ndr_import 9.1.0 → 10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aaf3c826acb51f4d579fb956e9606b5b86e120f3bd561db762d72081f27a1098
4
- data.tar.gz: 2b11ddf7dc9b748b4a1ac9cc91b47c47b99677e4bde990c44d1ec20e76efbfc0
3
+ metadata.gz: b98a9642fed703edb02ce4bc18d5c15869f1dd10d0e072866a84a0b6b9529141
4
+ data.tar.gz: 8c4aa215b0e87ca31676a96c703789bfb93d22bf3fa32b44ee7169a4ccfa4607
5
5
  SHA512:
6
- metadata.gz: 3faaf744255693f04425b6e5ed1ec7198e912d2854b3f482a39d9bc53fe3859ed3bb6ef7855cdfd03959042a530f3a2f528239548676c7159c9029d69b6c160d
7
- data.tar.gz: 1aa9d1895d7f874499823c4b87f1874e025b376f239030f3baf40bab5f5ed3ed09f80721205e271446893a9070652df3f26fceb48b59a9eb86ac121fdbfd92c6
6
+ metadata.gz: da1b4ae10264ac9a5ff7d09832c979f81608c6e428052bbe1dc403f5d5cc0d9c1f44348b59d02be340cc48a277cf2bfe84f5fd80560f7ebc3b8379b529f65a4f
7
+ data.tar.gz: b969c50b4aec9687571c53f1b49b6798ff65ef2c1d4edeb36ab535e8af59a2387fe8d4a5941ef9c1257686e59c990b30de69a1423779dd8bf77ccfc94bd04786
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  ## [Unreleased]
2
2
  *no unreleased changes*
3
3
 
4
+ ## 10.0 / 2021-02-22
5
+ ### Changed
6
+ * By default, escape any control characters found in XML (#60)
7
+
4
8
  ## 9.1.0 / 2021-02-01
5
9
  ### Added
6
10
  * `CSVLibrary` is now deprecated.
data/code_safety.yml CHANGED
@@ -26,8 +26,8 @@ file safety:
26
26
  safe_revision: b09e268ff9c8349b914aa1b7ba888e1d39f97e4a
27
27
  CHANGELOG.md:
28
28
  comments:
29
- reviewed_by: ollietulloch
30
- safe_revision: d88ded7c260da37200610e4f0b204a4ea2e481f9
29
+ reviewed_by: joshpencheon
30
+ safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
31
31
  CODE_OF_CONDUCT.md:
32
32
  comments:
33
33
  reviewed_by: timgentry
@@ -238,8 +238,8 @@ file safety:
238
238
  safe_revision: 45da71ebd3acbc0fe53755bcd75483ba17cb6924
239
239
  lib/ndr_import/helpers/file/xml.rb:
240
240
  comments:
241
- reviewed_by: ollietulloch
242
- safe_revision: 4d337bd233f7e60cf9d363c92400f21269a28da7
241
+ reviewed_by: joshpencheon
242
+ safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
243
243
  lib/ndr_import/helpers/file/xml_streaming.rb:
244
244
  comments: uses SafePath and Shellwords when accessing filesystem, or making system
245
245
  calls
@@ -307,8 +307,8 @@ file safety:
307
307
  safe_revision: 5cd2cd0b3a1e254d30d4acc28c6731825a1f84f5
308
308
  lib/ndr_import/version.rb:
309
309
  comments: another check?
310
- reviewed_by: ollietulloch
311
- safe_revision: d88ded7c260da37200610e4f0b204a4ea2e481f9
310
+ reviewed_by: joshpencheon
311
+ safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
312
312
  lib/ndr_import/xml/table.rb:
313
313
  comments:
314
314
  reviewed_by: josh.pencheon
@@ -395,8 +395,8 @@ file safety:
395
395
  safe_revision: ae75fb49baf028ac8ce08e4bedcd3625ff3ff0cd
396
396
  test/helpers/file/xml_test.rb:
397
397
  comments:
398
- reviewed_by: timgentry
399
- safe_revision: 137170d443ea6bcc0afb18f62202c285ae6501eb
398
+ reviewed_by: joshpencheon
399
+ safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
400
400
  test/helpers/file/zip_test.rb:
401
401
  comments:
402
402
  reviewed_by: josh.pencheon
@@ -507,8 +507,8 @@ file safety:
507
507
  safe_revision: 71979e0a602ca5a0ce415c194f10add9959f0116
508
508
  test/resources/malformed.xml:
509
509
  comments:
510
- reviewed_by: timgentry
511
- safe_revision: 137170d443ea6bcc0afb18f62202c285ae6501eb
510
+ reviewed_by: joshpencheon
511
+ safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
512
512
  test/resources/malformed_pipe.csv:
513
513
  comments:
514
514
  reviewed_by: josh.pencheon
@@ -621,6 +621,10 @@ file safety:
621
621
  comments:
622
622
  reviewed_by: timgentry
623
623
  safe_revision: f755c6960182f7dd460c18866cccfdf09178e860
624
+ test/resources/with-control-chars.xml:
625
+ comments:
626
+ reviewed_by: joshpencheon
627
+ safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
624
628
  test/resources/xlsx_file_xls_extension.xls:
625
629
  comments:
626
630
  reviewed_by: timgentry
@@ -10,14 +10,16 @@ module NdrImport
10
10
 
11
11
  private
12
12
 
13
- def read_xml_file(path)
14
- file_data = SafeFile.new(path).read
13
+ # By default, escapes any control characters found in the XML
14
+ # - their use is forbidden in XML 1.0, and highly discouraged
15
+ # in XML 1.1; any found are most likely to be erroneous.
16
+ def read_xml_file(path, preserve_control_chars: false)
17
+ file_data = ensure_utf8!(SafeFile.read(path))
18
+ escape_xml_control_chars!(file_data) unless preserve_control_chars
15
19
 
16
20
  require 'nokogiri'
17
21
 
18
- doc = Nokogiri::XML((ensure_utf8! file_data)) do |config|
19
- config.huge
20
- end
22
+ doc = Nokogiri::XML(file_data, &:huge)
21
23
  doc.encoding = 'UTF-8'
22
24
  emulate_strict_mode_fatal_check!(doc)
23
25
 
@@ -40,11 +42,19 @@ module NdrImport
40
42
  end
41
43
 
42
44
  return unless fatal_errors.any?
45
+
43
46
  raise Nokogiri::XML::SyntaxError, <<~MSG
44
47
  The file had #{fatal_errors.length} fatal error(s)!"
45
48
  #{fatal_errors.join("\n")}
46
49
  MSG
47
50
  end
51
+
52
+ # In place, escape out any control chars that would cause
53
+ # libxml to crash. Very few are allowable in XML 1.0, and
54
+ # remain heavily discouraged in XML 1.1.
55
+ def escape_xml_control_chars!(data)
56
+ escape_control_chars!(data)
57
+ end
48
58
  end
49
59
  end
50
60
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  # This stores the current version of the NdrImport gem
3
3
  module NdrImport
4
- VERSION = '9.1.0'.freeze
4
+ VERSION = '10.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ndr_import
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.1.0
4
+ version: '10.0'
5
5
  platform: ruby
6
6
  authors:
7
7
  - NCRS Development Team
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-02-01 00:00:00.000000000 Z
11
+ date: 2021-02-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel