rexml 3.3.6 → 3.3.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rexml might be problematic. Click here for more details.

Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/NEWS.md +43 -0
  3. data/lib/rexml/attribute.rb +3 -2
  4. data/lib/rexml/document.rb +5 -1
  5. data/lib/rexml/entity.rb +5 -2
  6. data/lib/rexml/parsers/baseparser.rb +9 -4
  7. data/lib/rexml/parsers/pullparser.rb +8 -0
  8. data/lib/rexml/parsers/sax2parser.rb +10 -0
  9. data/lib/rexml/parsers/streamparser.rb +8 -0
  10. data/lib/rexml/rexml.rb +1 -1
  11. data/lib/rexml/text.rb +5 -3
  12. metadata +4 -18
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b79c22060286dad847e18d30b4b336bda21d2772ccb35413fb9ba51a0012ed2
4
- data.tar.gz: feb56a4a3071541e983acd33b8baa6b9052f8d67d871102cfe6e69773a0cfcfe
3
+ metadata.gz: 84b42219a4278ab15e7ee7627951d0b94dddc707cbf9563799b3266d02ed32db
4
+ data.tar.gz: 4895e6f04d100a2affc8d5c6af4c6dfec5ec4d0d863f8d22de1c66da1d253c61
5
5
  SHA512:
6
- metadata.gz: b615c95f8624212e151443ad03ba9b64f39aee8a200ea212150a10116340157cfda1bf974ab3d03161c0fb37d866e8c1c69ccc6a9549a13398452b32166af2d8
7
- data.tar.gz: db7dcac658e1f51f30575c24d6f36dc256349331fa1951c8fdfaf214baf97a5a446a1fcc411358a76d2c6fc36388ec8b1178adeacc3225d16d5d95ac53a8c4b3
6
+ metadata.gz: 7729c31da310e2fb7c96cc3a5bd5b981fefdcdae6fe545bf2d113d91af5862fbb51789e9289b91e4247963169900b0cdccc373ffeea6ca3f935b2e32bab1e2e4
7
+ data.tar.gz: 542f689b7cd27b5c71aeb6845e5af2ac28186e31a98af8c45e984ce6ca563192b2a74e50b6acd95f1fde49ed6289bf9024bfd6612608455038a22e66c6b3a75b
data/NEWS.md CHANGED
@@ -1,5 +1,48 @@
1
1
  # News
2
2
 
3
+ ## 3.3.8 - 2024-09-29 {#version-3-3-8}
4
+
5
+ ### Improvements
6
+
7
+ * SAX2: Improve parse performance.
8
+ * GH-207
9
+ * Patch by NAITOH Jun.
10
+
11
+ ### Fixes
12
+
13
+ * Fixed a bug that unexpected attribute namespace conflict error for
14
+ the predefined "xml" namespace is reported.
15
+ * GH-208
16
+ * Patch by KITAITI Makoto
17
+
18
+ ### Thanks
19
+
20
+ * NAITOH Jun
21
+
22
+ * KITAITI Makoto
23
+
24
+ ## 3.3.7 - 2024-09-04 {#version-3-3-7}
25
+
26
+ ### Improvements
27
+
28
+ * Added local entity expansion limit methods
29
+ * GH-192
30
+ * GH-202
31
+ * Reported by takuya kodama.
32
+ * Patch by NAITOH Jun.
33
+
34
+ * Removed explicit strscan dependency
35
+ * GH-204
36
+ * Patch by Bo Anderson.
37
+
38
+ ### Thanks
39
+
40
+ * takuya kodama
41
+
42
+ * NAITOH Jun
43
+
44
+ * Bo Anderson
45
+
3
46
  ## 3.3.6 - 2024-08-22 {#version-3-3-6}
4
47
 
5
48
  ### Improvements
data/lib/rexml/attribute.rb CHANGED
@@ -148,8 +148,9 @@ module REXML
148
148
  # have been expanded to their values
149
149
  def value
150
150
  return @unnormalized if @unnormalized
151
- @unnormalized = Text::unnormalize( @normalized, doctype )
152
- @unnormalized
151
+
152
+ @unnormalized = Text::unnormalize(@normalized, doctype,
153
+ entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
153
154
  end
154
155
 
155
156
  # The normalized value of this attribute. That is, the attribute with
data/lib/rexml/document.rb CHANGED
@@ -91,6 +91,8 @@ module REXML
91
91
  #
92
92
  def initialize( source = nil, context = {} )
93
93
  @entity_expansion_count = 0
94
+ @entity_expansion_limit = Security.entity_expansion_limit
95
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
94
96
  super()
95
97
  @context = context
96
98
  return if source.nil?
@@ -431,10 +433,12 @@ module REXML
431
433
  end
432
434
 
433
435
  attr_reader :entity_expansion_count
436
+ attr_writer :entity_expansion_limit
437
+ attr_accessor :entity_expansion_text_limit
434
438
 
435
439
  def record_entity_expansion
436
440
  @entity_expansion_count += 1
437
- if @entity_expansion_count > Security.entity_expansion_limit
441
+ if @entity_expansion_count > @entity_expansion_limit
438
442
  raise "number of entity expansions exceeded, processing aborted."
439
443
  end
440
444
  end
data/lib/rexml/entity.rb CHANGED
@@ -71,9 +71,12 @@ module REXML
71
71
  # Evaluates to the unnormalized value of this entity; that is, replacing
72
72
  # &ent; entities.
73
73
  def unnormalized
74
- document.record_entity_expansion unless document.nil?
74
+ document&.record_entity_expansion
75
+
75
76
  return nil if @value.nil?
76
- @unnormalized = Text::unnormalize(@value, parent)
77
+
78
+ @unnormalized = Text::unnormalize(@value, parent,
79
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
77
80
  end
78
81
 
79
82
  #once :unnormalized
data/lib/rexml/parsers/baseparser.rb CHANGED
@@ -156,6 +156,7 @@ module REXML
156
156
  default_entities.each do |term|
157
157
  DEFAULT_ENTITIES_PATTERNS[term] = /&#{term};/
158
158
  end
159
+ XML_PREFIXED_NAMESPACE = "http://www.w3.org/XML/1998/namespace"
159
160
  end
160
161
  private_constant :Private
161
162
 
@@ -164,6 +165,8 @@ module REXML
164
165
  @listeners = []
165
166
  @prefixes = Set.new
166
167
  @entity_expansion_count = 0
168
+ @entity_expansion_limit = Security.entity_expansion_limit
169
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
167
170
  end
168
171
 
169
172
  def add_listener( listener )
@@ -172,6 +175,8 @@ module REXML
172
175
 
173
176
  attr_reader :source
174
177
  attr_reader :entity_expansion_count
178
+ attr_writer :entity_expansion_limit
179
+ attr_writer :entity_expansion_text_limit
175
180
 
176
181
  def stream=( source )
177
182
  @source = SourceFactory.create_from( source )
@@ -181,7 +186,7 @@ module REXML
181
186
  @tags = []
182
187
  @stack = []
183
188
  @entities = []
184
- @namespaces = {}
189
+ @namespaces = {"xml" => Private::XML_PREFIXED_NAMESPACE}
185
190
  @namespaces_restore_stack = []
186
191
  end
187
192
 
@@ -585,7 +590,7 @@ module REXML
585
590
  end
586
591
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
587
592
  rv.gsub!( re, entity_value )
588
- if rv.bytesize > Security.entity_expansion_text_limit
593
+ if rv.bytesize > @entity_expansion_text_limit
589
594
  raise "entity expansion has grown too large"
590
595
  end
591
596
  else
@@ -627,7 +632,7 @@ module REXML
627
632
 
628
633
  def record_entity_expansion(delta=1)
629
634
  @entity_expansion_count += delta
630
- if @entity_expansion_count > Security.entity_expansion_limit
635
+ if @entity_expansion_count > @entity_expansion_limit
631
636
  raise "number of entity expansions exceeded, processing aborted."
632
637
  end
633
638
  end
@@ -786,7 +791,7 @@ module REXML
786
791
  @source.match(/\s*/um, true)
787
792
  if prefix == "xmlns"
788
793
  if local_part == "xml"
789
- if value != "http://www.w3.org/XML/1998/namespace"
794
+ if value != Private::XML_PREFIXED_NAMESPACE
790
795
  msg = "The 'xml' prefix must not be bound to any other namespace "+
791
796
  "(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
792
797
  raise REXML::ParseException.new( msg, @source, self )
data/lib/rexml/parsers/pullparser.rb CHANGED
@@ -51,6 +51,14 @@ module REXML
51
51
  @parser.entity_expansion_count
52
52
  end
53
53
 
54
+ def entity_expansion_limit=( limit )
55
+ @parser.entity_expansion_limit = limit
56
+ end
57
+
58
+ def entity_expansion_text_limit=( limit )
59
+ @parser.entity_expansion_text_limit = limit
60
+ end
61
+
54
62
  def each
55
63
  while has_next?
56
64
  yield self.pull
data/lib/rexml/parsers/sax2parser.rb CHANGED
@@ -26,6 +26,14 @@ module REXML
26
26
  @parser.entity_expansion_count
27
27
  end
28
28
 
29
+ def entity_expansion_limit=( limit )
30
+ @parser.entity_expansion_limit = limit
31
+ end
32
+
33
+ def entity_expansion_text_limit=( limit )
34
+ @parser.entity_expansion_text_limit = limit
35
+ end
36
+
29
37
  def add_listener( listener )
30
38
  @parser.add_listener( listener )
31
39
  end
@@ -251,6 +259,8 @@ module REXML
251
259
  end
252
260
 
253
261
  def get_namespace( prefix )
262
+ return nil if @namespace_stack.empty?
263
+
254
264
  uris = (@namespace_stack.find_all { |ns| not ns[prefix].nil? }) ||
255
265
  (@namespace_stack.find { |ns| not ns[nil].nil? })
256
266
  uris[-1][prefix] unless uris.nil? or 0 == uris.size
data/lib/rexml/parsers/streamparser.rb CHANGED
@@ -18,6 +18,14 @@ module REXML
18
18
  @parser.entity_expansion_count
19
19
  end
20
20
 
21
+ def entity_expansion_limit=( limit )
22
+ @parser.entity_expansion_limit = limit
23
+ end
24
+
25
+ def entity_expansion_text_limit=( limit )
26
+ @parser.entity_expansion_text_limit = limit
27
+ end
28
+
21
29
  def parse
22
30
  # entity string
23
31
  while true
data/lib/rexml/rexml.rb CHANGED
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.6"
34
+ VERSION = "3.3.8"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
data/lib/rexml/text.rb CHANGED
@@ -268,7 +268,8 @@ module REXML
268
268
  # u = Text.new( "sean russell", false, nil, true )
269
269
  # u.value #-> "sean russell"
270
270
  def value
271
- @unnormalized ||= Text::unnormalize( @string, doctype )
271
+ @unnormalized ||= Text::unnormalize(@string, doctype,
272
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
272
273
  end
273
274
 
274
275
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +412,12 @@ module REXML
411
412
  end
412
413
 
413
414
  # Unescapes all possible entities
414
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
415
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
416
+ entity_expansion_text_limit ||= Security.entity_expansion_text_limit
415
417
  sum = 0
416
418
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
417
419
  s = Text.expand($&, doctype, filter)
418
- if sum + s.bytesize > Security.entity_expansion_text_limit
420
+ if sum + s.bytesize > entity_expansion_text_limit
419
421
  raise "entity expansion has grown too large"
420
422
  else
421
423
  sum += s.bytesize
metadata CHANGED
@@ -1,28 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rexml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.6
4
+ version: 3.3.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kouhei Sutou
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2024-08-22 00:00:00.000000000 Z
11
- dependencies:
12
- - !ruby/object:Gem::Dependency
13
- name: strscan
14
- requirement: !ruby/object:Gem::Requirement
15
- requirements:
16
- - - ">="
17
- - !ruby/object:Gem::Version
18
- version: '0'
19
- type: :runtime
20
- prerelease: false
21
- version_requirements: !ruby/object:Gem::Requirement
22
- requirements:
23
- - - ">="
24
- - !ruby/object:Gem::Version
25
- version: '0'
10
+ date: 2024-09-29 00:00:00.000000000 Z
11
+ dependencies: []
26
12
  description: An XML toolkit for Ruby
27
13
  email:
28
14
  - kou@cozmixng.org
@@ -116,7 +102,7 @@ homepage: https://github.com/ruby/rexml
116
102
  licenses:
117
103
  - BSD-2-Clause
118
104
  metadata:
119
- changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.6
105
+ changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.8
120
106
  rdoc_options:
121
107
  - "--main"
122
108
  - README.md