rexml-expansion-fix 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/rexml-expansion-fix.rb +7 -1
- data/rexml-expansion-fix.gemspec +6 -6
- metadata +6 -6
data/lib/rexml-expansion-fix.rb
CHANGED
@@ -18,7 +18,13 @@ require 'rexml/entity'
|
|
18
18
|
module REXML
|
19
19
|
class Entity < Child
|
20
20
|
def unnormalized
|
21
|
-
|
21
|
+
# Due to an optimisation in REXML, the default entities aren't
|
22
|
+
# associated with a document. As these enties are defined and
|
23
|
+
# not recursive, we know that expanding them won't cause any
|
24
|
+
# issues. Other entities in the document will still have
|
25
|
+
# the association to the document preventing this from opening
|
26
|
+
# a new attack vector.
|
27
|
+
document.record_entity_expansion! if document
|
22
28
|
v = value()
|
23
29
|
return nil if v.nil?
|
24
30
|
@unnormalized = Text::unnormalize(v, parent)
|
data/rexml-expansion-fix.gemspec
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = "rexml-expansion-fix"
|
3
|
-
s.version = "1.0.
|
4
|
-
s.date = "2008-08-
|
3
|
+
s.version = "1.0.1"
|
4
|
+
s.date = "2008-08-31"
|
5
5
|
s.summary = "Prevents potentitial DoS attacks to rexml"
|
6
|
-
s.email = "
|
7
|
-
s.homepage = "http://github.com/
|
8
|
-
s.description = "Prevents"
|
9
|
-
s.has_rdoc =
|
6
|
+
s.email = "michael@koziarski.com"
|
7
|
+
s.homepage = "http://github.com/NZKoz/rexml-expansion-fix"
|
8
|
+
s.description = "Prevents DoS attacks using the billion-laughs or entity-explosion techniques."
|
9
|
+
s.has_rdoc = false
|
10
10
|
s.authors = ["Michael Koziarski"]
|
11
11
|
s.files = ["README.textile",
|
12
12
|
"LICENSE",
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rexml-expansion-fix
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Koziarski
|
@@ -9,12 +9,12 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-08-
|
12
|
+
date: 2008-08-31 00:00:00 +02:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|
16
|
-
description: Prevents
|
17
|
-
email:
|
16
|
+
description: Prevents DoS attacks using the billion-laughs or entity-explosion techniques.
|
17
|
+
email: michael@koziarski.com
|
18
18
|
executables: []
|
19
19
|
|
20
20
|
extensions: []
|
@@ -27,8 +27,8 @@ files:
|
|
27
27
|
- example.xml
|
28
28
|
- rexml-expansion-fix.gemspec
|
29
29
|
- lib/rexml-expansion-fix.rb
|
30
|
-
has_rdoc:
|
31
|
-
homepage: http://github.com/
|
30
|
+
has_rdoc: false
|
31
|
+
homepage: http://github.com/NZKoz/rexml-expansion-fix
|
32
32
|
post_install_message:
|
33
33
|
rdoc_options: []
|
34
34
|
|