rexml 3.3.6 → 3.3.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/NEWS.md +64 -0
  3. data/lib/rexml/attribute.rb +3 -2
  4. data/lib/rexml/document.rb +5 -1
  5. data/lib/rexml/entity.rb +5 -2
  6. data/lib/rexml/parsers/baseparser.rb +17 -7
  7. data/lib/rexml/parsers/pullparser.rb +8 -0
  8. data/lib/rexml/parsers/sax2parser.rb +10 -0
  9. data/lib/rexml/parsers/streamparser.rb +8 -0
  10. data/lib/rexml/rexml.rb +1 -1
  11. data/lib/rexml/source.rb +8 -2
  12. data/lib/rexml/text.rb +5 -3
  13. metadata +4 -18
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b79c22060286dad847e18d30b4b336bda21d2772ccb35413fb9ba51a0012ed2
4
- data.tar.gz: feb56a4a3071541e983acd33b8baa6b9052f8d67d871102cfe6e69773a0cfcfe
3
+ metadata.gz: 9d8de4465de1e9548d66ad026772932f724b9747dc8b1c62960d8efeaeaa8412
4
+ data.tar.gz: 1cb29aaa36dcef98ba8bd4e9fa249959405f67fdb6bed54d12b466fdf43f57af
5
5
  SHA512:
6
- metadata.gz: b615c95f8624212e151443ad03ba9b64f39aee8a200ea212150a10116340157cfda1bf974ab3d03161c0fb37d866e8c1c69ccc6a9549a13398452b32166af2d8
7
- data.tar.gz: db7dcac658e1f51f30575c24d6f36dc256349331fa1951c8fdfaf214baf97a5a446a1fcc411358a76d2c6fc36388ec8b1178adeacc3225d16d5d95ac53a8c4b3
6
+ metadata.gz: 78c881a10f12e46e1b6710d6ec75e42e4311c233376a7587756bc098063d21f52a4d82bcac8201001bf7e39079b3db4015482dae5b4ba46e561ef75fa15b15a0
7
+ data.tar.gz: 8d7a4b94937ce7b0bdf6ed83152fe207098dfe45333498a64e50d5fe9a686dffa2f66913c1edf265470b2b6a04cfae20857f1cffa404c278249784eeb533d594
data/NEWS.md CHANGED
@@ -1,5 +1,69 @@
1
1
  # News
2
2
 
3
+ ## 3.3.9 - 2024-10-24 {#version-3-3-9}
4
+
5
+ ### Improvements
6
+
7
+ * Improved performance.
8
+ * GH-210
9
+ * Patch by NAITOH Jun.
10
+
11
+ ### Fixes
12
+
13
+ * Fixed a parse bug for text only invalid XML.
14
+ * GH-215
15
+ * Patch by NAITOH Jun.
16
+
17
+ * Fixed a parse bug that `&#0x...;` is accepted as a character
18
+ reference.
19
+
20
+ ### Thanks
21
+
22
+ * NAITOH Jun
23
+
24
+ ## 3.3.8 - 2024-09-29 {#version-3-3-8}
25
+
26
+ ### Improvements
27
+
28
+ * SAX2: Improve parse performance.
29
+ * GH-207
30
+ * Patch by NAITOH Jun.
31
+
32
+ ### Fixes
33
+
34
+ * Fixed a bug that unexpected attribute namespace conflict error for
35
+ the predefined "xml" namespace is reported.
36
+ * GH-208
37
+ * Patch by KITAITI Makoto
38
+
39
+ ### Thanks
40
+
41
+ * NAITOH Jun
42
+
43
+ * KITAITI Makoto
44
+
45
+ ## 3.3.7 - 2024-09-04 {#version-3-3-7}
46
+
47
+ ### Improvements
48
+
49
+ * Added local entity expansion limit methods
50
+ * GH-192
51
+ * GH-202
52
+ * Reported by takuya kodama.
53
+ * Patch by NAITOH Jun.
54
+
55
+ * Removed explicit strscan dependency
56
+ * GH-204
57
+ * Patch by Bo Anderson.
58
+
59
+ ### Thanks
60
+
61
+ * takuya kodama
62
+
63
+ * NAITOH Jun
64
+
65
+ * Bo Anderson
66
+
3
67
  ## 3.3.6 - 2024-08-22 {#version-3-3-6}
4
68
 
5
69
  ### Improvements
data/lib/rexml/attribute.rb CHANGED
@@ -148,8 +148,9 @@ module REXML
148
148
  # have been expanded to their values
149
149
  def value
150
150
  return @unnormalized if @unnormalized
151
- @unnormalized = Text::unnormalize( @normalized, doctype )
152
- @unnormalized
151
+
152
+ @unnormalized = Text::unnormalize(@normalized, doctype,
153
+ entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
153
154
  end
154
155
 
155
156
  # The normalized value of this attribute. That is, the attribute with
data/lib/rexml/document.rb CHANGED
@@ -91,6 +91,8 @@ module REXML
91
91
  #
92
92
  def initialize( source = nil, context = {} )
93
93
  @entity_expansion_count = 0
94
+ @entity_expansion_limit = Security.entity_expansion_limit
95
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
94
96
  super()
95
97
  @context = context
96
98
  return if source.nil?
@@ -431,10 +433,12 @@ module REXML
431
433
  end
432
434
 
433
435
  attr_reader :entity_expansion_count
436
+ attr_writer :entity_expansion_limit
437
+ attr_accessor :entity_expansion_text_limit
434
438
 
435
439
  def record_entity_expansion
436
440
  @entity_expansion_count += 1
437
- if @entity_expansion_count > Security.entity_expansion_limit
441
+ if @entity_expansion_count > @entity_expansion_limit
438
442
  raise "number of entity expansions exceeded, processing aborted."
439
443
  end
440
444
  end
data/lib/rexml/entity.rb CHANGED
@@ -71,9 +71,12 @@ module REXML
71
71
  # Evaluates to the unnormalized value of this entity; that is, replacing
72
72
  # &ent; entities.
73
73
  def unnormalized
74
- document.record_entity_expansion unless document.nil?
74
+ document&.record_entity_expansion
75
+
75
76
  return nil if @value.nil?
76
- @unnormalized = Text::unnormalize(@value, parent)
77
+
78
+ @unnormalized = Text::unnormalize(@value, parent,
79
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
77
80
  end
78
81
 
79
82
  #once :unnormalized
data/lib/rexml/parsers/baseparser.rb CHANGED
@@ -150,12 +150,13 @@ module REXML
150
150
  PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
151
151
  ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
152
152
  CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/
153
- CHARACTER_REFERENCES = /&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/
153
+ CHARACTER_REFERENCES = /&#((?:\d+)|(?:x[a-fA-F0-9]+));/
154
154
  DEFAULT_ENTITIES_PATTERNS = {}
155
155
  default_entities = ['gt', 'lt', 'quot', 'apos', 'amp']
156
156
  default_entities.each do |term|
157
157
  DEFAULT_ENTITIES_PATTERNS[term] = /&#{term};/
158
158
  end
159
+ XML_PREFIXED_NAMESPACE = "http://www.w3.org/XML/1998/namespace"
159
160
  end
160
161
  private_constant :Private
161
162
 
@@ -164,6 +165,9 @@ module REXML
164
165
  @listeners = []
165
166
  @prefixes = Set.new
166
167
  @entity_expansion_count = 0
168
+ @entity_expansion_limit = Security.entity_expansion_limit
169
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
170
+ @source.ensure_buffer
167
171
  end
168
172
 
169
173
  def add_listener( listener )
@@ -172,6 +176,8 @@ module REXML
172
176
 
173
177
  attr_reader :source
174
178
  attr_reader :entity_expansion_count
179
+ attr_writer :entity_expansion_limit
180
+ attr_writer :entity_expansion_text_limit
175
181
 
176
182
  def stream=( source )
177
183
  @source = SourceFactory.create_from( source )
@@ -181,7 +187,7 @@ module REXML
181
187
  @tags = []
182
188
  @stack = []
183
189
  @entities = []
184
- @namespaces = {}
190
+ @namespaces = {"xml" => Private::XML_PREFIXED_NAMESPACE}
185
191
  @namespaces_restore_stack = []
186
192
  end
187
193
 
@@ -564,8 +570,12 @@ module REXML
564
570
  return rv if matches.size == 0
565
571
  rv.gsub!( Private::CHARACTER_REFERENCES ) {
566
572
  m=$1
567
- m = "0#{m}" if m[0] == ?x
568
- [Integer(m)].pack('U*')
573
+ if m.start_with?("x")
574
+ code_point = Integer(m[1..-1], 16)
575
+ else
576
+ code_point = Integer(m, 10)
577
+ end
578
+ [code_point].pack('U*')
569
579
  }
570
580
  matches.collect!{|x|x[0]}.compact!
571
581
  if filter
@@ -585,7 +595,7 @@ module REXML
585
595
  end
586
596
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
587
597
  rv.gsub!( re, entity_value )
588
- if rv.bytesize > Security.entity_expansion_text_limit
598
+ if rv.bytesize > @entity_expansion_text_limit
589
599
  raise "entity expansion has grown too large"
590
600
  end
591
601
  else
@@ -627,7 +637,7 @@ module REXML
627
637
 
628
638
  def record_entity_expansion(delta=1)
629
639
  @entity_expansion_count += delta
630
- if @entity_expansion_count > Security.entity_expansion_limit
640
+ if @entity_expansion_count > @entity_expansion_limit
631
641
  raise "number of entity expansions exceeded, processing aborted."
632
642
  end
633
643
  end
@@ -786,7 +796,7 @@ module REXML
786
796
  @source.match(/\s*/um, true)
787
797
  if prefix == "xmlns"
788
798
  if local_part == "xml"
789
- if value != "http://www.w3.org/XML/1998/namespace"
799
+ if value != Private::XML_PREFIXED_NAMESPACE
790
800
  msg = "The 'xml' prefix must not be bound to any other namespace "+
791
801
  "(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
792
802
  raise REXML::ParseException.new( msg, @source, self )
data/lib/rexml/parsers/pullparser.rb CHANGED
@@ -51,6 +51,14 @@ module REXML
51
51
  @parser.entity_expansion_count
52
52
  end
53
53
 
54
+ def entity_expansion_limit=( limit )
55
+ @parser.entity_expansion_limit = limit
56
+ end
57
+
58
+ def entity_expansion_text_limit=( limit )
59
+ @parser.entity_expansion_text_limit = limit
60
+ end
61
+
54
62
  def each
55
63
  while has_next?
56
64
  yield self.pull
data/lib/rexml/parsers/sax2parser.rb CHANGED
@@ -26,6 +26,14 @@ module REXML
26
26
  @parser.entity_expansion_count
27
27
  end
28
28
 
29
+ def entity_expansion_limit=( limit )
30
+ @parser.entity_expansion_limit = limit
31
+ end
32
+
33
+ def entity_expansion_text_limit=( limit )
34
+ @parser.entity_expansion_text_limit = limit
35
+ end
36
+
29
37
  def add_listener( listener )
30
38
  @parser.add_listener( listener )
31
39
  end
@@ -251,6 +259,8 @@ module REXML
251
259
  end
252
260
 
253
261
  def get_namespace( prefix )
262
+ return nil if @namespace_stack.empty?
263
+
254
264
  uris = (@namespace_stack.find_all { |ns| not ns[prefix].nil? }) ||
255
265
  (@namespace_stack.find { |ns| not ns[nil].nil? })
256
266
  uris[-1][prefix] unless uris.nil? or 0 == uris.size
data/lib/rexml/parsers/streamparser.rb CHANGED
@@ -18,6 +18,14 @@ module REXML
18
18
  @parser.entity_expansion_count
19
19
  end
20
20
 
21
+ def entity_expansion_limit=( limit )
22
+ @parser.entity_expansion_limit = limit
23
+ end
24
+
25
+ def entity_expansion_text_limit=( limit )
26
+ @parser.entity_expansion_text_limit = limit
27
+ end
28
+
21
29
  def parse
22
30
  # entity string
23
31
  while true
data/lib/rexml/rexml.rb CHANGED
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.6"
34
+ VERSION = "3.3.9"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
data/lib/rexml/source.rb CHANGED
@@ -77,6 +77,7 @@ module REXML
77
77
  detect_encoding
78
78
  end
79
79
  @line = 0
80
+ @term_encord = {}
80
81
  end
81
82
 
82
83
  # The current buffer (what we're going to read next)
@@ -227,7 +228,7 @@ module REXML
227
228
 
228
229
  def read_until(term)
229
230
  pattern = Private::PRE_DEFINED_TERM_PATTERNS[term] || /#{Regexp.escape(term)}/
230
- term = encode(term)
231
+ term = @term_encord[term] ||= encode(term)
231
232
  until str = @scanner.scan_until(pattern)
232
233
  break if @source.nil?
233
234
  break if @source.eof?
@@ -294,14 +295,19 @@ module REXML
294
295
 
295
296
  private
296
297
  def readline(term = nil)
297
- str = @source.readline(term || @line_break)
298
298
  if @pending_buffer
299
+ begin
300
+ str = @source.readline(term || @line_break)
301
+ rescue IOError
302
+ end
299
303
  if str.nil?
300
304
  str = @pending_buffer
301
305
  else
302
306
  str = @pending_buffer + str
303
307
  end
304
308
  @pending_buffer = nil
309
+ else
310
+ str = @source.readline(term || @line_break)
305
311
  end
306
312
  return nil if str.nil?
307
313
 
data/lib/rexml/text.rb CHANGED
@@ -268,7 +268,8 @@ module REXML
268
268
  # u = Text.new( "sean russell", false, nil, true )
269
269
  # u.value #-> "sean russell"
270
270
  def value
271
- @unnormalized ||= Text::unnormalize( @string, doctype )
271
+ @unnormalized ||= Text::unnormalize(@string, doctype,
272
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
272
273
  end
273
274
 
274
275
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +412,12 @@ module REXML
411
412
  end
412
413
 
413
414
  # Unescapes all possible entities
414
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
415
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
416
+ entity_expansion_text_limit ||= Security.entity_expansion_text_limit
415
417
  sum = 0
416
418
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
417
419
  s = Text.expand($&, doctype, filter)
418
- if sum + s.bytesize > Security.entity_expansion_text_limit
420
+ if sum + s.bytesize > entity_expansion_text_limit
419
421
  raise "entity expansion has grown too large"
420
422
  else
421
423
  sum += s.bytesize
metadata CHANGED
@@ -1,28 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rexml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.6
4
+ version: 3.3.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kouhei Sutou
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2024-08-22 00:00:00.000000000 Z
11
- dependencies:
12
- - !ruby/object:Gem::Dependency
13
- name: strscan
14
- requirement: !ruby/object:Gem::Requirement
15
- requirements:
16
- - - ">="
17
- - !ruby/object:Gem::Version
18
- version: '0'
19
- type: :runtime
20
- prerelease: false
21
- version_requirements: !ruby/object:Gem::Requirement
22
- requirements:
23
- - - ">="
24
- - !ruby/object:Gem::Version
25
- version: '0'
10
+ date: 2024-10-24 00:00:00.000000000 Z
11
+ dependencies: []
26
12
  description: An XML toolkit for Ruby
27
13
  email:
28
14
  - kou@cozmixng.org
@@ -116,7 +102,7 @@ homepage: https://github.com/ruby/rexml
116
102
  licenses:
117
103
  - BSD-2-Clause
118
104
  metadata:
119
- changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.6
105
+ changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.9
120
106
  rdoc_options:
121
107
  - "--main"
122
108
  - README.md