return the root Element of the document, or nil if this document
|
109
|
+
# has no children.
|
110
|
+
def root
|
111
|
+
elements[1]
|
112
|
+
#self
|
113
|
+
#@children.find { |item| item.kind_of? Element }
|
114
|
+
end
|
115
|
+
|
116
|
+
# @return the DocType child of the document, if one exists,
|
117
|
+
# and nil otherwise.
|
118
|
+
def doctype
|
119
|
+
@children.find { |item| item.kind_of? DocType }
|
120
|
+
end
|
121
|
+
|
122
|
+
# @return the XMLDecl of this document; if no XMLDecl has been
|
123
|
+
# set, the default declaration is returned.
|
124
|
+
def xml_decl
|
125
|
+
rv = @children[0]
|
126
|
+
return rv if rv.kind_of? XMLDecl
|
127
|
+
@children.unshift(XMLDecl.default)[0]
|
128
|
+
end
|
129
|
+
|
130
|
+
# @return the XMLDecl version of this document as a String.
|
131
|
+
# If no XMLDecl has been set, returns the default version.
|
132
|
+
def version
|
133
|
+
xml_decl().version
|
134
|
+
end
|
135
|
+
|
136
|
+
# @return the XMLDecl encoding of this document as an
|
137
|
+
# Encoding object.
|
138
|
+
# If no XMLDecl has been set, returns the default encoding.
|
139
|
+
def encoding
|
140
|
+
xml_decl().encoding
|
141
|
+
end
|
142
|
+
|
143
|
+
# @return the XMLDecl standalone value of this document as a String.
|
144
|
+
# If no XMLDecl has been set, returns the default setting.
|
145
|
+
def stand_alone?
|
146
|
+
xml_decl().stand_alone?
|
147
|
+
end
|
148
|
+
|
149
|
+
# :call-seq:
|
150
|
+
# doc.write(output=$stdout, indent=-1, transtive=false, ie_hack=false, encoding=nil)
|
151
|
+
# doc.write(options={:output => $stdout, :indent => -1, :transtive => false, :ie_hack => false, :encoding => nil})
|
152
|
+
#
|
153
|
+
# Write the XML tree out, optionally with indent. This writes out the
|
154
|
+
# entire XML document, including XML declarations, doctype declarations,
|
155
|
+
# and processing instructions (if any are given).
|
156
|
+
#
|
157
|
+
# A controversial point is whether Document should always write the XML
|
158
|
+
# declaration (<?xml version='1.0'?>) whether or not one is given by the
|
159
|
+
# user (or source document). REXML does not write one if one was not
|
160
|
+
# specified, because it adds unnecessary bandwidth to applications such
|
161
|
+
# as XML-RPC.
|
162
|
+
#
|
163
|
+
# Accept Nth argument style and options Hash style as argument.
|
164
|
+
# The recommended style is options Hash style for one or more
|
165
|
+
# arguments case.
|
166
|
+
#
|
167
|
+
# _Examples_
|
168
|
+
# Document.new("<a><b/></a>").write
|
169
|
+
#
|
170
|
+
# output = ""
|
171
|
+
# Document.new("<a><b/></a>").write(output)
|
172
|
+
#
|
173
|
+
# output = ""
|
174
|
+
# Document.new("<a><b/></a>").write(:output => output, :indent => 2)
|
175
|
+
#
|
176
|
+
# See also the classes in the rexml/formatters package for the proper way
|
177
|
+
# to change the default formatting of XML output.
|
178
|
+
#
|
179
|
+
# _Examples_
|
180
|
+
#
|
181
|
+
# output = ""
|
182
|
+
# tr = Transitive.new
|
183
|
+
# tr.write(Document.new("<a><b/></a>"), output)
|
184
|
+
#
|
185
|
+
# output::
|
186
|
+
# output an object which supports '<< string'; this is where the
|
187
|
+
# document will be written.
|
188
|
+
# indent::
|
189
|
+
# An integer. If -1, no indenting will be used; otherwise, the
|
190
|
+
# indentation will be twice this number of spaces, and children will be
|
191
|
+
# indented an additional amount. For a value of 3, every item will be
|
192
|
+
# indented 3 more levels, or 6 more spaces (2 * 3). Defaults to -1
|
193
|
+
# transitive::
|
194
|
+
# If transitive is true and indent is >= 0, then the output will be
|
195
|
+
# pretty-printed in such a way that the added whitespace does not affect
|
196
|
+
# the absolute *value* of the document -- that is, it leaves the value
|
197
|
+
# and number of Text nodes in the document unchanged.
|
198
|
+
# ie_hack::
|
199
|
+
# This hack inserts a space before the /> on empty tags to address
|
200
|
+
# a limitation of Internet Explorer. Defaults to false
|
201
|
+
# encoding::
|
202
|
+
# Encoding name as String. Change output encoding to specified encoding
|
203
|
+
# instead of encoding in XML declaration.
|
204
|
+
# Defaults to nil. It means encoding in XML declaration is used.
|
205
|
+
def write(*arguments)
|
206
|
+
if arguments.size == 1 and arguments[0].class == Hash
|
207
|
+
options = arguments[0]
|
208
|
+
|
209
|
+
output = options[:output]
|
210
|
+
indent = options[:indent]
|
211
|
+
transitive = options[:transitive]
|
212
|
+
ie_hack = options[:ie_hack]
|
213
|
+
encoding = options[:encoding]
|
214
|
+
else
|
215
|
+
output, indent, transitive, ie_hack, encoding, = *arguments
|
216
|
+
end
|
217
|
+
|
218
|
+
output ||= $stdout
|
219
|
+
indent ||= -1
|
220
|
+
transitive = false if transitive.nil?
|
221
|
+
ie_hack = false if ie_hack.nil?
|
222
|
+
encoding ||= xml_decl.encoding
|
223
|
+
|
224
|
+
if encoding != 'UTF-8' && !output.kind_of?(Output)
|
225
|
+
output = Output.new( output, encoding )
|
226
|
+
end
|
227
|
+
formatter = if indent > -1
|
228
|
+
if transitive
|
229
|
+
require_relative "formatters/transitive"
|
230
|
+
REXML::Formatters::Transitive.new( indent, ie_hack )
|
231
|
+
else
|
232
|
+
REXML::Formatters::Pretty.new( indent, ie_hack )
|
233
|
+
end
|
234
|
+
else
|
235
|
+
REXML::Formatters::Default.new( ie_hack )
|
236
|
+
end
|
237
|
+
formatter.write( self, output )
|
238
|
+
end
|
239
|
+
|
240
|
+
|
241
|
+
def Document::parse_stream( source, listener )
|
242
|
+
Parsers::StreamParser.new( source, listener ).parse
|
243
|
+
end
|
244
|
+
|
245
|
+
# Set the entity expansion limit. By default the limit is set to 10000.
|
246
|
+
#
|
247
|
+
# Deprecated. Use REXML::Security.entity_expansion_limit= instead.
|
248
|
+
def Document::entity_expansion_limit=( val )
|
249
|
+
Security.entity_expansion_limit = val
|
250
|
+
end
|
251
|
+
|
252
|
+
# Get the entity expansion limit. By default the limit is set to 10000.
|
253
|
+
#
|
254
|
+
# Deprecated. Use REXML::Security.entity_expansion_limit= instead.
|
255
|
+
def Document::entity_expansion_limit
|
256
|
+
return Security.entity_expansion_limit
|
257
|
+
end
|
258
|
+
|
259
|
+
# Set the entity expansion limit. By default the limit is set to 10240.
|
260
|
+
#
|
261
|
+
# Deprecated. Use REXML::Security.entity_expansion_text_limit= instead.
|
262
|
+
def Document::entity_expansion_text_limit=( val )
|
263
|
+
Security.entity_expansion_text_limit = val
|
264
|
+
end
|
265
|
+
|
266
|
+
# Get the entity expansion limit. By default the limit is set to 10240.
|
267
|
+
#
|
268
|
+
# Deprecated. Use REXML::Security.entity_expansion_text_limit instead.
|
269
|
+
def Document::entity_expansion_text_limit
|
270
|
+
return Security.entity_expansion_text_limit
|
271
|
+
end
|
272
|
+
|
273
|
+
attr_reader :entity_expansion_count
|
274
|
+
|
275
|
+
def record_entity_expansion
|
276
|
+
@entity_expansion_count += 1
|
277
|
+
if @entity_expansion_count > Security.entity_expansion_limit
|
278
|
+
raise "number of entity expansions exceeded, processing aborted."
|
279
|
+
end
|
280
|
+
end
|
281
|
+
|
282
|
+
def document
|
283
|
+
self
|
284
|
+
end
|
285
|
+
|
286
|
+
private
|
287
|
+
def build( source )
|
288
|
+
Parsers::TreeParser.new( source, self ).parse
|
289
|
+
end
|
290
|
+
end
|
291
|
+
end
|