gitlab-markup 1.7.1 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09b3fa152cddf98ba3d9cc535ccc8c98a8f885bdca9bab8e6c2b7d652c1ccd40'
-  data.tar.gz: 3ea51712dc4e7db1f7cd6a6d58de35cfc573ae175629257301dedb922085d68d
+  metadata.gz: ffe78f2c70532bd5111c1adba163151a60108ceec4525f022a47032af7579192
+  data.tar.gz: c0d89038ace9d3756e7866d711776e830469d03a70e7d7a25edf93e964f285c3
 SHA512:
-  metadata.gz: c2854f54a6c8b066ee2f9c53cdfe4a5f50b18cc26b45241db30f4f9adb7ff245fa0e6cbf638c14c6330bab49721f8d88f644053fa9a86daec321cef7f27ef329
-  data.tar.gz: d4b7be854df8e75dc311a658ebc74e3bdbd4fca4bd69e25e627da5435b66b28527bfb6f9756c02ae100a11c95482dc76803bceaed3f78d10d4009d0bf1ee2f29
+  metadata.gz: ba9c3cf53d15ac267552fb7013dc1612b8ae4e15a71aeed4b256f38bd2bcbe6152fb089b9d82c49598ef0556a5f16f7ae72c288adfd95c8d69f40a2929ea268d
+  data.tar.gz: 8db081c15c4883e1d51285575bbfcdd9fb9074767d019988a35cead5de3ffaee1f79fd1fea1ef616f265dee25b12080c5f0b652079165b1fa1c0201c9497eb47

data/.gitlab-ci.yml

@@ -1,3 +1,8 @@
+include:
+  - template: SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml # https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
+  - template: Security/Secret-Detection.gitlab-ci.yml # https://docs.gitlab.com/ee/user/application_security/secret_detection/
+
 variables:
   LANG: "C.UTF-8"
 
@@ -6,7 +11,7 @@ default:
     - gitlab-org
 
 workflow:
-  rules:
+  rules: &workflow_rules
     # For merge requests, create a pipeline.
     - if: '$CI_MERGE_REQUEST_IID'
     # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
@@ -48,12 +53,6 @@ workflow:
   variables:
     DOCUTILS_VERSION: "0.16"
 
-ruby-24:
-  image: ruby:2.4
-  extends:
-    - .docutils-014
-    - .specs
-
 ruby-25:
   image: ruby:2.5
   extends:
@@ -72,12 +71,6 @@ ruby-27:
     - .docutils-014
     - .specs
 
-ruby-24-du15:
-  image: ruby:2.4
-  extends:
-    - .docutils-015
-    - .specs
-
 ruby-25-du15:
   image: ruby:2.5
   extends:
@@ -96,12 +89,6 @@ ruby-27-du15:
     - .docutils-015
     - .specs
 
-ruby-24-du16:
-  image: ruby:2.4
-  extends:
-    - .docutils-016
-    - .specs
-
 ruby-25-du16:
   image: ruby:2.5
   extends:
@@ -119,3 +106,11 @@ ruby-27-du16:
   extends:
     - .docutils-016
     - .specs
+
+# Dependency Scanning
+gemnasium-dependency_scanning:
+  rules: *workflow_rules
+
+# Secret Detection
+secret_detection:
+  rules: *workflow_rules

data/HISTORY.md

@@ -1,3 +1,8 @@
+## 1.8.0 (2021-12-02)
+
+* Disable configuration file processing in RST
+* Wrap call to rest2html in a timeout
+
 ## 1.7.1 (2020-05-01)
 
 * Fix RST rendering not working for large files

data/README.md

@@ -17,11 +17,11 @@ Markups
 -------
 
 The following markups are supported.  The dependencies listed are required if
-you wish to run the library. You can also run `script/bootstrap` to fetch them all.
+you wish to run the library. You can also run `script/bootstrap` to fetch them all (Python 3 required).
 
 * [.markdown, .mdown, .mkdn, .md](http://daringfireball.net/projects/markdown/) -- `gem install redcarpet` (https://github.com/vmg/redcarpet)
 * [.textile](http://www.textism.com/tools/textile/) -- `gem install RedCloth`
-* [.rdoc](http://rdoc.sourceforge.net/) -- `gem install rdoc -v 3.6.1`
+* [.rdoc](https://ruby.github.io/rdoc/) -- `gem install rdoc -v 3.6.1`
 * [.org](http://orgmode.org/) -- `gem install org-ruby`
 * [.creole](http://wikicreole.org/) -- `gem install creole`
 * [.mediawiki, .wiki](http://www.mediawiki.org/wiki/Help:Formatting) -- `gem install wikicloth`
@@ -33,7 +33,9 @@ you wish to run the library. You can also run `script/bootstrap` to fetch them a
 Installation
 -----------
 
-```
+Ruby 2.6+ is highly recommended (Ruby 2.5 is still supported).
+
+```shell
 gem install gitlab-markup
 ```
 

data/gitlab-markup.gemspec

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require File.expand_path('../lib/github-markup', __FILE__)
 
 Gem::Specification.new do |s|

data/lib/github/commands/rest2html

@@ -54,6 +54,7 @@ from docutils.core import publish_parts
 from docutils.writers.html4css1 import Writer, HTMLTranslator
 
 SETTINGS = {
+    '_disable_config': True,
     'cloak_email_addresses': False,
     'file_insertion_enabled': False,
     'raw_enabled': False,

data/lib/github/markup/command_implementation.rb

@@ -12,6 +12,8 @@ module GitHub
     end
 
     class CommandImplementation < Implementation
+      DEFAULT_GITLAB_MARKUP_TIMEOUT = '10'.freeze
+
       attr_reader :command, :block, :name
 
       def initialize(regexp, command, name, &block)
@@ -27,7 +29,8 @@ module GitHub
         call_block(rendered, content)
       end
 
-    private
+      private
+
       def call_block(rendered, content)
         if block && block.arity == 2
           block.call(rendered, content)
@@ -38,20 +41,41 @@ module GitHub
         end
       end
 
+      def timeout_in_seconds
+        ENV.fetch('GITLAB_MARKUP_TIMEOUT', DEFAULT_GITLAB_MARKUP_TIMEOUT).to_i
+      end
+
+      def prepend_command_timeout_prefix(command)
+        timeout_command_prefix = "timeout --signal=KILL #{timeout_in_seconds}"
+
+        # Preserve existing support for command being either a String or an Array
+        if command.is_a?(String)
+          "#{timeout_command_prefix} #{command}"
+        else
+          timeout_command_prefix.split(' ') + command
+        end
+      end
+
       if defined?(POSIX::Spawn)
         def execute(command, target)
-          spawn = POSIX::Spawn::Child.new(*command, :input => target)
+          command_with_timeout_prefix = prepend_command_timeout_prefix(command)
+          spawn = POSIX::Spawn::Child.new(*command_with_timeout_prefix, :input => target)
           if spawn.status.success?
             sanitize(spawn.out, target.encoding)
+          elsif spawn.status.termsig == Signal.list['KILL']
+            raise TimeoutError.new("Command was killed, probably due to exceeding GITLAB_MARKUP_TIMEOUT limit of #{timeout_in_seconds} seconds")
           else
             raise CommandError.new(spawn.err.strip)
           end
         end
       else
         def execute(command, target)
-          stdout_str, stderr_str, status = Open3.capture3(*command, stdin_data: target)
+          command_with_timeout_prefix = prepend_command_timeout_prefix(command)
+          stdout_str, stderr_str, status = Open3.capture3(*command_with_timeout_prefix, stdin_data: target)
           if status.success?
             sanitize(stdout_str, target.encoding)
+          elsif status.termsig == Signal.list['KILL']
+            raise TimeoutError.new("Command was killed, probably due to exceeding GITLAB_MARKUP_TIMEOUT limit of #{timeout_in_seconds} seconds")
           else
             raise CommandError.new(stderr_str.strip)
           end

data/lib/github-markup.rb

@@ -1,6 +1,6 @@
 module GitHub
   module Markup
-    VERSION = '1.7.1'
+    VERSION = '1.8.0'
     Version = VERSION
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-markup
 version: !ruby/object:Gem::Version
-  version: 1.7.1
+  version: 1.8.0
 platform: ruby
 authors:
 - Chris Wanstrath
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-07 00:00:00.000000000 Z
+date: 2021-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -165,7 +165,7 @@ metadata:
   bug_tracker_uri: https://gitlab.com/gitlab-org/gitlab-markup/issues
   changelog_uri: https://gitlab.com/gitlab-org/gitlab-markup/blob/master/HISTORY.md
   source_code_uri: https://gitlab.com/gitlab-org/gitlab-markup
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -180,8 +180,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Fork from github-markup GitLab uses to render non markdown content
 test_files: