brakeman 5.0.0.pre1 → 5.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (162) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +23 -0
  3. data/bundle/load.rb +9 -8
  4. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/CHANGELOG.md +8 -1
  5. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/FAQ.md +0 -0
  6. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/Gemfile +0 -0
  7. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/MIT-LICENSE +0 -0
  8. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/README.md +0 -0
  9. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/REFERENCE.md +9 -5
  10. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/TODO +0 -0
  11. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/haml.gemspec +1 -1
  12. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml.rb +0 -0
  13. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_builder.rb +0 -0
  14. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_compiler.rb +0 -0
  15. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/attribute_parser.rb +0 -0
  16. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/buffer.rb +0 -0
  17. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/compiler.rb +0 -0
  18. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/engine.rb +0 -0
  19. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/error.rb +0 -0
  20. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/escapable.rb +0 -0
  21. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/exec.rb +0 -0
  22. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/filters.rb +0 -0
  23. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/generator.rb +0 -0
  24. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers.rb +0 -0
  25. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_extensions.rb +0 -0
  26. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_mods.rb +0 -0
  27. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  28. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/safe_erubi_template.rb +0 -0
  29. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/safe_erubis_template.rb +0 -0
  30. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/helpers/xss_mods.rb +0 -0
  31. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/options.rb +0 -0
  32. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/parser.rb +31 -3
  33. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/plugin.rb +0 -0
  34. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/railtie.rb +0 -0
  35. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/sass_rails_filter.rb +0 -0
  36. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/template.rb +0 -0
  37. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/template/options.rb +0 -0
  38. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/temple_engine.rb +0 -0
  39. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/temple_line_counter.rb +0 -0
  40. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/util.rb +1 -1
  41. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/lib/haml/version.rb +1 -1
  42. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/yard/default/fulldoc/html/css/common.sass +0 -0
  43. data/bundle/ruby/2.7.0/gems/{haml-5.2.0 → haml-5.2.1}/yard/default/layout/html/footer.erb +0 -0
  44. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile +6 -0
  45. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt +22 -0
  46. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md +141 -0
  47. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md +60 -0
  48. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb +63 -0
  49. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb +205 -0
  50. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb +68 -0
  51. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb +97 -0
  52. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb +80 -0
  53. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb +287 -0
  54. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb +291 -0
  55. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb +11 -0
  56. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb +47 -0
  57. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb +18 -0
  58. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb +57 -0
  59. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb +40 -0
  60. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb +1269 -0
  61. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb +51 -0
  62. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb +171 -0
  63. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb +116 -0
  64. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb +142 -0
  65. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb +58 -0
  66. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb +447 -0
  67. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb +79 -0
  68. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb +196 -0
  69. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb +59 -0
  70. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb +76 -0
  71. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb +30 -0
  72. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb +166 -0
  73. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb +52 -0
  74. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb +594 -0
  75. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb +59 -0
  76. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb +197 -0
  77. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb +273 -0
  78. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb +61 -0
  79. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb +101 -0
  80. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb +57 -0
  81. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb +675 -0
  82. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb +266 -0
  83. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb +32 -0
  84. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb +98 -0
  85. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb +28 -0
  86. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb +298 -0
  87. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb +93 -0
  88. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb +424 -0
  89. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb +9 -0
  90. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb +539 -0
  91. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb +144 -0
  92. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb +10 -0
  93. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb +130 -0
  94. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb +85 -0
  95. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb +81 -0
  96. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb +968 -0
  97. data/bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec +84 -0
  98. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/History.rdoc +6 -0
  99. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/Manifest.txt +0 -0
  100. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/README.rdoc +0 -0
  101. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/compare/normalize.rb +0 -0
  102. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/debugging.md +0 -0
  103. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/rp_extensions.rb +0 -0
  104. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/rp_stringscanner.rb +0 -0
  105. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby20_parser.rb +0 -0
  106. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby20_parser.y +0 -0
  107. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby21_parser.rb +0 -0
  108. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby21_parser.y +0 -0
  109. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby22_parser.rb +0 -0
  110. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby22_parser.y +0 -0
  111. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby23_parser.rb +0 -0
  112. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby23_parser.y +0 -0
  113. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby24_parser.rb +0 -0
  114. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby24_parser.y +0 -0
  115. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby25_parser.rb +0 -0
  116. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby25_parser.y +0 -0
  117. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby26_parser.rb +0 -0
  118. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby26_parser.y +0 -0
  119. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby27_parser.rb +0 -0
  120. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby27_parser.y +0 -0
  121. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rb +0 -0
  122. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rex +0 -0
  123. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_lexer.rex.rb +0 -0
  124. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser.rb +0 -0
  125. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser.yy +0 -0
  126. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/lib/ruby_parser_extras.rb +1 -1
  127. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/tools/munge.rb +0 -0
  128. data/bundle/ruby/2.7.0/gems/{ruby_parser-3.15.0 → ruby_parser-3.15.1}/tools/ripper.rb +0 -0
  129. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/History.rdoc +6 -0
  130. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/Manifest.txt +0 -0
  131. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/README.rdoc +0 -0
  132. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/composite_sexp_processor.rb +0 -0
  133. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/pt_testcase.rb +0 -0
  134. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp.rb +0 -0
  135. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp_matcher.rb +0 -0
  136. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/sexp_processor.rb +1 -1
  137. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/strict_sexp.rb +0 -0
  138. data/bundle/ruby/2.7.0/gems/{sexp_processor-4.15.1 → sexp_processor-4.15.2}/lib/unique.rb +0 -0
  139. data/lib/brakeman/checks/base_check.rb +7 -1
  140. data/lib/brakeman/checks/check_execute.rb +2 -1
  141. data/lib/brakeman/checks/check_regex_dos.rb +1 -1
  142. data/lib/brakeman/checks/check_sql.rb +1 -1
  143. data/lib/brakeman/file_parser.rb +5 -0
  144. data/lib/brakeman/processors/alias_processor.rb +20 -4
  145. data/lib/brakeman/processors/controller_processor.rb +1 -1
  146. data/lib/brakeman/processors/lib/rails3_config_processor.rb +16 -16
  147. data/lib/brakeman/processors/output_processor.rb +1 -1
  148. data/lib/brakeman/processors/template_alias_processor.rb +5 -0
  149. data/lib/brakeman/report/report_base.rb +0 -2
  150. data/lib/brakeman/report/report_csv.rb +37 -60
  151. data/lib/brakeman/report/report_junit.rb +2 -2
  152. data/lib/brakeman/report/report_sarif.rb +1 -1
  153. data/lib/brakeman/report/report_tabs.rb +1 -1
  154. data/lib/brakeman/report/report_text.rb +1 -1
  155. data/lib/brakeman/scanner.rb +3 -1
  156. data/lib/brakeman/tracker/config.rb +73 -0
  157. data/lib/brakeman/tracker/controller.rb +1 -1
  158. data/lib/brakeman/util.rb +2 -2
  159. data/lib/brakeman/version.rb +1 -1
  160. data/lib/brakeman/warning.rb +10 -2
  161. data/lib/ruby_parser/bm_sexp.rb +9 -9
  162. metadata +139 -85
@@ -0,0 +1,287 @@
1
+ # frozen_string_literal: false
2
+ require_relative "parent"
3
+ require_relative "parseexception"
4
+ require_relative "namespace"
5
+ require_relative 'entity'
6
+ require_relative 'attlistdecl'
7
+ require_relative 'xmltokens'
8
+
9
+ module REXML
10
+ # Represents an XML DOCTYPE declaration; that is, the contents of <!DOCTYPE
11
+ # ... >. DOCTYPES can be used to declare the DTD of a document, as well as
12
+ # being used to declare entities used in the document.
13
+ class DocType < Parent
14
+ include XMLTokens
15
+ START = "<!DOCTYPE"
16
+ STOP = ">"
17
+ SYSTEM = "SYSTEM"
18
+ PUBLIC = "PUBLIC"
19
+ DEFAULT_ENTITIES = {
20
+ 'gt'=>EntityConst::GT,
21
+ 'lt'=>EntityConst::LT,
22
+ 'quot'=>EntityConst::QUOT,
23
+ "apos"=>EntityConst::APOS
24
+ }
25
+
26
+ # name is the name of the doctype
27
+ # external_id is the referenced DTD, if given
28
+ attr_reader :name, :external_id, :entities, :namespaces
29
+
30
+ # Constructor
31
+ #
32
+ # dt = DocType.new( 'foo', '-//I/Hate/External/IDs' )
33
+ # # <!DOCTYPE foo '-//I/Hate/External/IDs'>
34
+ # dt = DocType.new( doctype_to_clone )
35
+ # # Incomplete. Shallow clone of doctype
36
+ #
37
+ # +Note+ that the constructor:
38
+ #
39
+ # Doctype.new( Source.new( "<!DOCTYPE foo 'bar'>" ) )
40
+ #
41
+ # is _deprecated_. Do not use it. It will probably disappear.
42
+ def initialize( first, parent=nil )
43
+ @entities = DEFAULT_ENTITIES
44
+ @long_name = @uri = nil
45
+ if first.kind_of? String
46
+ super()
47
+ @name = first
48
+ @external_id = parent
49
+ elsif first.kind_of? DocType
50
+ super( parent )
51
+ @name = first.name
52
+ @external_id = first.external_id
53
+ elsif first.kind_of? Array
54
+ super( parent )
55
+ @name = first[0]
56
+ @external_id = first[1]
57
+ @long_name = first[2]
58
+ @uri = first[3]
59
+ elsif first.kind_of? Source
60
+ super( parent )
61
+ parser = Parsers::BaseParser.new( first )
62
+ event = parser.pull
63
+ if event[0] == :start_doctype
64
+ @name, @external_id, @long_name, @uri, = event[1..-1]
65
+ end
66
+ else
67
+ super()
68
+ end
69
+ end
70
+
71
+ def node_type
72
+ :doctype
73
+ end
74
+
75
+ def attributes_of element
76
+ rv = []
77
+ each do |child|
78
+ child.each do |key,val|
79
+ rv << Attribute.new(key,val)
80
+ end if child.kind_of? AttlistDecl and child.element_name == element
81
+ end
82
+ rv
83
+ end
84
+
85
+ def attribute_of element, attribute
86
+ att_decl = find do |child|
87
+ child.kind_of? AttlistDecl and
88
+ child.element_name == element and
89
+ child.include? attribute
90
+ end
91
+ return nil unless att_decl
92
+ att_decl[attribute]
93
+ end
94
+
95
+ def clone
96
+ DocType.new self
97
+ end
98
+
99
+ # output::
100
+ # Where to write the string
101
+ # indent::
102
+ # An integer. If -1, no indentation will be used; otherwise, the
103
+ # indentation will be this number of spaces, and children will be
104
+ # indented an additional amount.
105
+ # transitive::
106
+ # Ignored
107
+ # ie_hack::
108
+ # Ignored
109
+ def write( output, indent=0, transitive=false, ie_hack=false )
110
+ f = REXML::Formatters::Default.new
111
+ c = context
112
+ if c and c[:prologue_quote] == :apostrophe
113
+ quote = "'"
114
+ else
115
+ quote = "\""
116
+ end
117
+ indent( output, indent )
118
+ output << START
119
+ output << ' '
120
+ output << @name
121
+ output << " #{@external_id}" if @external_id
122
+ output << " #{quote}#{@long_name}#{quote}" if @long_name
123
+ output << " #{quote}#{@uri}#{quote}" if @uri
124
+ unless @children.empty?
125
+ output << ' ['
126
+ @children.each { |child|
127
+ output << "\n"
128
+ f.write( child, output )
129
+ }
130
+ output << "\n]"
131
+ end
132
+ output << STOP
133
+ end
134
+
135
+ def context
136
+ if @parent
137
+ @parent.context
138
+ else
139
+ nil
140
+ end
141
+ end
142
+
143
+ def entity( name )
144
+ @entities[name].unnormalized if @entities[name]
145
+ end
146
+
147
+ def add child
148
+ super(child)
149
+ @entities = DEFAULT_ENTITIES.clone if @entities == DEFAULT_ENTITIES
150
+ @entities[ child.name ] = child if child.kind_of? Entity
151
+ end
152
+
153
+ # This method retrieves the public identifier identifying the document's
154
+ # DTD.
155
+ #
156
+ # Method contributed by Henrik Martensson
157
+ def public
158
+ case @external_id
159
+ when "SYSTEM"
160
+ nil
161
+ when "PUBLIC"
162
+ strip_quotes(@long_name)
163
+ end
164
+ end
165
+
166
+ # This method retrieves the system identifier identifying the document's DTD
167
+ #
168
+ # Method contributed by Henrik Martensson
169
+ def system
170
+ case @external_id
171
+ when "SYSTEM"
172
+ strip_quotes(@long_name)
173
+ when "PUBLIC"
174
+ @uri.kind_of?(String) ? strip_quotes(@uri) : nil
175
+ end
176
+ end
177
+
178
+ # This method returns a list of notations that have been declared in the
179
+ # _internal_ DTD subset. Notations in the external DTD subset are not
180
+ # listed.
181
+ #
182
+ # Method contributed by Henrik Martensson
183
+ def notations
184
+ children().select {|node| node.kind_of?(REXML::NotationDecl)}
185
+ end
186
+
187
+ # Retrieves a named notation. Only notations declared in the internal
188
+ # DTD subset can be retrieved.
189
+ #
190
+ # Method contributed by Henrik Martensson
191
+ def notation(name)
192
+ notations.find { |notation_decl|
193
+ notation_decl.name == name
194
+ }
195
+ end
196
+
197
+ private
198
+
199
+ # Method contributed by Henrik Martensson
200
+ def strip_quotes(quoted_string)
201
+ quoted_string =~ /^[\'\"].*[\'\"]$/ ?
202
+ quoted_string[1, quoted_string.length-2] :
203
+ quoted_string
204
+ end
205
+ end
206
+
207
+ # We don't really handle any of these since we're not a validating
208
+ # parser, so we can be pretty dumb about them. All we need to be able
209
+ # to do is spew them back out on a write()
210
+
211
+ # This is an abstract class. You never use this directly; it serves as a
212
+ # parent class for the specific declarations.
213
+ class Declaration < Child
214
+ def initialize src
215
+ super()
216
+ @string = src
217
+ end
218
+
219
+ def to_s
220
+ @string+'>'
221
+ end
222
+
223
+ # == DEPRECATED
224
+ # See REXML::Formatters
225
+ #
226
+ def write( output, indent )
227
+ output << to_s
228
+ end
229
+ end
230
+
231
+ public
232
+ class ElementDecl < Declaration
233
+ def initialize( src )
234
+ super
235
+ end
236
+ end
237
+
238
+ class ExternalEntity < Child
239
+ def initialize( src )
240
+ super()
241
+ @entity = src
242
+ end
243
+ def to_s
244
+ @entity
245
+ end
246
+ def write( output, indent )
247
+ output << @entity
248
+ end
249
+ end
250
+
251
+ class NotationDecl < Child
252
+ attr_accessor :public, :system
253
+ def initialize name, middle, pub, sys
254
+ super(nil)
255
+ @name = name
256
+ @middle = middle
257
+ @public = pub
258
+ @system = sys
259
+ end
260
+
261
+ def to_s
262
+ c = nil
263
+ c = parent.context if parent
264
+ if c and c[:prologue_quote] == :apostrophe
265
+ quote = "'"
266
+ else
267
+ quote = "\""
268
+ end
269
+ notation = "<!NOTATION #{@name} #{@middle}"
270
+ notation << " #{quote}#{@public}#{quote}" if @public
271
+ notation << " #{quote}#{@system}#{quote}" if @system
272
+ notation << ">"
273
+ notation
274
+ end
275
+
276
+ def write( output, indent=-1 )
277
+ output << to_s
278
+ end
279
+
280
+ # This method retrieves the name of the notation.
281
+ #
282
+ # Method contributed by Henrik Martensson
283
+ def name
284
+ @name
285
+ end
286
+ end
287
+ end
@@ -0,0 +1,291 @@
1
+ # frozen_string_literal: false
2
+ require_relative "security"
3
+ require_relative "element"
4
+ require_relative "xmldecl"
5
+ require_relative "source"
6
+ require_relative "comment"
7
+ require_relative "doctype"
8
+ require_relative "instruction"
9
+ require_relative "rexml"
10
+ require_relative "parseexception"
11
+ require_relative "output"
12
+ require_relative "parsers/baseparser"
13
+ require_relative "parsers/streamparser"
14
+ require_relative "parsers/treeparser"
15
+
16
+ module REXML
17
+ # Represents a full XML document, including PIs, a doctype, etc. A
18
+ # Document has a single child that can be accessed by root().
19
+ # Note that if you want to have an XML declaration written for a document
20
+ # you create, you must add one; REXML documents do not write a default
21
+ # declaration for you. See |DECLARATION| and |write|.
22
+ class Document < Element
23
+ # A convenient default XML declaration. If you want an XML declaration,
24
+ # the easiest way to add one is mydoc << Document::DECLARATION
25
+ # +DEPRECATED+
26
+ # Use: mydoc << XMLDecl.default
27
+ DECLARATION = XMLDecl.default
28
+
29
+ # Constructor
30
+ # @param source if supplied, must be a Document, String, or IO.
31
+ # Documents have their context and Element attributes cloned.
32
+ # Strings are expected to be valid XML documents. IOs are expected
33
+ # to be sources of valid XML documents.
34
+ # @param context if supplied, contains the context of the document;
35
+ # this should be a Hash.
36
+ def initialize( source = nil, context = {} )
37
+ @entity_expansion_count = 0
38
+ super()
39
+ @context = context
40
+ return if source.nil?
41
+ if source.kind_of? Document
42
+ @context = source.context
43
+ super source
44
+ else
45
+ build( source )
46
+ end
47
+ end
48
+
49
+ def node_type
50
+ :document
51
+ end
52
+
53
+ # Should be obvious
54
+ def clone
55
+ Document.new self
56
+ end
57
+
58
+ # According to the XML spec, a root node has no expanded name
59
+ def expanded_name
60
+ ''
61
+ #d = doc_type
62
+ #d ? d.name : "UNDEFINED"
63
+ end
64
+
65
+ alias :name :expanded_name
66
+
67
+ # We override this, because XMLDecls and DocTypes must go at the start
68
+ # of the document
69
+ def add( child )
70
+ if child.kind_of? XMLDecl
71
+ if @children[0].kind_of? XMLDecl
72
+ @children[0] = child
73
+ else
74
+ @children.unshift child
75
+ end
76
+ child.parent = self
77
+ elsif child.kind_of? DocType
78
+ # Find first Element or DocType node and insert the decl right
79
+ # before it. If there is no such node, just insert the child at the
80
+ # end. If there is a child and it is an DocType, then replace it.
81
+ insert_before_index = @children.find_index { |x|
82
+ x.kind_of?(Element) || x.kind_of?(DocType)
83
+ }
84
+ if insert_before_index # Not null = not end of list
85
+ if @children[ insert_before_index ].kind_of? DocType
86
+ @children[ insert_before_index ] = child
87
+ else
88
+ @children[ insert_before_index-1, 0 ] = child
89
+ end
90
+ else # Insert at end of list
91
+ @children << child
92
+ end
93
+ child.parent = self
94
+ else
95
+ rv = super
96
+ raise "attempted adding second root element to document" if @elements.size > 1
97
+ rv
98
+ end
99
+ end
100
+ alias :<< :add
101
+
102
+ def add_element(arg=nil, arg2=nil)
103
+ rv = super
104
+ raise "attempted adding second root element to document" if @elements.size > 1
105
+ rv
106
+ end
107
+
108
+ # @return the root Element of the document, or nil if this document
109
+ # has no children.
110
+ def root
111
+ elements[1]
112
+ #self
113
+ #@children.find { |item| item.kind_of? Element }
114
+ end
115
+
116
+ # @return the DocType child of the document, if one exists,
117
+ # and nil otherwise.
118
+ def doctype
119
+ @children.find { |item| item.kind_of? DocType }
120
+ end
121
+
122
+ # @return the XMLDecl of this document; if no XMLDecl has been
123
+ # set, the default declaration is returned.
124
+ def xml_decl
125
+ rv = @children[0]
126
+ return rv if rv.kind_of? XMLDecl
127
+ @children.unshift(XMLDecl.default)[0]
128
+ end
129
+
130
+ # @return the XMLDecl version of this document as a String.
131
+ # If no XMLDecl has been set, returns the default version.
132
+ def version
133
+ xml_decl().version
134
+ end
135
+
136
+ # @return the XMLDecl encoding of this document as an
137
+ # Encoding object.
138
+ # If no XMLDecl has been set, returns the default encoding.
139
+ def encoding
140
+ xml_decl().encoding
141
+ end
142
+
143
+ # @return the XMLDecl standalone value of this document as a String.
144
+ # If no XMLDecl has been set, returns the default setting.
145
+ def stand_alone?
146
+ xml_decl().stand_alone?
147
+ end
148
+
149
+ # :call-seq:
150
+ # doc.write(output=$stdout, indent=-1, transtive=false, ie_hack=false, encoding=nil)
151
+ # doc.write(options={:output => $stdout, :indent => -1, :transtive => false, :ie_hack => false, :encoding => nil})
152
+ #
153
+ # Write the XML tree out, optionally with indent. This writes out the
154
+ # entire XML document, including XML declarations, doctype declarations,
155
+ # and processing instructions (if any are given).
156
+ #
157
+ # A controversial point is whether Document should always write the XML
158
+ # declaration (<?xml version='1.0'?>) whether or not one is given by the
159
+ # user (or source document). REXML does not write one if one was not
160
+ # specified, because it adds unnecessary bandwidth to applications such
161
+ # as XML-RPC.
162
+ #
163
+ # Accept Nth argument style and options Hash style as argument.
164
+ # The recommended style is options Hash style for one or more
165
+ # arguments case.
166
+ #
167
+ # _Examples_
168
+ # Document.new("<a><b/></a>").write
169
+ #
170
+ # output = ""
171
+ # Document.new("<a><b/></a>").write(output)
172
+ #
173
+ # output = ""
174
+ # Document.new("<a><b/></a>").write(:output => output, :indent => 2)
175
+ #
176
+ # See also the classes in the rexml/formatters package for the proper way
177
+ # to change the default formatting of XML output.
178
+ #
179
+ # _Examples_
180
+ #
181
+ # output = ""
182
+ # tr = Transitive.new
183
+ # tr.write(Document.new("<a><b/></a>"), output)
184
+ #
185
+ # output::
186
+ # output an object which supports '<< string'; this is where the
187
+ # document will be written.
188
+ # indent::
189
+ # An integer. If -1, no indenting will be used; otherwise, the
190
+ # indentation will be twice this number of spaces, and children will be
191
+ # indented an additional amount. For a value of 3, every item will be
192
+ # indented 3 more levels, or 6 more spaces (2 * 3). Defaults to -1
193
+ # transitive::
194
+ # If transitive is true and indent is >= 0, then the output will be
195
+ # pretty-printed in such a way that the added whitespace does not affect
196
+ # the absolute *value* of the document -- that is, it leaves the value
197
+ # and number of Text nodes in the document unchanged.
198
+ # ie_hack::
199
+ # This hack inserts a space before the /> on empty tags to address
200
+ # a limitation of Internet Explorer. Defaults to false
201
+ # encoding::
202
+ # Encoding name as String. Change output encoding to specified encoding
203
+ # instead of encoding in XML declaration.
204
+ # Defaults to nil. It means encoding in XML declaration is used.
205
+ def write(*arguments)
206
+ if arguments.size == 1 and arguments[0].class == Hash
207
+ options = arguments[0]
208
+
209
+ output = options[:output]
210
+ indent = options[:indent]
211
+ transitive = options[:transitive]
212
+ ie_hack = options[:ie_hack]
213
+ encoding = options[:encoding]
214
+ else
215
+ output, indent, transitive, ie_hack, encoding, = *arguments
216
+ end
217
+
218
+ output ||= $stdout
219
+ indent ||= -1
220
+ transitive = false if transitive.nil?
221
+ ie_hack = false if ie_hack.nil?
222
+ encoding ||= xml_decl.encoding
223
+
224
+ if encoding != 'UTF-8' && !output.kind_of?(Output)
225
+ output = Output.new( output, encoding )
226
+ end
227
+ formatter = if indent > -1
228
+ if transitive
229
+ require_relative "formatters/transitive"
230
+ REXML::Formatters::Transitive.new( indent, ie_hack )
231
+ else
232
+ REXML::Formatters::Pretty.new( indent, ie_hack )
233
+ end
234
+ else
235
+ REXML::Formatters::Default.new( ie_hack )
236
+ end
237
+ formatter.write( self, output )
238
+ end
239
+
240
+
241
+ def Document::parse_stream( source, listener )
242
+ Parsers::StreamParser.new( source, listener ).parse
243
+ end
244
+
245
+ # Set the entity expansion limit. By default the limit is set to 10000.
246
+ #
247
+ # Deprecated. Use REXML::Security.entity_expansion_limit= instead.
248
+ def Document::entity_expansion_limit=( val )
249
+ Security.entity_expansion_limit = val
250
+ end
251
+
252
+ # Get the entity expansion limit. By default the limit is set to 10000.
253
+ #
254
+ # Deprecated. Use REXML::Security.entity_expansion_limit= instead.
255
+ def Document::entity_expansion_limit
256
+ return Security.entity_expansion_limit
257
+ end
258
+
259
+ # Set the entity expansion limit. By default the limit is set to 10240.
260
+ #
261
+ # Deprecated. Use REXML::Security.entity_expansion_text_limit= instead.
262
+ def Document::entity_expansion_text_limit=( val )
263
+ Security.entity_expansion_text_limit = val
264
+ end
265
+
266
+ # Get the entity expansion limit. By default the limit is set to 10240.
267
+ #
268
+ # Deprecated. Use REXML::Security.entity_expansion_text_limit instead.
269
+ def Document::entity_expansion_text_limit
270
+ return Security.entity_expansion_text_limit
271
+ end
272
+
273
+ attr_reader :entity_expansion_count
274
+
275
+ def record_entity_expansion
276
+ @entity_expansion_count += 1
277
+ if @entity_expansion_count > Security.entity_expansion_limit
278
+ raise "number of entity expansions exceeded, processing aborted."
279
+ end
280
+ end
281
+
282
+ def document
283
+ self
284
+ end
285
+
286
+ private
287
+ def build( source )
288
+ Parsers::TreeParser.new( source, self ).parse
289
+ end
290
+ end
291
+ end