nokogiri 1.19.2-aarch64-linux-gnu → 1.19.3-aarch64-linux-gnu

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f749210d7724d8084e0588681c74c8a3b06d827556fd51ab7005af47fa94383c
-  data.tar.gz: e67bd0727cf6551ac08d6b0b373b9b5fed5878dd7793f8a92e6bd282c6c7c367
+  metadata.gz: ef67c67345d63d916b9f8785718c985d0900a409864833df3d3a7e76ca9a7943
+  data.tar.gz: 6c055b94cee733a2d0c5b6879b54765864431254a8d66ffd862fc56f6370384c
 SHA512:
-  metadata.gz: 0de1fdf5a00c5f9e44c52822989c0adcfbd4ede8cdf0ef05cc5b2186b799820069cfe4ab48442b2a3b4e5c17d5411299840615eea029fec602649804e35564b0
-  data.tar.gz: b6c6dd937024298ca3bcba4889dc07491a8dbfaa9a32dbe1b486ef096d83c71b15cda5d29c25f5da3eada733ce228a23841f4529259d821bdb66293267b16ae5
+  metadata.gz: 17f5baed7e4e7e3e4805d7a315d525e460826fbc9f2791fd3d2410c9efed45b30f98da5252f671ea61c066b8d811272ac31fe29457ec975493c6e6885c028eb4
+  data.tar.gz: 2fe92e99719ad08363137065b3a4a635ccf6a4ba1149c208e9f52800bb7e35c76a7c29191e74e3711cbffacf9751921055b56821443b6dc0d52c4afe3a7471e2

data/ext/nokogiri/xslt_stylesheet.c

@@ -133,6 +133,35 @@ rb_xslt_stylesheet_serialize(VALUE self, VALUE xmlobj)
   return rval ;
 }
 
+
+/*
+ * Build the C-string params array passed to xsltApplyStylesheet.
+ *
+ * Note: params[j] is a raw pointer into a Ruby string's buffer, and we do not pin the underlying
+ * VALUEs against GC compaction. This is safe (despite not pinning the VALUEs) because libxslt fully
+ * processes params (interning names, evaluating values) before template execution begins, and Ruby
+ * callbacks can only run during template execution. By the time GC compaction is reachable, libxslt
+ * no longer reads params[].
+ */
+typedef struct {
+  VALUE rb_param;
+  long param_len;
+  const char **params;
+} build_xslt_params_args_t;
+
+static VALUE
+build_xslt_params(VALUE args_ptr)
+{
+  build_xslt_params_args_t *args = (build_xslt_params_args_t *)args_ptr;
+
+  for (long j = 0; j < args->param_len; j++) {
+    VALUE entry = rb_ary_entry(args->rb_param, j);
+    args->params[j] = StringValueCStr(entry);
+  }
+
+  return Qnil;
+}
+
 /*
  * call-seq:
  *   transform(document)
@@ -254,7 +283,7 @@ rb_xslt_stylesheet_transform(int argc, VALUE *argv, VALUE self)
   xmlDocPtr c_result_document ;
   nokogiriXsltStylesheetTuple *wrapper;
   const char **params ;
-  long param_len, j ;
+  long param_len ;
   int parse_error_occurred ;
   int defensive_copy_p = 0;
 
@@ -277,10 +306,17 @@ rb_xslt_stylesheet_transform(int argc, VALUE *argv, VALUE self)
 
   param_len = RARRAY_LEN(rb_param);
   params = ruby_xcalloc((size_t)param_len + 1, sizeof(char *));
-  for (j = 0 ; j < param_len ; j++) {
-    VALUE entry = rb_ary_entry(rb_param, j);
-    const char *ptr = StringValueCStr(entry);
-    params[j] = ptr;
+  {
+    // populate params under rb_protect so that a raise from StringValueCStr
+    // (e.g. on a null byte) does not leak the params allocation.
+    build_xslt_params_args_t args = { rb_param, param_len, params };
+    int state = 0;
+
+    rb_protect(build_xslt_params, (VALUE)&args, &state);
+    if (state) {
+      ruby_xfree(params);
+      rb_jump_tag(state);
+    }
   }
   params[param_len] = 0 ;
 

data/lib/nokogiri/css/tokenizer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 #--
 # DO NOT MODIFY!!!!
-# This file is automatically generated by rex 1.0.7
+# This file is automatically generated by rex 1.0.8
 # from lexical definition file "lib/nokogiri/css/tokenizer.rex".
 #++
 
@@ -63,13 +63,13 @@ class Tokenizer
                   when (text = @ss.scan(/has\([\s]*/))
                      action { [:HAS, text] }
 
-                  when (text = @ss.scan(/-?([_A-Za-z]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))([_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*\([\s]*/))
+                  when (text = @ss.scan(/-?(?>[_A-Za-z]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))(?>[_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*\([\s]*/))
                      action { [:FUNCTION, text] }
 
-                  when (text = @ss.scan(/-?([_A-Za-z]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))([_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*/))
+                  when (text = @ss.scan(/-?(?>[_A-Za-z]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))(?>[_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*/))
                      action { [:IDENT, text] }
 
-                  when (text = @ss.scan(/\#([_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))+/))
+                  when (text = @ss.scan(/\#(?>[_A-Za-z0-9-]|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))+/))
                      action { [:HASH, text] }
 
                   when (text = @ss.scan(/[\s]*~=[\s]*/))
@@ -132,7 +132,7 @@ class Tokenizer
                   when (text = @ss.scan(/[\s]+/))
                      action { [:S, text] }
 
-                  when (text = @ss.scan(/("([^\n\r\f"]|(\n|\r\n|\r|\f)|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*(?<!\\)(?:\\{2})*"|'([^\n\r\f']|(\n|\r\n|\r|\f)|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*(?<!\\)(?:\\{2})*')/))
+                  when (text = @ss.scan(/("(?>[^\n\r\f"\\]|\\?(\n|\r\n|\r|\f)|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*"|'(?>[^\n\r\f'\\]|\\?(\n|\r\n|\r|\f)|[^\0-\177]|(\\[0-9A-Fa-f]{1,6}(\r\n|[\s])?|\\[^\n\r\f0-9A-Fa-f]))*')/))
                      action { [:STRING, text] }
 
                   when (text = @ss.scan(/./))

data/lib/nokogiri/css/tokenizer.rex

@@ -11,13 +11,13 @@ macro
   unicode   \\[0-9A-Fa-f]{1,6}(\r\n|[\s])?
 
   escape    ({unicode}|\\[^\n\r\f0-9A-Fa-f])
-  nmchar    ([_A-Za-z0-9-]|{nonascii}|{escape})
-  nmstart   ([_A-Za-z]|{nonascii}|{escape})
+  nmchar    (?>[_A-Za-z0-9-]|{nonascii}|{escape})
+  nmstart   (?>[_A-Za-z]|{nonascii}|{escape})
   name      {nmstart}{nmchar}*
   ident     -?{name}
   charref   {nmchar}+
-  string1   "([^\n\r\f"]|{nl}|{nonascii}|{escape})*(?<!\\)(?:\\{2})*"
-  string2   '([^\n\r\f']|{nl}|{nonascii}|{escape})*(?<!\\)(?:\\{2})*'
+  string1   "(?>[^\n\r\f"\\]|\\?{nl}|{nonascii}|{escape})*"
+  string2   '(?>[^\n\r\f'\\]|\\?{nl}|{nonascii}|{escape})*'
   string    ({string1}|{string2})
 
 rule

data/lib/nokogiri/version/constant.rb

@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.19.2"
+  VERSION = "1.19.3"
 end

data/lib/nokogiri/xml/parse_options.rb

@@ -76,12 +76,12 @@ module Nokogiri
       #
       # ⚠ This option enables entity substitution, contrary to what the name implies.
       #
-      # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
+      # 🛡 <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
       NOENT       = 1 << 1
 
       # Load external subsets. On by default for XSLT::Stylesheet.
       #
-      # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
+      # 🛡 <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
       DTDLOAD     = 1 << 2
 
       # Default DTD attributes. On by default for XSLT::Stylesheet.
@@ -111,7 +111,7 @@ module Nokogiri
       # Forbid network access. On by default for XML::Document, XML::DocumentFragment,
       # HTML4::Document, HTML4::DocumentFragment, XSLT::Stylesheet, and XML::Schema.
       #
-      # ⚠ <b>It is UNSAFE to unset this option</b> when parsing untrusted documents.
+      # 🛡 <b>It is UNSAFE to unset this option</b> when parsing untrusted documents.
       NONET       = 1 << 11
 
       # Do not reuse the context dictionary. Off by default.
@@ -128,8 +128,7 @@ module Nokogiri
 
       # Compact small text nodes. Off by default.
       #
-      # ⚠ No modification of the DOM tree is allowed after parsing. libxml2 may crash if you try to
-      # modify the tree.
+      # ⚠ No modification of the DOM tree is allowed after parsing.
       COMPACT     = 1 << 16
 
       # Parse using XML-1.0 before update 5. Off by default
@@ -140,7 +139,7 @@ module Nokogiri
 
       # Relax any hardcoded limit from the parser. Off by default.
       #
-      # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
+      # 🛡 <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
       HUGE        = 1 << 19
 
       # Support line numbers up to <code>long int</code> (default is a <code>short int</code>). On
@@ -151,7 +150,12 @@ module Nokogiri
       # The options mask used by default for parsing XML::Document and XML::DocumentFragment
       DEFAULT_XML  = RECOVER | NONET | BIG_LINES
 
-      # The options mask used by default used for parsing XSLT::Stylesheet
+      # Shorthand options mask useful for parsing XSLT stylesheets:
+      # sets RECOVER, NONET, NOENT, DTDLOAD, DTDATTR, NOCDATA, BIG_LINES.
+      #
+      # 🛡 This option set includes `NOENT` and `DTDLOAD` which are unsafe for untrusted
+      # documents. <b>Do not parse untrusted XSLT stylesheets.</b> See Nokogiri::XSLT for more
+      # information.
       DEFAULT_XSLT = RECOVER | NONET | NOENT | DTDLOAD | DTDATTR | NOCDATA | BIG_LINES
 
       # The options mask used by default used for parsing HTML4::Document and HTML4::DocumentFragment

data/lib/nokogiri/xml/sax/document.rb

@@ -39,7 +39,7 @@ module Nokogiri
       # of ParserContext#replace_entities. (Recall that the default value of
       # ParserContext#replace_entities is `false`.)
       #
-      # ⚠ <b>It is UNSAFE to set ParserContext#replace_entities to `true`</b> when parsing untrusted
+      # 🛡 <b>It is UNSAFE to set ParserContext#replace_entities to `true`</b> when parsing untrusted
       # documents.
       #
       # 💡 For more information on entity types, see [Wikipedia's page on

data/lib/nokogiri/xslt/stylesheet.rb

@@ -3,15 +3,20 @@
 module Nokogiri
   module XSLT
     ###
-    # A Stylesheet represents an XSLT Stylesheet object.  Stylesheet creation
-    # is done through Nokogiri.XSLT.  Here is an example of transforming
-    # an XML::Document with a Stylesheet:
+    # A Stylesheet represents an XSLT Stylesheet object. Stylesheet creation is done through
+    # Nokogiri::XSLT.parse (or the convenience method Nokogiri.XSLT). Here is an example of
+    # transforming an XML::Document with a Stylesheet:
     #
     #   doc   = Nokogiri::XML(File.read('some_file.xml'))
     #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
     #
     #   xslt.transform(doc) # => Nokogiri::XML::Document
     #
+    # 🛡 <b>This class does not support execution of untrusted stylesheets.</b> An untrusted
+    # stylesheet may consume a large amount of CPU, memory, or other system resources during
+    # transformation, and IO and file access are not restricted. See Nokogiri::XSLT for more
+    # information about the security implications of untrusted stylesheets.
+    #
     # Many XSLT transformations include serialization behavior to emit a non-XML document. For these
     # cases, please take care to invoke the #serialize method on the result of the transformation:
     #

data/lib/nokogiri/xslt.rb

@@ -10,8 +10,14 @@ module Nokogiri
   end
 
   ###
-  # See Nokogiri::XSLT::Stylesheet for creating and manipulating
-  # Stylesheet object.
+  # See Nokogiri::XSLT::Stylesheet for creating and manipulating Stylesheet objects.
+  #
+  # 🛡 <b>Do not use this module for untrusted stylesheet documents.</b> libxslt does not support
+  # safely processing untrusted stylesheets. Untrusted stylesheets may access the file system and
+  # network, consume large amounts of CPU, memory, or other system resources, and IO and file
+  # access are not restricted. Additionally, the stylesheet is parsed by libxml2 with +NOENT+ and
+  # +DTDLOAD+ enabled (see ParseOptions::DEFAULT_XSLT), meaning that <b>external entities will be
+  # resolved and external subsets will be loaded</b> during parsing.
   module XSLT
     class << self
       # :call-seq:
@@ -20,6 +26,9 @@ module Nokogiri
       #
       # Parse the stylesheet in +xsl+, registering optional +modules+ as custom class handlers.
       #
+      # 🛡 <b>Do not pass untrusted stylesheet content to this method.</b> See Nokogiri::XSLT for more
+      # information.
+      #
       # [Parameters]
       # - +xsl+ (String) XSL content to be parsed into a stylesheet
       # - +modules+ (Hash<String ⇒ Class>) A hash of URI-to-handler relations for linking a

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.19.2
+  version: 1.19.3
 platform: aarch64-linux-gnu
 authors:
 - Mike Dalessio