narou 3.5.1 → 3.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f37fc846838d47f62b093acfd19416b7eb81a992eaf50feb4f05a857624b3bbf
-  data.tar.gz: 9765f2c1e9d88f266a922410f5f3ed89b70060c553c4f557bbac282fa7fc3a4b
+  metadata.gz: 77ab6235ef1ca1a8b4118c2986f51dacb824833df2cdb10132bbd9635d9dde1b
+  data.tar.gz: 718dd667b95a2301cb99f7e9e52d05698ecd88aef8b2864cce89efecf46e0fb3
 SHA512:
-  metadata.gz: 770d433baf61c01dc2d577e79fb8be0d6ca418c62fb6f6900c84b8401b1658b2c08beb65c5bcf58352bc70b62735b8cdb47caf4c25fe1bc15b2dad183eb6fc04
-  data.tar.gz: 726d8579ab32be6ad94e9d2a84c764bea0c7c2f78b5ca7e9c7584f2b30340f472315e30781f16a44cf5d72043396271e6903d8a5002d4b5eaf8c51cf3ebb7e8e
+  metadata.gz: 4325e3c255961dc300b5485f28c55cbe3443c7061ce520b65d32109c4acf97264653d4c9e77fda8dff65a094600e0f598a7beccc3465adc96e29cffde24dc6d6
+  data.tar.gz: 78ab226c92e31c198896ed9289f62a0e907a72a17026c15c23175ae9f45fd5b7b11f63972b14607f19642ea3d112019d44762d1da33440d7fc21d3900df9182f

data/.circleci/config.yml

@@ -3,7 +3,7 @@ jobs:
   build:
     working_directory: ~/circleci-narou
     docker:
-      - image: circleci/ruby:2.5
+      - image: circleci/ruby:3.0
         environment:
           BUNDLE_JOBS: 1
           BUNDLE_RETRY: 3
@@ -12,8 +12,8 @@ jobs:
       - checkout
 
       - run:
-          name: Which bundler?
-          command: bundle -v
+          name: Install bundler 2.1.4
+          command: gem install bundler:2.1.4
 
       # Restore bundle cache
       - restore_cache:

data/.rubocop.yml

@@ -176,7 +176,7 @@ Style/StringLiterals:
 Style/SymbolProc:
   Enabled: true
 
-Layout/Tab:
+Layout/IndentationStyle:
   Enabled: true
 
 Layout/TrailingEmptyLines:

data/ChangeLog.md

@@ -1,6 +1,43 @@
 更新履歴 - ChangeLog
 ====================
 
+3.8.0: 2021/06/27
+-----------------
+#### 修正内容
+- タイトル名もしくは作者名に特定の記号を使うことで任意のコードを実行できて
+  しまう問題を修正 [CVE-2021-35514]
+  - この問題を発見した RyotaK に感謝します
+
+
+3.7.2: 2021/06/05
+-----------------
+#### 追加機能
+- folder コマンドに --no-open (-n) オプションを追加しました
+
+#### 修正内容
+- gem update を行うとクラッシュする場合があったのを修正
+  - psych 4.0 からの非互換に対応
+- その他軽微な修正
+
+3.7.1: 2021/04/01
+-----------------
+#### 修正内容
+- その他の小説の最新話掲載日を確認しようとするとクラッシュする不具合を修正
+
+
+3.7.0: 2021/01/23
+-----------------
+#### 修正内容
+- Apple Silicon 搭載 Mac でも動く様にライブラリをアップデート
+- device を kobo に設定し、ebook-filename-length-limit でファイル名が制限され
+  た場合に send コマンドが正常に実行できない不具合を修正
+
+3.6.0: 2021/01/02
+-----------------
+#### 修正内容
+- Ruby 3.0 に対応
+
+
 3.5.1: 2020/03/21
 -----------------
 #### 修正内容

data/Gemfile.lock

@@ -1,119 +1,122 @@
 PATH
   remote: .
   specs:
-    narou (3.5.0)
-      activesupport (~> 5.2)
+    narou (3.7.2)
+      activesupport (>= 6.1, < 8.0)
       diff-lcs (~> 1.2, >= 1.2.5)
       erubis (~> 2.7)
+      ffi (~> 1.4, >= 1.4.2)
       haml (>= 5.1.2, < 6)
       mail (~> 2.6.0, >= 2.6.6)
       memoist (~> 0.11.0)
       open_uri_redirections (~> 0.2, >= 0.2.1)
       pony (~> 1, >= 1.11)
+      psych (~> 4.0)
       rubyzip (~> 2.0, >= 2.0.0)
-      sass (~> 3.4, >= 3.4.18)
-      sinatra (~> 1.4, >= 1.4.5)
-      sinatra-contrib (~> 1.4, >= 1.4.2)
+      sassc (~> 2.4)
+      sinatra (~> 2.0, >= 2.0.8.1)
+      sinatra-contrib (~> 2.0, >= 2.0.8.1)
       systemu (~> 2.6, >= 2.6.5)
       termcolorlight (~> 1.0, >= 1.1.1)
       tilt (~> 2.0, >= 2.0.10)
       unicode-display_width (~> 1.4)
+      webrick (~> 1.7)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.4.1)
+    activesupport (6.1.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     awesome_print (1.8.0)
-    backports (3.15.0)
-    byebug (11.1.1)
-    coderay (1.1.2)
-    concurrent-ruby (1.1.5)
-    diff-lcs (1.3)
-    docile (1.3.2)
+    byebug (11.1.3)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.8)
+    diff-lcs (1.4.4)
+    docile (1.3.5)
     erubis (2.7.0)
-    ffi (1.12.2)
-    haml (5.1.2)
+    ffi (1.14.2)
+    ffi (1.14.2-java)
+    haml (5.2.1)
       temple (>= 0.8.0)
       tilt
-    i18n (1.7.0)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     mail (2.6.6)
       mime-types (>= 1.16, < 4)
     memoist (0.11.0)
-    method_source (0.9.2)
+    method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
-    minitest (5.13.0)
-    multi_json (1.14.1)
+    mime-types-data (3.2021.0225)
+    minitest (5.14.4)
+    multi_json (1.15.0)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
     open_uri_redirections (0.2.1)
     pony (1.13.1)
       mail (>= 2.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-byebug (3.8.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
       byebug (~> 11.0)
-      pry (~> 0.10)
-    rack (1.6.12)
-    rack-protection (1.5.5)
+      pry (~> 0.13.0)
+    psych (4.0.0)
+    rack (2.2.3)
+    rack-protection (2.1.0)
       rack
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rb-fsevent (0.10.3)
-    rb-inotify (0.10.1)
-      ffi (~> 1.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.10.0)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.9.2)
+    rspec-support (3.10.1)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubyzip (2.0.0)
-    sass (3.7.4)
-      sass-listen (~> 4.0.0)
-    sass-listen (4.0.0)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-    simplecov (0.18.2)
+    ruby2_keywords (0.0.4)
+    rubyzip (2.3.0)
+    sassc (2.4.0)
+      ffi (~> 1.9)
+    simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
-    simplecov-html (0.12.0)
-    sinatra (1.4.8)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
-    sinatra-contrib (1.4.7)
-      backports (>= 2.0)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    sinatra-contrib (2.1.0)
       multi_json
-      rack-protection
-      rack-test
-      sinatra (~> 1.4.0)
-      tilt (>= 1.3, < 3)
+      mustermann (~> 1.0)
+      rack-protection (= 2.1.0)
+      sinatra (= 2.1.0)
+      tilt (~> 2.0)
     systemu (2.6.5)
     temple (0.8.2)
     termcolorlight (1.1.1)
-    thread_safe (0.3.6)
     tilt (2.0.10)
-    timecop (0.9.1)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    unicode-display_width (1.6.0)
+    timecop (0.9.2)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (1.7.0)
+    webrick (1.7.0)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   java
@@ -124,11 +127,11 @@ DEPENDENCIES
   narou!
   pry (~> 0.12)
   pry-byebug (~> 3.8)
-  rspec (~> 3.9)
+  rspec (~> 3.10)
   rspec-retry (~> 0.6)
   rspec_junit_formatter (~> 0.4)
-  simplecov (~> 0.18)
+  simplecov (~> 0.20)
   timecop (~> 0.9)
 
 BUNDLED WITH
-   1.17.3
+   2.2.15

data/README.md

@@ -34,12 +34,12 @@ Narou.rb - 小説家になろうのダウンローダ＆縦書き整形＆管理
 更新履歴 - ChangeLog
 --------------------
 
-3.5.1: 2020/03/21
+3.8.0: 2021/06/27
 -----------------
 #### 修正内容
-- 小説家になろう系列の挿絵をダウンロード時に、サムネイル画像を取得するように
-  なってしまっていたのを修正
-- Ruby 2.7 で narou setting -l を実行時に警告が大量に出ていたのを修正
+- タイトル名もしくは作者名に特定の記号を使うことで任意のコードを実行できて
+  しまう問題を修正 [CVE-2021-35514]
+  - この問題を発見した RyotaK に感謝します
 
 ----
 

data/lib/command/browser.rb

@@ -45,7 +45,7 @@ module Command
         if @options["vote"]
           # TODO: 最新話の場所をAPIで取得する
           data_dir = Downloader.get_novel_data_dir_by_target(data["id"])
-          latest_index = YAML.load_file(File.join(data_dir, Downloader::TOC_FILE_NAME))["subtitles"].last["index"]
+          latest_index = YAML.unsafe_load_file(File.join(data_dir, Downloader::TOC_FILE_NAME))["subtitles"].last["index"]
           open_url = "#{toc_url + latest_index}/#my_novelpoint"
         else
           open_url = toc_url

data/lib/command/diff.rb

@@ -212,8 +212,8 @@ module Command
       cache_sections = []
       cache_section_list.each do |path|
         match_latest_path = File.join(novel_dir, File.basename(path))
-        latest_novel_sections << YAML.load_file(match_latest_path) if File.exist?(match_latest_path)
-        cache_sections << YAML.load_file(path)
+        latest_novel_sections << YAML.unsafe_load_file(match_latest_path) if File.exist?(match_latest_path)
+        cache_sections << YAML.unsafe_load_file(path)
       end
 
       novel_info = Database.instance[id]

data/lib/command/folder.rb

@@ -23,7 +23,12 @@ module Command
     narou folder musyoku
     narou folder 0
     narou f 0
+
+  Options:
       EOS
+      @opt.on("-n", "--no-open", "フォルダを開かずにパスだけ表示する") {
+        @options["no-open"] = true
+      }
     end
 
     def execute(argv)
@@ -33,7 +38,7 @@ module Command
       argv.each do |target|
         dir = Downloader.get_novel_data_dir_by_target(target)
         if dir
-          Helper.open_directory(dir)
+          Helper.open_directory(dir) unless @options["no-open"]
           puts dir
         else
           error "#{target} は存在しません"

data/lib/command/setting.rb

@@ -537,8 +537,8 @@ module Command
         "webui.theme" => {
           type: :select, help: "WEB UI 用テーマ選択",
           invisible: true,
-          select_keys: Narou.get_theme_names,
-          select_summaries: Narou.get_theme_names,
+          select_keys: Narou.theme_names,
+          select_summaries: Narou.theme_names,
           tab: :webui
         },
         "webui.table.reload-timing" => {

data/lib/command/update/general_lastup_updater.rb

@@ -4,6 +4,7 @@
 # Copyright 2013 whiteleaf. All rights reserved.
 #
 
+require "net/http"
 require_relative "../../narou/api"
 
 module Command
@@ -63,7 +64,7 @@ module Command
           interval.wait
           begin
             downloader = Downloader.new(id)
-            next unless downloader.get_latest_table_of_contents(through_error: true)
+            next unless downloader.get_latest_table_of_contents(downloader.load_toc_file, through_error: true)
             dates = {
               "novelupdated_at" => downloader.get_novelupdated_at,
               "general_lastup" => downloader.get_general_lastup,

data/lib/device.rb

@@ -91,13 +91,12 @@ class Device
   end
 
   def eject
-    if ejectable?
-      begin
-        Device.eject(@device_module::VOLUME_NAME)
-      rescue CantEject => e
-        error e.message
-      end
-    end
+    return unless ejectable?
+
+    Device.eject(@device_module::VOLUME_NAME)
+    yield if block_given?
+  rescue CantEject => e
+    error e.message
   end
 
   def self.support_eject?

data/lib/downloader.rb

@@ -157,7 +157,7 @@ class Downloader
   # toc 読込
   #
   def self.get_toc_data(archive_path)
-    YAML.load_file(File.join(archive_path, TOC_FILE_NAME))
+    YAML.unsafe_load_file(File.join(archive_path, TOC_FILE_NAME))
   end
 
   def self.get_toc_by_target(target)
@@ -778,6 +778,7 @@ class Downloader
       @setting["story"] = story_html.to_aozora
     end
     @setting["info"] = info
+    replace_external_properties_of_setting
 
     @setting["title"] = get_title
     if series_novel?
@@ -801,6 +802,7 @@ class Downloader
     raise if through_error   # エラー処理はしなくていいからそのまま例外を受け取りたい時用
     if e.message.include?("404")
       @stream.error "小説が削除されているか非公開な可能性があります"
+      sleep_for_download
       if database.novel_exists?(@id)
         Command::Tag.execute!(%W(#{@id} --add 404 --color white --no-overwrite-color), io: Narou::NullIO.new)
         Command::Freeze.execute!(@id, "--on")
@@ -1042,7 +1044,7 @@ class Downloader
   def different_section?(old_relative_path, new_subtitle_info)
     path = get_novel_data_dir.join(old_relative_path)
     return true unless path.exist?
-    YAML.load_file(path)["element"] != new_subtitle_info["element"]
+    YAML.unsafe_load_file(path)["element"] != new_subtitle_info["element"]
   end
 
   #
@@ -1267,7 +1269,7 @@ class Downloader
   #
   # 小説データの格納ディレクトリから読み込む
   def load_novel_data(filename)
-    YAML.load_file(get_novel_data_dir.join(filename))
+    YAML.unsafe_load_file(get_novel_data_dir.join(filename))
   rescue Errno::ENOENT
     nil
   end
@@ -1302,4 +1304,9 @@ class Downloader
       Template.write(filename, novel_dir_path, binding, binary_version)
     end
   end
+
+  def replace_external_properties_of_setting
+    @setting["title"] = @setting["title"].delete("\r\n")
+    @setting["author"] = @setting["author"].delete("\r\n")
+  end
 end