rexml 3.3.6 → 3.3.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rexml might be problematic. Click here for more details.

Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/NEWS.md +22 -0
  3. data/lib/rexml/attribute.rb +3 -2
  4. data/lib/rexml/document.rb +5 -1
  5. data/lib/rexml/entity.rb +5 -2
  6. data/lib/rexml/parsers/baseparser.rb +6 -2
  7. data/lib/rexml/parsers/pullparser.rb +8 -0
  8. data/lib/rexml/parsers/sax2parser.rb +8 -0
  9. data/lib/rexml/parsers/streamparser.rb +8 -0
  10. data/lib/rexml/rexml.rb +1 -1
  11. data/lib/rexml/text.rb +5 -3
  12. metadata +4 -18
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b79c22060286dad847e18d30b4b336bda21d2772ccb35413fb9ba51a0012ed2
4
- data.tar.gz: feb56a4a3071541e983acd33b8baa6b9052f8d67d871102cfe6e69773a0cfcfe
3
+ metadata.gz: 1a402bb00d8bf352521fb6ca5354ba92a22d110feedcba40a50e2de5abad277a
4
+ data.tar.gz: 51f7b5893eef8d8183eb14c719064368029b18c9909b3454047e308c7425ce5b
5
5
  SHA512:
6
- metadata.gz: b615c95f8624212e151443ad03ba9b64f39aee8a200ea212150a10116340157cfda1bf974ab3d03161c0fb37d866e8c1c69ccc6a9549a13398452b32166af2d8
7
- data.tar.gz: db7dcac658e1f51f30575c24d6f36dc256349331fa1951c8fdfaf214baf97a5a446a1fcc411358a76d2c6fc36388ec8b1178adeacc3225d16d5d95ac53a8c4b3
6
+ metadata.gz: ff091fe421748562931d65301e66dc1d4d313e1c28cce753bc9f31a1f9bac65c0b4939db70117e47f2c3158daa24b708e2519a98a9638114f4e5a1c0d1265e7c
7
+ data.tar.gz: 720bc72a86eacebbe9a990152d4d0dfcde2e50c71b3fbabaaba44dec91b2f6ff7ca6180b86622cf0ffb36355ab5e5d43f8948e67c70ab4fca1f8bf0882a3585d
data/NEWS.md CHANGED
@@ -1,5 +1,27 @@
1
1
  # News
2
2
 
3
+ ## 3.3.7 - 2024-09-04 {#version-3-3-7}
4
+
5
+ ### Improvements
6
+
7
+ * Added local entity expansion limit methods
8
+ * GH-192
9
+ * GH-202
10
+ * Reported by takuya kodama.
11
+ * Patch by NAITOH Jun.
12
+
13
+ * Removed explicit strscan dependency
14
+ * GH-204
15
+ * Patch by Bo Anderson.
16
+
17
+ ### Thanks
18
+
19
+ * takuya kodama
20
+
21
+ * NAITOH Jun
22
+
23
+ * Bo Anderson
24
+
3
25
  ## 3.3.6 - 2024-08-22 {#version-3-3-6}
4
26
 
5
27
  ### Improvements
data/lib/rexml/attribute.rb CHANGED
@@ -148,8 +148,9 @@ module REXML
148
148
  # have been expanded to their values
149
149
  def value
150
150
  return @unnormalized if @unnormalized
151
- @unnormalized = Text::unnormalize( @normalized, doctype )
152
- @unnormalized
151
+
152
+ @unnormalized = Text::unnormalize(@normalized, doctype,
153
+ entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
153
154
  end
154
155
 
155
156
  # The normalized value of this attribute. That is, the attribute with
data/lib/rexml/document.rb CHANGED
@@ -91,6 +91,8 @@ module REXML
91
91
  #
92
92
  def initialize( source = nil, context = {} )
93
93
  @entity_expansion_count = 0
94
+ @entity_expansion_limit = Security.entity_expansion_limit
95
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
94
96
  super()
95
97
  @context = context
96
98
  return if source.nil?
@@ -431,10 +433,12 @@ module REXML
431
433
  end
432
434
 
433
435
  attr_reader :entity_expansion_count
436
+ attr_writer :entity_expansion_limit
437
+ attr_accessor :entity_expansion_text_limit
434
438
 
435
439
  def record_entity_expansion
436
440
  @entity_expansion_count += 1
437
- if @entity_expansion_count > Security.entity_expansion_limit
441
+ if @entity_expansion_count > @entity_expansion_limit
438
442
  raise "number of entity expansions exceeded, processing aborted."
439
443
  end
440
444
  end
data/lib/rexml/entity.rb CHANGED
@@ -71,9 +71,12 @@ module REXML
71
71
  # Evaluates to the unnormalized value of this entity; that is, replacing
72
72
  # &ent; entities.
73
73
  def unnormalized
74
- document.record_entity_expansion unless document.nil?
74
+ document&.record_entity_expansion
75
+
75
76
  return nil if @value.nil?
76
- @unnormalized = Text::unnormalize(@value, parent)
77
+
78
+ @unnormalized = Text::unnormalize(@value, parent,
79
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
77
80
  end
78
81
 
79
82
  #once :unnormalized
data/lib/rexml/parsers/baseparser.rb CHANGED
@@ -164,6 +164,8 @@ module REXML
164
164
  @listeners = []
165
165
  @prefixes = Set.new
166
166
  @entity_expansion_count = 0
167
+ @entity_expansion_limit = Security.entity_expansion_limit
168
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
167
169
  end
168
170
 
169
171
  def add_listener( listener )
@@ -172,6 +174,8 @@ module REXML
172
174
 
173
175
  attr_reader :source
174
176
  attr_reader :entity_expansion_count
177
+ attr_writer :entity_expansion_limit
178
+ attr_writer :entity_expansion_text_limit
175
179
 
176
180
  def stream=( source )
177
181
  @source = SourceFactory.create_from( source )
@@ -585,7 +589,7 @@ module REXML
585
589
  end
586
590
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
587
591
  rv.gsub!( re, entity_value )
588
- if rv.bytesize > Security.entity_expansion_text_limit
592
+ if rv.bytesize > @entity_expansion_text_limit
589
593
  raise "entity expansion has grown too large"
590
594
  end
591
595
  else
@@ -627,7 +631,7 @@ module REXML
627
631
 
628
632
  def record_entity_expansion(delta=1)
629
633
  @entity_expansion_count += delta
630
- if @entity_expansion_count > Security.entity_expansion_limit
634
+ if @entity_expansion_count > @entity_expansion_limit
631
635
  raise "number of entity expansions exceeded, processing aborted."
632
636
  end
633
637
  end
data/lib/rexml/parsers/pullparser.rb CHANGED
@@ -51,6 +51,14 @@ module REXML
51
51
  @parser.entity_expansion_count
52
52
  end
53
53
 
54
+ def entity_expansion_limit=( limit )
55
+ @parser.entity_expansion_limit = limit
56
+ end
57
+
58
+ def entity_expansion_text_limit=( limit )
59
+ @parser.entity_expansion_text_limit = limit
60
+ end
61
+
54
62
  def each
55
63
  while has_next?
56
64
  yield self.pull
data/lib/rexml/parsers/sax2parser.rb CHANGED
@@ -26,6 +26,14 @@ module REXML
26
26
  @parser.entity_expansion_count
27
27
  end
28
28
 
29
+ def entity_expansion_limit=( limit )
30
+ @parser.entity_expansion_limit = limit
31
+ end
32
+
33
+ def entity_expansion_text_limit=( limit )
34
+ @parser.entity_expansion_text_limit = limit
35
+ end
36
+
29
37
  def add_listener( listener )
30
38
  @parser.add_listener( listener )
31
39
  end
data/lib/rexml/parsers/streamparser.rb CHANGED
@@ -18,6 +18,14 @@ module REXML
18
18
  @parser.entity_expansion_count
19
19
  end
20
20
 
21
+ def entity_expansion_limit=( limit )
22
+ @parser.entity_expansion_limit = limit
23
+ end
24
+
25
+ def entity_expansion_text_limit=( limit )
26
+ @parser.entity_expansion_text_limit = limit
27
+ end
28
+
21
29
  def parse
22
30
  # entity string
23
31
  while true
data/lib/rexml/rexml.rb CHANGED
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.6"
34
+ VERSION = "3.3.7"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
data/lib/rexml/text.rb CHANGED
@@ -268,7 +268,8 @@ module REXML
268
268
  # u = Text.new( "sean russell", false, nil, true )
269
269
  # u.value #-> "sean russell"
270
270
  def value
271
- @unnormalized ||= Text::unnormalize( @string, doctype )
271
+ @unnormalized ||= Text::unnormalize(@string, doctype,
272
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
272
273
  end
273
274
 
274
275
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +412,12 @@ module REXML
411
412
  end
412
413
 
413
414
  # Unescapes all possible entities
414
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
415
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
416
+ entity_expansion_text_limit ||= Security.entity_expansion_text_limit
415
417
  sum = 0
416
418
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
417
419
  s = Text.expand($&, doctype, filter)
418
- if sum + s.bytesize > Security.entity_expansion_text_limit
420
+ if sum + s.bytesize > entity_expansion_text_limit
419
421
  raise "entity expansion has grown too large"
420
422
  else
421
423
  sum += s.bytesize
metadata CHANGED
@@ -1,28 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rexml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.6
4
+ version: 3.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kouhei Sutou
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2024-08-22 00:00:00.000000000 Z
11
- dependencies:
12
- - !ruby/object:Gem::Dependency
13
- name: strscan
14
- requirement: !ruby/object:Gem::Requirement
15
- requirements:
16
- - - ">="
17
- - !ruby/object:Gem::Version
18
- version: '0'
19
- type: :runtime
20
- prerelease: false
21
- version_requirements: !ruby/object:Gem::Requirement
22
- requirements:
23
- - - ">="
24
- - !ruby/object:Gem::Version
25
- version: '0'
10
+ date: 2024-09-04 00:00:00.000000000 Z
11
+ dependencies: []
26
12
  description: An XML toolkit for Ruby
27
13
  email:
28
14
  - kou@cozmixng.org
@@ -116,7 +102,7 @@ homepage: https://github.com/ruby/rexml
116
102
  licenses:
117
103
  - BSD-2-Clause
118
104
  metadata:
119
- changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.6
105
+ changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.7
120
106
  rdoc_options:
121
107
  - "--main"
122
108
  - README.md