gitlab-markup 1.6.4 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '088585ef527b31da2dd72c9a6efe953a04276e6ca5a0cf411b0b8c32547b27ff'
-  data.tar.gz: ad0c68e99b095ef0f5f94e5d2343003b555f3ad220ae309db55c0627c8419f42
+  metadata.gz: ffe78f2c70532bd5111c1adba163151a60108ceec4525f022a47032af7579192
+  data.tar.gz: c0d89038ace9d3756e7866d711776e830469d03a70e7d7a25edf93e964f285c3
 SHA512:
-  metadata.gz: 7e9841bddbba24c743d6da4fc6cba9bc3bf04019cc3b16a79d51b15638d778bfab192f3ecf17b64ea7c18470ec701c266ae630c22dc3936d0eed11530d956142
-  data.tar.gz: ffc895e79b9f1bc84e0214a1e9e7fcebcac0d0d8ab8ee33a7359cbe19ef3debffd0497500fa537ad024ec9297f5134c5e6aefb3d5069e886c304f613eb50d286
+  metadata.gz: ba9c3cf53d15ac267552fb7013dc1612b8ae4e15a71aeed4b256f38bd2bcbe6152fb089b9d82c49598ef0556a5f16f7ae72c288adfd95c8d69f40a2929ea268d
+  data.tar.gz: 8db081c15c4883e1d51285575bbfcdd9fb9074767d019988a35cead5de3ffaee1f79fd1fea1ef616f265dee25b12080c5f0b652079165b1fa1c0201c9497eb47

data/.gitlab-ci.yml

@@ -1,24 +1,116 @@
+include:
+  - template: SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml # https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
+  - template: Security/Secret-Detection.gitlab-ci.yml # https://docs.gitlab.com/ee/user/application_security/secret_detection/
+
 variables:
   LANG: "C.UTF-8"
 
-.specs: &specs
+default:
+  tags:
+    - gitlab-org
+
+workflow:
+  rules: &workflow_rules
+    # For merge requests, create a pipeline.
+    - if: '$CI_MERGE_REQUEST_IID'
+    # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    # For tags, create a pipeline.
+    - if: '$CI_COMMIT_TAG'
+
+.specs:
   cache:
+    key: "$CI_JOB_NAME"
     paths:
       - vendor/ruby
   before_script:
     - apt update
-    - apt install python-pip git build-essential -y
-    - pip install 'docutils==0.13.1'
+    - apt install python3 python3-pip git build-essential -y
+    - apt remove python -y
+    - pip3 install "docutils==$DOCUTILS_VERSION"
     - bundle install --jobs $(nproc)
   script:
+    - echo "Testing without posix-spawn..."
+    - cp Gemfile Gemfile.orig
+    - sed -i -e '/posix-spawn/d' Gemfile
+    - bundle install
     - bundle exec rake test
+    - echo "Testing with posix-spawn..."
+    - mv Gemfile.orig Gemfile
+    - bundle install
+    - bundle exec rake test
+
+.docutils-014:
+  variables:
+    DOCUTILS_VERSION: "0.14"
+
+.docutils-015:
+  variables:
+    DOCUTILS_VERSION: "0.15.2"
+
+.docutils-016:
+  variables:
+    DOCUTILS_VERSION: "0.16"
+
+ruby-25:
+  image: ruby:2.5
+  extends:
+    - .docutils-014
+    - .specs
+
+ruby-26:
+  image: ruby:2.6
+  extends:
+    - .docutils-014
+    - .specs
+
+ruby-27:
+  image: ruby:2.7
+  extends:
+    - .docutils-014
+    - .specs
+
+ruby-25-du15:
+  image: ruby:2.5
+  extends:
+    - .docutils-015
+    - .specs
+
+ruby-26-du15:
+  image: ruby:2.6
+  extends:
+    - .docutils-015
+    - .specs
+
+ruby-27-du15:
+  image: ruby:2.7
+  extends:
+    - .docutils-015
+    - .specs
+
+ruby-25-du16:
+  image: ruby:2.5
+  extends:
+    - .docutils-016
+    - .specs
+
+ruby-26-du16:
+  image: ruby:2.6
+  extends:
+    - .docutils-016
+    - .specs
+
+ruby-27-du16:
+  image: ruby:2.7
+  extends:
+    - .docutils-016
+    - .specs
+
+# Dependency Scanning
+gemnasium-dependency_scanning:
+  rules: *workflow_rules
 
-ruby-21:
-  image: ruby:2.1
-  <<: *specs
-ruby-22:
-  image: ruby:2.2
-  <<: *specs
-ruby-23:
-  image: ruby:2.3
-  <<: *specs
+# Secret Detection
+secret_detection:
+  rules: *workflow_rules

data/HISTORY.md

@@ -1,3 +1,20 @@
+## 1.8.0 (2021-12-02)
+
+* Disable configuration file processing in RST
+* Wrap call to rest2html in a timeout
+
+## 1.7.1 (2020-05-01)
+
+* Fix RST rendering not working for large files
+
+## 1.7.0 (2019-03-05)
+
+* Require Python 3
+
+## 1.6.5 (2018-10-31)
+
+* Renamed executable from `github-markup` to `gitlab-markup`
+
 ## 1.6.4 (2018-06-08)
 
 * Fixed extra blank line at start of rendered reStructuredText code block 

data/README.md

@@ -1,7 +1,7 @@
 GitLab Markup
 =============
 
-[![build status](https://gitlab.com/gitlab-org/gitlab-markup/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-markup/commits/master)
+[![build status](https://gitlab.com/gitlab-org/gitlab-markup/badges/master/pipeline.svg)](https://gitlab.com/gitlab-org/gitlab-markup/commits/master)
 
 This library is a fork of GitHub Markup, which is used to render all non Markdown markups:
 
@@ -17,15 +17,15 @@ Markups
 -------
 
 The following markups are supported.  The dependencies listed are required if
-you wish to run the library. You can also run `script/bootstrap` to fetch them all.
+you wish to run the library. You can also run `script/bootstrap` to fetch them all (Python 3 required).
 
 * [.markdown, .mdown, .mkdn, .md](http://daringfireball.net/projects/markdown/) -- `gem install redcarpet` (https://github.com/vmg/redcarpet)
 * [.textile](http://www.textism.com/tools/textile/) -- `gem install RedCloth`
-* [.rdoc](http://rdoc.sourceforge.net/) -- `gem install rdoc -v 3.6.1`
+* [.rdoc](https://ruby.github.io/rdoc/) -- `gem install rdoc -v 3.6.1`
 * [.org](http://orgmode.org/) -- `gem install org-ruby`
 * [.creole](http://wikicreole.org/) -- `gem install creole`
 * [.mediawiki, .wiki](http://www.mediawiki.org/wiki/Help:Formatting) -- `gem install wikicloth`
-* [.rst](http://docutils.sourceforge.net/rst.html) -- `pip install docutils==0.13.1`
+* [.rst](https://docutils.sourceforge.io/rst.html) -- `pip install docutils`
 * [.asciidoc, .adoc, .asc](http://asciidoc.org/) -- `gem install asciidoctor` (http://asciidoctor.org)
 * [.pod](http://search.cpan.org/dist/perl/pod/perlpod.pod) -- `Pod::Simple::HTML`
   comes with Perl >= 5.10. Lower versions should install [Pod::Simple](http://search.cpan.org/~dwheeler/Pod-Simple-3.28/lib/Pod/Simple.pod) from CPAN.
@@ -33,7 +33,9 @@ you wish to run the library. You can also run `script/bootstrap` to fetch them a
 Installation
 -----------
 
-```
+Ruby 2.6+ is highly recommended (Ruby 2.5 is still supported).
+
+```shell
 gem install gitlab-markup
 ```
 

data/gitlab-markup.gemspec

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require File.expand_path('../lib/github-markup', __FILE__)
 
 Gem::Specification.new do |s|
@@ -24,7 +25,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'activesupport', '~> 4.0'
   s.add_development_dependency 'html-pipeline', '~> 1.0'
   s.add_development_dependency 'minitest', '~> 5.4.3'
-  s.add_development_dependency 'nokogiri', '~> 1.6.1'
+  s.add_development_dependency 'nokogiri', '~> 1.10.9'
   s.add_development_dependency 'nokogiri-diff', '~> 0.2.0'
-  s.add_development_dependency 'sanitize', '~> 2.1.0'
+  s.add_development_dependency 'sanitize', '~> 5.1.0'
 end

data/lib/github/commands/rest2html

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 """
 rest2html - A small wrapper file for parsing ReST files at GitHub.
 
@@ -54,6 +54,7 @@ from docutils.core import publish_parts
 from docutils.writers.html4css1 import Writer, HTMLTranslator
 
 SETTINGS = {
+    '_disable_config': True,
     'cloak_email_addresses': False,
     'file_insertion_enabled': False,
     'raw_enabled': False,

data/lib/github/markup/command_implementation.rb

@@ -12,6 +12,8 @@ module GitHub
     end
 
     class CommandImplementation < Implementation
+      DEFAULT_GITLAB_MARKUP_TIMEOUT = '10'.freeze
+
       attr_reader :command, :block, :name
 
       def initialize(regexp, command, name, &block)
@@ -27,7 +29,8 @@ module GitHub
         call_block(rendered, content)
       end
 
-    private
+      private
+
       def call_block(rendered, content)
         if block && block.arity == 2
           block.call(rendered, content)
@@ -38,27 +41,44 @@ module GitHub
         end
       end
 
+      def timeout_in_seconds
+        ENV.fetch('GITLAB_MARKUP_TIMEOUT', DEFAULT_GITLAB_MARKUP_TIMEOUT).to_i
+      end
+
+      def prepend_command_timeout_prefix(command)
+        timeout_command_prefix = "timeout --signal=KILL #{timeout_in_seconds}"
+
+        # Preserve existing support for command being either a String or an Array
+        if command.is_a?(String)
+          "#{timeout_command_prefix} #{command}"
+        else
+          timeout_command_prefix.split(' ') + command
+        end
+      end
+
       if defined?(POSIX::Spawn)
         def execute(command, target)
-          spawn = POSIX::Spawn::Child.new(*command, :input => target)
+          command_with_timeout_prefix = prepend_command_timeout_prefix(command)
+          spawn = POSIX::Spawn::Child.new(*command_with_timeout_prefix, :input => target)
           if spawn.status.success?
             sanitize(spawn.out, target.encoding)
+          elsif spawn.status.termsig == Signal.list['KILL']
+            raise TimeoutError.new("Command was killed, probably due to exceeding GITLAB_MARKUP_TIMEOUT limit of #{timeout_in_seconds} seconds")
           else
             raise CommandError.new(spawn.err.strip)
           end
         end
       else
         def execute(command, target)
-          output = Open3.popen3(*command) do |stdin, stdout, stderr, wait_thr|
-            stdin.puts target
-            stdin.close
-            if wait_thr.value.success?
-              stdout.readlines
-            else
-              raise CommandError.new(stderr.readlines.join('').strip)
-            end
+          command_with_timeout_prefix = prepend_command_timeout_prefix(command)
+          stdout_str, stderr_str, status = Open3.capture3(*command_with_timeout_prefix, stdin_data: target)
+          if status.success?
+            sanitize(stdout_str, target.encoding)
+          elsif status.termsig == Signal.list['KILL']
+            raise TimeoutError.new("Command was killed, probably due to exceeding GITLAB_MARKUP_TIMEOUT limit of #{timeout_in_seconds} seconds")
+          else
+            raise CommandError.new(stderr_str.strip)
           end
-          sanitize(output.join(''), target.encoding)
         end
       end
 

data/lib/github/markups.rb

@@ -33,7 +33,7 @@ markup(:asciidoctor, /adoc|asc(iidoc)?/) do |content|
 end
 
 command(
-  "python2 -S #{Shellwords.escape(File.dirname(__FILE__))}/commands/rest2html",
+  "python3 #{Shellwords.escape(File.dirname(__FILE__))}/commands/rest2html",
   /re?st(\.txt)?/,
   "restructuredtext"
 )

data/lib/github-markup.rb

@@ -1,6 +1,6 @@
 module GitHub
   module Markup
-    VERSION = '1.6.4'
+    VERSION = '1.8.0'
     Version = VERSION
   end
 end