ndr_import 9.1.0 → 10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/code_safety.yml +14 -10
- data/lib/ndr_import/helpers/file/xml.rb +15 -5
- data/lib/ndr_import/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b98a9642fed703edb02ce4bc18d5c15869f1dd10d0e072866a84a0b6b9529141
|
4
|
+
data.tar.gz: 8c4aa215b0e87ca31676a96c703789bfb93d22bf3fa32b44ee7169a4ccfa4607
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: da1b4ae10264ac9a5ff7d09832c979f81608c6e428052bbe1dc403f5d5cc0d9c1f44348b59d02be340cc48a277cf2bfe84f5fd80560f7ebc3b8379b529f65a4f
|
7
|
+
data.tar.gz: b969c50b4aec9687571c53f1b49b6798ff65ef2c1d4edeb36ab535e8af59a2387fe8d4a5941ef9c1257686e59c990b30de69a1423779dd8bf77ccfc94bd04786
|
data/CHANGELOG.md
CHANGED
data/code_safety.yml
CHANGED
@@ -26,8 +26,8 @@ file safety:
|
|
26
26
|
safe_revision: b09e268ff9c8349b914aa1b7ba888e1d39f97e4a
|
27
27
|
CHANGELOG.md:
|
28
28
|
comments:
|
29
|
-
reviewed_by:
|
30
|
-
safe_revision:
|
29
|
+
reviewed_by: joshpencheon
|
30
|
+
safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
|
31
31
|
CODE_OF_CONDUCT.md:
|
32
32
|
comments:
|
33
33
|
reviewed_by: timgentry
|
@@ -238,8 +238,8 @@ file safety:
|
|
238
238
|
safe_revision: 45da71ebd3acbc0fe53755bcd75483ba17cb6924
|
239
239
|
lib/ndr_import/helpers/file/xml.rb:
|
240
240
|
comments:
|
241
|
-
reviewed_by:
|
242
|
-
safe_revision:
|
241
|
+
reviewed_by: joshpencheon
|
242
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
243
243
|
lib/ndr_import/helpers/file/xml_streaming.rb:
|
244
244
|
comments: uses SafePath and Shellwords when accessing filesystem, or making system
|
245
245
|
calls
|
@@ -307,8 +307,8 @@ file safety:
|
|
307
307
|
safe_revision: 5cd2cd0b3a1e254d30d4acc28c6731825a1f84f5
|
308
308
|
lib/ndr_import/version.rb:
|
309
309
|
comments: another check?
|
310
|
-
reviewed_by:
|
311
|
-
safe_revision:
|
310
|
+
reviewed_by: joshpencheon
|
311
|
+
safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
|
312
312
|
lib/ndr_import/xml/table.rb:
|
313
313
|
comments:
|
314
314
|
reviewed_by: josh.pencheon
|
@@ -395,8 +395,8 @@ file safety:
|
|
395
395
|
safe_revision: ae75fb49baf028ac8ce08e4bedcd3625ff3ff0cd
|
396
396
|
test/helpers/file/xml_test.rb:
|
397
397
|
comments:
|
398
|
-
reviewed_by:
|
399
|
-
safe_revision:
|
398
|
+
reviewed_by: joshpencheon
|
399
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
400
400
|
test/helpers/file/zip_test.rb:
|
401
401
|
comments:
|
402
402
|
reviewed_by: josh.pencheon
|
@@ -507,8 +507,8 @@ file safety:
|
|
507
507
|
safe_revision: 71979e0a602ca5a0ce415c194f10add9959f0116
|
508
508
|
test/resources/malformed.xml:
|
509
509
|
comments:
|
510
|
-
reviewed_by:
|
511
|
-
safe_revision:
|
510
|
+
reviewed_by: joshpencheon
|
511
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
512
512
|
test/resources/malformed_pipe.csv:
|
513
513
|
comments:
|
514
514
|
reviewed_by: josh.pencheon
|
@@ -621,6 +621,10 @@ file safety:
|
|
621
621
|
comments:
|
622
622
|
reviewed_by: timgentry
|
623
623
|
safe_revision: f755c6960182f7dd460c18866cccfdf09178e860
|
624
|
+
test/resources/with-control-chars.xml:
|
625
|
+
comments:
|
626
|
+
reviewed_by: joshpencheon
|
627
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
624
628
|
test/resources/xlsx_file_xls_extension.xls:
|
625
629
|
comments:
|
626
630
|
reviewed_by: timgentry
|
@@ -10,14 +10,16 @@ module NdrImport
|
|
10
10
|
|
11
11
|
private
|
12
12
|
|
13
|
-
|
14
|
-
|
13
|
+
# By default, escapes any control characters found in the XML
|
14
|
+
# - their use is forbidden in XML 1.0, and highly discouraged
|
15
|
+
# in XML 1.1; any found are most likely to be erroneous.
|
16
|
+
def read_xml_file(path, preserve_control_chars: false)
|
17
|
+
file_data = ensure_utf8!(SafeFile.read(path))
|
18
|
+
escape_xml_control_chars!(file_data) unless preserve_control_chars
|
15
19
|
|
16
20
|
require 'nokogiri'
|
17
21
|
|
18
|
-
doc = Nokogiri::XML(
|
19
|
-
config.huge
|
20
|
-
end
|
22
|
+
doc = Nokogiri::XML(file_data, &:huge)
|
21
23
|
doc.encoding = 'UTF-8'
|
22
24
|
emulate_strict_mode_fatal_check!(doc)
|
23
25
|
|
@@ -40,11 +42,19 @@ module NdrImport
|
|
40
42
|
end
|
41
43
|
|
42
44
|
return unless fatal_errors.any?
|
45
|
+
|
43
46
|
raise Nokogiri::XML::SyntaxError, <<~MSG
|
44
47
|
The file had #{fatal_errors.length} fatal error(s)!"
|
45
48
|
#{fatal_errors.join("\n")}
|
46
49
|
MSG
|
47
50
|
end
|
51
|
+
|
52
|
+
# In place, escape out any control chars that would cause
|
53
|
+
# libxml to crash. Very few are allowable in XML 1.0, and
|
54
|
+
# remain heavily discouraged in XML 1.1.
|
55
|
+
def escape_xml_control_chars!(data)
|
56
|
+
escape_control_chars!(data)
|
57
|
+
end
|
48
58
|
end
|
49
59
|
end
|
50
60
|
end
|
data/lib/ndr_import/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ndr_import
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: '10.0'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- NCRS Development Team
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-02-
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|