brakeman 5.2.3 → 7.0.0

data/bundle/ruby/3.1.0/gems/rexml-3.4.0/lib/rexml/source.rb

@@ -0,0 +1,369 @@
+# coding: US-ASCII
+# frozen_string_literal: false
+
+require "stringio"
+require "strscan"
+
+require_relative 'encoding'
+
+module REXML
+  if StringScanner::Version < "1.0.0"
+    module StringScannerCheckScanString
+      refine StringScanner do
+        def check(pattern)
+          pattern = /#{Regexp.escape(pattern)}/ if pattern.is_a?(String)
+          super(pattern)
+        end
+
+        def scan(pattern)
+          pattern = /#{Regexp.escape(pattern)}/ if pattern.is_a?(String)
+          super(pattern)
+        end
+
+        def match?(pattern)
+          pattern = /#{Regexp.escape(pattern)}/ if pattern.is_a?(String)
+          super(pattern)
+        end
+
+        def skip(pattern)
+          pattern = /#{Regexp.escape(pattern)}/ if pattern.is_a?(String)
+          super(pattern)
+        end
+      end
+    end
+    using StringScannerCheckScanString
+  end
+
+  # Generates Source-s.  USE THIS CLASS.
+  class SourceFactory
+    # Generates a Source object
+    # @param arg Either a String, or an IO
+    # @return a Source, or nil if a bad argument was given
+    def SourceFactory::create_from(arg)
+      if arg.respond_to? :read and
+          arg.respond_to? :readline and
+          arg.respond_to? :nil? and
+          arg.respond_to? :eof?
+        IOSource.new(arg)
+      elsif arg.respond_to? :to_str
+        IOSource.new(StringIO.new(arg))
+      elsif arg.kind_of? Source
+        arg
+      else
+        raise "#{arg.class} is not a valid input stream.  It must walk \n"+
+          "like either a String, an IO, or a Source."
+      end
+    end
+  end
+
+  # A Source can be searched for patterns, and wraps buffers and other
+  # objects and provides consumption of text
+  class Source
+    include Encoding
+    # The line number of the last consumed text
+    attr_reader :line
+    attr_reader :encoding
+
+    module Private
+      SCANNER_RESET_SIZE = 100000
+      PRE_DEFINED_TERM_PATTERNS = {}
+      pre_defined_terms = ["'", '"', "<"]
+      pre_defined_terms.each do |term|
+        PRE_DEFINED_TERM_PATTERNS[term] = /#{Regexp.escape(term)}/
+      end
+    end
+    private_constant :Private
+
+    # Constructor
+    # @param arg must be a String, and should be a valid XML document
+    # @param encoding if non-null, sets the encoding of the source to this
+    # value, overriding all encoding detection
+    def initialize(arg, encoding=nil)
+      @orig = arg
+      @scanner = StringScanner.new(@orig)
+      if encoding
+        self.encoding = encoding
+      else
+        detect_encoding
+      end
+      @line = 0
+      @encoded_terms = {}
+    end
+
+    # The current buffer (what we're going to read next)
+    def buffer
+      @scanner.rest
+    end
+
+    def drop_parsed_content
+      if @scanner.pos > Private::SCANNER_RESET_SIZE
+        @scanner.string = @scanner.rest
+      end
+    end
+
+    def buffer_encoding=(encoding)
+      @scanner.string.force_encoding(encoding)
+    end
+
+    # Inherited from Encoding
+    # Overridden to support optimized en/decoding
+    def encoding=(enc)
+      return unless super
+      encoding_updated
+    end
+
+    def read(term = nil)
+    end
+
+    def read_until(term)
+      pattern = Private::PRE_DEFINED_TERM_PATTERNS[term] || /#{Regexp.escape(term)}/
+      data = @scanner.scan_until(pattern)
+      unless data
+        data = @scanner.rest
+        @scanner.pos = @scanner.string.bytesize
+      end
+      data
+    end
+
+    def ensure_buffer
+    end
+
+    def match(pattern, cons=false)
+      if cons
+        @scanner.scan(pattern).nil? ? nil : @scanner
+      else
+        @scanner.check(pattern).nil? ? nil : @scanner
+      end
+    end
+
+    def match?(pattern, cons=false)
+      if cons
+        !@scanner.skip(pattern).nil?
+      else
+        !@scanner.match?(pattern).nil?
+      end
+    end
+
+    def position
+      @scanner.pos
+    end
+
+    def position=(pos)
+      @scanner.pos = pos
+    end
+
+    # @return true if the Source is exhausted
+    def empty?
+      @scanner.eos?
+    end
+
+    # @return the current line in the source
+    def current_line
+      lines = @orig.split
+      res = lines.grep @scanner.rest[0..30]
+      res = res[-1] if res.kind_of? Array
+      lines.index( res ) if res
+    end
+
+    private
+
+    def detect_encoding
+      scanner_encoding = @scanner.rest.encoding
+      detected_encoding = "UTF-8"
+      begin
+        @scanner.string.force_encoding("ASCII-8BIT")
+        if @scanner.scan(/\xfe\xff/n)
+          detected_encoding = "UTF-16BE"
+        elsif @scanner.scan(/\xff\xfe/n)
+          detected_encoding = "UTF-16LE"
+        elsif @scanner.scan(/\xef\xbb\xbf/n)
+          detected_encoding = "UTF-8"
+        end
+      ensure
+        @scanner.string.force_encoding(scanner_encoding)
+      end
+      self.encoding = detected_encoding
+    end
+
+    def encoding_updated
+      if @encoding != 'UTF-8'
+        @scanner.string = decode(@scanner.rest)
+        @to_utf = true
+      else
+        @to_utf = false
+        @scanner.string.force_encoding(::Encoding::UTF_8)
+      end
+    end
+  end
+
+  # A Source that wraps an IO.  See the Source class for method
+  # documentation
+  class IOSource < Source
+    #attr_reader :block_size
+
+    # block_size has been deprecated
+    def initialize(arg, block_size=500, encoding=nil)
+      @er_source = @source = arg
+      @to_utf = false
+      @pending_buffer = nil
+
+      if encoding
+        super("", encoding)
+      else
+        super(@source.read(3) || "")
+      end
+
+      if !@to_utf and
+          @orig.respond_to?(:force_encoding) and
+          @source.respond_to?(:external_encoding) and
+          @source.external_encoding != ::Encoding::UTF_8
+        @force_utf8 = true
+      else
+        @force_utf8 = false
+      end
+    end
+
+    def read(term = nil, min_bytes = 1)
+      term = encode(term) if term
+      begin
+        str = readline(term)
+        @scanner << str
+        read_bytes = str.bytesize
+        begin
+          while read_bytes < min_bytes
+            str = readline(term)
+            @scanner << str
+            read_bytes += str.bytesize
+          end
+        rescue IOError
+        end
+        true
+      rescue Exception, NameError
+        @source = nil
+        false
+      end
+    end
+
+    def read_until(term)
+      pattern = Private::PRE_DEFINED_TERM_PATTERNS[term] || /#{Regexp.escape(term)}/
+      term = @encoded_terms[term] ||= encode(term)
+      until str = @scanner.scan_until(pattern)
+        break if @source.nil?
+        break if @source.eof?
+        @scanner << readline(term)
+      end
+      if str
+        read if @scanner.eos? and !@source.eof?
+        str
+      else
+        rest = @scanner.rest
+        @scanner.pos = @scanner.string.bytesize
+        rest
+      end
+    end
+
+    def ensure_buffer
+      read if @scanner.eos? && @source
+    end
+
+    def match( pattern, cons=false )
+      # To avoid performance issue, we need to increase bytes to read per scan
+      min_bytes = 1
+      while true
+        if cons
+          md = @scanner.scan(pattern)
+        else
+          md = @scanner.check(pattern)
+        end
+        break if md
+        return nil if pattern.is_a?(String)
+        return nil if @source.nil?
+        return nil unless read(nil, min_bytes)
+        min_bytes *= 2
+      end
+
+      md.nil? ? nil : @scanner
+    end
+
+    def match?( pattern, cons=false )
+      # To avoid performance issue, we need to increase bytes to read per scan
+      min_bytes = 1
+      while true
+        if cons
+          n_matched_bytes = @scanner.skip(pattern)
+        else
+          n_matched_bytes = @scanner.match?(pattern)
+        end
+        return true if n_matched_bytes
+        return false if pattern.is_a?(String)
+        return false if @source.nil?
+        return false unless read(nil, min_bytes)
+        min_bytes *= 2
+      end
+    end
+
+    def empty?
+      super and ( @source.nil? || @source.eof? )
+    end
+
+    # @return the current line in the source
+    def current_line
+      begin
+        pos = @er_source.pos        # The byte position in the source
+        lineno = @er_source.lineno  # The XML < position in the source
+        @er_source.rewind
+        line = 0                    # The \r\n position in the source
+        begin
+          while @er_source.pos < pos
+            @er_source.readline
+            line += 1
+          end
+        rescue
+        end
+        @er_source.seek(pos)
+      rescue IOError, SystemCallError
+        pos = -1
+        line = -1
+      end
+      [pos, lineno, line]
+    end
+
+    private
+    def readline(term = nil)
+      if @pending_buffer
+        begin
+          str = @source.readline(term || @line_break)
+        rescue IOError
+        end
+        if str.nil?
+          str = @pending_buffer
+        else
+          str = @pending_buffer + str
+        end
+        @pending_buffer = nil
+      else
+        str = @source.readline(term || @line_break)
+      end
+      return nil if str.nil?
+
+      if @to_utf
+        decode(str)
+      else
+        str.force_encoding(::Encoding::UTF_8) if @force_utf8
+        str
+      end
+    end
+
+    def encoding_updated
+      case @encoding
+      when "UTF-16BE", "UTF-16LE"
+        @source.binmode
+        @source.set_encoding(@encoding, @encoding)
+      end
+      @line_break = encode(">")
+      @pending_buffer, @scanner.string = @scanner.rest, ""
+      @pending_buffer.force_encoding(@encoding)
+      super
+    end
+  end
+end

data/bundle/ruby/{2.7.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.4.0}/lib/rexml/text.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 require_relative 'security'
 require_relative 'entity'
 require_relative 'doctype'
@@ -29,31 +29,16 @@ module REXML
       (0x10000..0x10FFFF)
     ]
 
-    if String.method_defined? :encode
-      VALID_XML_CHARS = Regexp.new('^['+
-        VALID_CHAR.map { |item|
-          case item
-          when Integer
-            [item].pack('U').force_encoding('utf-8')
-          when Range
-            [item.first, '-'.ord, item.last].pack('UUU').force_encoding('utf-8')
-          end
-        }.join +
-      ']*$')
-    else
-      VALID_XML_CHARS = /^(
-           [\x09\x0A\x0D\x20-\x7E]            # ASCII
-         | [\xC2-\xDF][\x80-\xBF]             # non-overlong 2-byte
-         |  \xE0[\xA0-\xBF][\x80-\xBF]        # excluding overlongs
-         | [\xE1-\xEC\xEE][\x80-\xBF]{2}      # straight 3-byte
-         |  \xEF[\x80-\xBE]{2}                #
-         |  \xEF\xBF[\x80-\xBD]               # excluding U+fffe and U+ffff
-         |  \xED[\x80-\x9F][\x80-\xBF]        # excluding surrogates
-         |  \xF0[\x90-\xBF][\x80-\xBF]{2}     # planes 1-3
-         | [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
-         |  \xF4[\x80-\x8F][\x80-\xBF]{2}     # plane 16
-       )*$/nx;
-    end
+    VALID_XML_CHARS = Regexp.new('^['+
+      VALID_CHAR.map { |item|
+        case item
+        when Integer
+          [item].pack('U').force_encoding('utf-8')
+        when Range
+          [item.first, '-'.ord, item.last].pack('UUU').force_encoding('utf-8')
+        end
+      }.join +
+    ']*$')
 
     # Constructor
     # +arg+ if a String, the content is set to the String.  If a Text,
@@ -131,45 +116,55 @@ module REXML
     def Text.check string, pattern, doctype
 
       # illegal anywhere
-      if string !~ VALID_XML_CHARS
-        if String.method_defined? :encode
-          string.chars.each do |c|
-            case c.ord
-            when *VALID_CHAR
-            else
-              raise "Illegal character #{c.inspect} in raw string #{string.inspect}"
-            end
-          end
-        else
-          string.scan(/[\x00-\x7F]|[\x80-\xBF][\xC0-\xF0]*|[\xC0-\xF0]/n) do |c|
-            case c.unpack('U')
-            when *VALID_CHAR
-            else
-              raise "Illegal character #{c.inspect} in raw string #{string.inspect}"
-            end
+      if !string.match?(VALID_XML_CHARS)
+        string.chars.each do |c|
+          case c.ord
+          when *VALID_CHAR
+          else
+            raise "Illegal character #{c.inspect} in raw string #{string.inspect}"
           end
         end
       end
 
-      # context sensitive
-      string.scan(pattern) do
-        if $1[-1] != ?;
-          raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
-        elsif $1[0] == ?&
-          if $5 and $5[0] == ?#
-            case ($5[1] == ?x ? $5[2..-1].to_i(16) : $5[1..-1].to_i)
-            when *VALID_CHAR
+      pos = 0
+      while (index = string.index(/<|&/, pos))
+        if string[index] == "<"
+          raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+        end
+
+        unless (end_index = string.index(/[^\s];/, index + 1))
+          raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+        end
+
+        value = string[(index + 1)..end_index]
+        if /\s/.match?(value)
+          raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+        end
+
+        if value[0] == "#"
+          character_reference = value[1..-1]
+
+          unless (/\A(\d+|x[0-9a-fA-F]+)\z/.match?(character_reference))
+            if character_reference[0] == "x" || character_reference[-1] == "x"
+              raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
             else
-              raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
+              raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
             end
-          # FIXME: below can't work but this needs API change.
-          # elsif @parent and $3 and !SUBSTITUTES.include?($1)
-          #   if !doctype or !doctype.entities.has_key?($3)
-          #     raise "Undeclared entity '#{$1}' in raw string \"#{string}\""
-          #   end
           end
+
+          case (character_reference[0] == "x" ? character_reference[1..-1].to_i(16) : character_reference[0..-1].to_i)
+          when *VALID_CHAR
+          else
+            raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
+          end
+        elsif !(/\A#{Entity::NAME}\z/um.match?(value))
+          raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
         end
+
+        pos = end_index + 1
       end
+
+      string
     end
 
     def node_type
@@ -248,7 +243,8 @@ module REXML
     #   u = Text.new( "sean russell", false, nil, true )
     #   u.value   #-> "sean russell"
     def value
-      @unnormalized ||= Text::unnormalize( @string, doctype )
+      @unnormalized ||= Text::unnormalize(@string, doctype,
+                                          entity_expansion_text_limit: document&.entity_expansion_text_limit)
     end
 
     # Sets the contents of this text node.  This expects the text to be
@@ -371,7 +367,7 @@ module REXML
       copy = input.to_s
       # Doing it like this rather than in a loop improves the speed
       #copy = copy.gsub( EREFERENCE, '&amp;' )
-      copy = copy.gsub( "&", "&amp;" )
+      copy = copy.gsub( "&", "&amp;" ) if copy.include?("&")
       if doctype
         # Replace all ampersands that aren't part of an entity
         doctype.entities.each_value do |entity|
@@ -382,18 +378,21 @@ module REXML
       else
         # Replace all ampersands that aren't part of an entity
         DocType::DEFAULT_ENTITIES.each_value do |entity|
-          copy = copy.gsub(entity.value, "&#{entity.name};" )
+          if copy.include?(entity.value)
+            copy = copy.gsub(entity.value, "&#{entity.name};" )
+          end
         end
       end
       copy
     end
 
     # Unescapes all possible entities
-    def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
+    def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
+      entity_expansion_text_limit ||= Security.entity_expansion_text_limit
       sum = 0
       string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
         s = Text.expand($&, doctype, filter)
-        if sum + s.bytesize > Security.entity_expansion_text_limit
+        if sum + s.bytesize > entity_expansion_text_limit
           raise "entity expansion has grown too large"
         else
           sum += s.bytesize

data/bundle/ruby/{2.7.0/gems/rexml-3.2.5 → 3.1.0/gems/rexml-3.4.0}/lib/rexml/xpath_parser.rb

@@ -590,6 +590,7 @@ module REXML
 
     def evaluate_predicate(expression, nodesets)
       enter(:predicate, expression, nodesets) if @debug
+      new_nodeset_count = 0
       new_nodesets = nodesets.collect do |nodeset|
         new_nodeset = []
         subcontext = { :size => nodeset.size }
@@ -606,17 +607,20 @@ module REXML
           result = result[0] if result.kind_of? Array and result.length == 1
           if result.kind_of? Numeric
             if result == node.position
-              new_nodeset << XPathNode.new(node, position: new_nodeset.size + 1)
+              new_nodeset_count += 1
+              new_nodeset << XPathNode.new(node, position: new_nodeset_count)
             end
           elsif result.instance_of? Array
             if result.size > 0 and result.inject(false) {|k,s| s or k}
               if result.size > 0
-                new_nodeset << XPathNode.new(node, position: new_nodeset.size + 1)
+                new_nodeset_count += 1
+                new_nodeset << XPathNode.new(node, position: new_nodeset_count)
               end
             end
           else
             if result
-              new_nodeset << XPathNode.new(node, position: new_nodeset.size + 1)
+              new_nodeset_count += 1
+              new_nodeset << XPathNode.new(node, position: new_nodeset_count)
             end
           end
         end

data/bundle/ruby/{2.7.0/gems/ruby2ruby-2.4.4 → 3.1.0/gems/ruby2ruby-2.5.1}/History.rdoc

@@ -1,3 +1,25 @@
+=== 2.5.1 / 2024-07-08
+
+* 1 bug fix:
+
+  * Fix errors created when string literals are frozen. (byroot + zenspider)
+
+=== 2.5.0 / 2022-10-04
+
+* 5 minor enhancements:
+
+  * Added support for (most?) pattern matching.
+  * Added support for **kwrest.
+  * Added support for forward args (...), defn and call.
+  * Added support for preexe (BEGIN { ... }).
+  * Support ruby 3.1 hash shorthand syntax. (presidentbeef)
+
+* 3 bug fixes:
+
+  * Fix generation of case w/ no else.
+  * Fixed a bug block shadow vars (they're grouped)
+  * Fixed find_pat up (after fixing a find_pat bug in ruby_parser).
+
 === 2.4.4 / 2019-09-24
 
 * 1 bug fix: