ndr_import 9.1.0 → 10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/code_safety.yml +14 -10
- data/lib/ndr_import/helpers/file/xml.rb +15 -5
- data/lib/ndr_import/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b98a9642fed703edb02ce4bc18d5c15869f1dd10d0e072866a84a0b6b9529141
|
|
4
|
+
data.tar.gz: 8c4aa215b0e87ca31676a96c703789bfb93d22bf3fa32b44ee7169a4ccfa4607
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: da1b4ae10264ac9a5ff7d09832c979f81608c6e428052bbe1dc403f5d5cc0d9c1f44348b59d02be340cc48a277cf2bfe84f5fd80560f7ebc3b8379b529f65a4f
|
|
7
|
+
data.tar.gz: b969c50b4aec9687571c53f1b49b6798ff65ef2c1d4edeb36ab535e8af59a2387fe8d4a5941ef9c1257686e59c990b30de69a1423779dd8bf77ccfc94bd04786
|
data/CHANGELOG.md
CHANGED
data/code_safety.yml
CHANGED
|
@@ -26,8 +26,8 @@ file safety:
|
|
|
26
26
|
safe_revision: b09e268ff9c8349b914aa1b7ba888e1d39f97e4a
|
|
27
27
|
CHANGELOG.md:
|
|
28
28
|
comments:
|
|
29
|
-
reviewed_by:
|
|
30
|
-
safe_revision:
|
|
29
|
+
reviewed_by: joshpencheon
|
|
30
|
+
safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
|
|
31
31
|
CODE_OF_CONDUCT.md:
|
|
32
32
|
comments:
|
|
33
33
|
reviewed_by: timgentry
|
|
@@ -238,8 +238,8 @@ file safety:
|
|
|
238
238
|
safe_revision: 45da71ebd3acbc0fe53755bcd75483ba17cb6924
|
|
239
239
|
lib/ndr_import/helpers/file/xml.rb:
|
|
240
240
|
comments:
|
|
241
|
-
reviewed_by:
|
|
242
|
-
safe_revision:
|
|
241
|
+
reviewed_by: joshpencheon
|
|
242
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
|
243
243
|
lib/ndr_import/helpers/file/xml_streaming.rb:
|
|
244
244
|
comments: uses SafePath and Shellwords when accessing filesystem, or making system
|
|
245
245
|
calls
|
|
@@ -307,8 +307,8 @@ file safety:
|
|
|
307
307
|
safe_revision: 5cd2cd0b3a1e254d30d4acc28c6731825a1f84f5
|
|
308
308
|
lib/ndr_import/version.rb:
|
|
309
309
|
comments: another check?
|
|
310
|
-
reviewed_by:
|
|
311
|
-
safe_revision:
|
|
310
|
+
reviewed_by: joshpencheon
|
|
311
|
+
safe_revision: 8ba7aae5e4839bed03ddc6837dd657ef7720e8ce
|
|
312
312
|
lib/ndr_import/xml/table.rb:
|
|
313
313
|
comments:
|
|
314
314
|
reviewed_by: josh.pencheon
|
|
@@ -395,8 +395,8 @@ file safety:
|
|
|
395
395
|
safe_revision: ae75fb49baf028ac8ce08e4bedcd3625ff3ff0cd
|
|
396
396
|
test/helpers/file/xml_test.rb:
|
|
397
397
|
comments:
|
|
398
|
-
reviewed_by:
|
|
399
|
-
safe_revision:
|
|
398
|
+
reviewed_by: joshpencheon
|
|
399
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
|
400
400
|
test/helpers/file/zip_test.rb:
|
|
401
401
|
comments:
|
|
402
402
|
reviewed_by: josh.pencheon
|
|
@@ -507,8 +507,8 @@ file safety:
|
|
|
507
507
|
safe_revision: 71979e0a602ca5a0ce415c194f10add9959f0116
|
|
508
508
|
test/resources/malformed.xml:
|
|
509
509
|
comments:
|
|
510
|
-
reviewed_by:
|
|
511
|
-
safe_revision:
|
|
510
|
+
reviewed_by: joshpencheon
|
|
511
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
|
512
512
|
test/resources/malformed_pipe.csv:
|
|
513
513
|
comments:
|
|
514
514
|
reviewed_by: josh.pencheon
|
|
@@ -621,6 +621,10 @@ file safety:
|
|
|
621
621
|
comments:
|
|
622
622
|
reviewed_by: timgentry
|
|
623
623
|
safe_revision: f755c6960182f7dd460c18866cccfdf09178e860
|
|
624
|
+
test/resources/with-control-chars.xml:
|
|
625
|
+
comments:
|
|
626
|
+
reviewed_by: joshpencheon
|
|
627
|
+
safe_revision: 3947f13e0cbd17f449eba292ad343eeb82116fe9
|
|
624
628
|
test/resources/xlsx_file_xls_extension.xls:
|
|
625
629
|
comments:
|
|
626
630
|
reviewed_by: timgentry
|
|
@@ -10,14 +10,16 @@ module NdrImport
|
|
|
10
10
|
|
|
11
11
|
private
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
# By default, escapes any control characters found in the XML
|
|
14
|
+
# - their use is forbidden in XML 1.0, and highly discouraged
|
|
15
|
+
# in XML 1.1; any found are most likely to be erroneous.
|
|
16
|
+
def read_xml_file(path, preserve_control_chars: false)
|
|
17
|
+
file_data = ensure_utf8!(SafeFile.read(path))
|
|
18
|
+
escape_xml_control_chars!(file_data) unless preserve_control_chars
|
|
15
19
|
|
|
16
20
|
require 'nokogiri'
|
|
17
21
|
|
|
18
|
-
doc = Nokogiri::XML(
|
|
19
|
-
config.huge
|
|
20
|
-
end
|
|
22
|
+
doc = Nokogiri::XML(file_data, &:huge)
|
|
21
23
|
doc.encoding = 'UTF-8'
|
|
22
24
|
emulate_strict_mode_fatal_check!(doc)
|
|
23
25
|
|
|
@@ -40,11 +42,19 @@ module NdrImport
|
|
|
40
42
|
end
|
|
41
43
|
|
|
42
44
|
return unless fatal_errors.any?
|
|
45
|
+
|
|
43
46
|
raise Nokogiri::XML::SyntaxError, <<~MSG
|
|
44
47
|
The file had #{fatal_errors.length} fatal error(s)!"
|
|
45
48
|
#{fatal_errors.join("\n")}
|
|
46
49
|
MSG
|
|
47
50
|
end
|
|
51
|
+
|
|
52
|
+
# In place, escape out any control chars that would cause
|
|
53
|
+
# libxml to crash. Very few are allowable in XML 1.0, and
|
|
54
|
+
# remain heavily discouraged in XML 1.1.
|
|
55
|
+
def escape_xml_control_chars!(data)
|
|
56
|
+
escape_control_chars!(data)
|
|
57
|
+
end
|
|
48
58
|
end
|
|
49
59
|
end
|
|
50
60
|
end
|
data/lib/ndr_import/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ndr_import
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: '10.0'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NCRS Development Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activemodel
|