ro-crate 0.5.3 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 987f4bf5543890ca23264eaa771134f6ec2ba848a84ea32424cf951429141523
-  data.tar.gz: f05c5166d95be3cec706fbb5d550c5af916f5f4c444112575ec49d5fe961e12a
+  metadata.gz: eee42ff56abf6a19d3a0e3575957c338b79a87c5609566618c032ca302ccab8d
+  data.tar.gz: 7d36b9517a344a2d2f9559a11229e8a51e2a2e4b02c5ada951d8b86b82051900
 SHA512:
-  metadata.gz: '0848a81d03d8cdf7b4809de8613d90b67950f4339ae20ab5ce4ba6fa8d9e9559033c4a53ca47391b99ed5287ba7a2f2be7976b87c7ea8479051b8e7dfc9da6e8'
-  data.tar.gz: c1fc1ffdadafd04c19d81c37befec9eed9bcf9e40db9c39158b20a2a8ec8b8368841c65211d31439ba585f637de9541e2b7d58673da4964c7b8afccbfb9bf6ff
+  metadata.gz: 82917f083837b091d304e61188dbcb06cbe9a306676e3c17e4c56d662cb3a65d90bb7f41b5c09503caaf457a0740d30a9011a4f4edc64fe2bf78556a6e9f078e
+  data.tar.gz: 430857f30551fb3f4e2c82fce71babfd9574cf4a039ece9dd26318766d054ff4ac9725b3fa6bab134d8e0a5ad5eed01905324aeadbdaf0053730716b57e97eca

data/.github/workflows/docs.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.3.1 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Setup Ruby

data/.github/workflows/tests.yml

@@ -5,11 +5,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: ['2.6', '2.7', '3.0', '3.1', '3.2', '3.3']
+        ruby: ['2.7', '3.0', '3.1', '3.2', '3.3', '3.4', '4.0']
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.3.1 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Setup Ruby

data/.ruby-version

@@ -1 +1 @@
-ruby-3.2.5
+ruby-3.4.9

data/README.md

@@ -2,10 +2,10 @@
 
 ![Tests](https://github.com/ResearchObject/ro-crate-ruby/actions/workflows/tests.yml/badge.svg)
 
-This is a WIP gem for creating, manipulating and reading RO-Crates (conforming to version 1.1 of the specification).
+This is a WIP gem for creating, manipulating and reading RO-Crates (conforming to version 1.3 of the specification). RO-Crates produced by older versions (1.0, 1.1, 1.2) of the spec can still be read.
 
-* RO-Crate - https://researchobject.github.io/ro-crate/
-* RO-Crate spec (1.1) - https://researchobject.github.io/ro-crate/1.1/
+* RO-Crate - https://www.researchobject.org/ro-crate/
+* RO-Crate spec (1.3) - https://www.researchobject.org/ro-crate/specification/1.3/
 
 ## Installation
 

data/Rakefile

@@ -1,6 +1,5 @@
 require 'bundler/gem_tasks'
 require 'rake/testtask'
-require 'rdoc/task'
 
 desc 'Default: run unit tests.'
 task default: :test
@@ -13,14 +12,6 @@ Rake::TestTask.new(:test) do |t|
   t.warning = false
 end
 
-Rake::RDocTask.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Devise'
-  rdoc.options << '--line-numbers' << '--inline-source'
-  rdoc.rdoc_files.include('README.md')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
 task :console do
   require 'irb'
   require 'irb/completion'

data/lib/ro_crate/model/crate.rb

@@ -21,9 +21,16 @@ module ROCrate
 
     ##
     # Initialize an empty RO-Crate.
-    def initialize(id = IDENTIFIER, properties = {})
+    #
+    # @param id [String] The crate's identifier.
+    # @param properties [Hash] Initial properties for the root data entity.
+    # @param version [String] RO-Crate spec version to declare (default: ROCrate::Metadata::DEFAULT_VERSION).
+    #   Must be one of ROCrate::Metadata::SUPPORTED_VERSIONS.
+    def initialize(id = IDENTIFIER, properties = {}, version: ROCrate::Metadata::DEFAULT_VERSION)
+      ROCrate::Metadata.warn_unrecognized_version(version)
       @data_entities = Set.new
       @contextual_entities = Set.new
+      @metadata_version = version
       super(self, nil, id, properties)
     end
 
@@ -168,7 +175,7 @@ module ROCrate
     #
     # @return [Metadata]
     def metadata
-      @metadata ||= ROCrate::Metadata.new(self)
+      @metadata ||= ROCrate::Metadata.new(self, {}, version: @metadata_version || ROCrate::Metadata::DEFAULT_VERSION)
     end
 
     ##

data/lib/ro_crate/model/directory.rb

@@ -74,9 +74,8 @@ module ROCrate
     end
 
     def list_all_files(source_directory, include_hidden: false)
-      args = ['**/*']
-      args << ::File::FNM_DOTMATCH if include_hidden
-      Dir.chdir(source_directory) { Dir.glob(*args) }.reject do |path|
+      flags = include_hidden ? ::File::FNM_DOTMATCH : 0
+      Dir.glob('**/*', flags, base: source_directory).reject do |path|
         path == '.' || path == '..' || path.end_with?('/.')
       end
     end

data/lib/ro_crate/model/metadata.rb

@@ -5,13 +5,46 @@ module ROCrate
     IDENTIFIER = 'ro-crate-metadata.json'.freeze
     IDENTIFIER_1_0 = 'ro-crate-metadata.jsonld'.freeze # 1.0 spec identifier
     RO_CRATE_BASE = 'https://w3id.org/ro/crate/'
-    CONTEXT = "#{RO_CRATE_BASE}1.1/context".freeze
-    SPEC = "#{RO_CRATE_BASE}1.1".freeze
 
-    def initialize(crate, properties = {})
+    SUPPORTED_VERSIONS = %w[1.0 1.0-DRAFT 1.1 1.1-DRAFT 1.2 1.2-DRAFT 1.3].freeze
+    DEFAULT_VERSION = '1.3'.freeze
+
+    CONTEXT = "#{RO_CRATE_BASE}#{DEFAULT_VERSION}/context".freeze
+    SPEC = "#{RO_CRATE_BASE}#{DEFAULT_VERSION}".freeze
+
+    attr_reader :version
+
+    ##
+    # Emit a warning if the given version is not in SUPPORTED_VERSIONS.
+    # Does not raise — unrecognized versions are still accepted so the library
+    # stays forward-compatible with future spec versions that need no changes.
+    def self.warn_unrecognized_version(v)
+      return if SUPPORTED_VERSIONS.include?(v)
+      warn "Unrecognized RO-Crate version: #{v.inspect}. Known versions: #{SUPPORTED_VERSIONS.join(', ')}"
+    end
+
+    def initialize(crate, properties = {}, version: DEFAULT_VERSION)
+      self.class.warn_unrecognized_version(version)
+      @version = version
       super(crate, nil, IDENTIFIER, properties)
     end
 
+    ##
+    # Update the spec version this metadata declares.
+    # Used by the Reader to preserve the version of a parsed crate.
+    def version=(v)
+      self.class.warn_unrecognized_version(v)
+      @version = v
+    end
+
+    def context_url
+      "#{RO_CRATE_BASE}#{@version}/context"
+    end
+
+    def spec_url
+      "#{RO_CRATE_BASE}#{@version}"
+    end
+
     ##
     # Generate the crate's `ro-crate-metadata.jsonld`.
     # @return [String] The rendered JSON-LD as a "prettified" string.
@@ -21,7 +54,7 @@ module ROCrate
     end
 
     def context
-      @context || CONTEXT
+      @context || context_url
     end
 
     def context= c
@@ -39,7 +72,7 @@ module ROCrate
         '@id' => IDENTIFIER,
         '@type' => 'CreativeWork',
         'about' => { '@id' => crate.id },
-        'conformsTo' => { '@id' => SPEC }
+        'conformsTo' => { '@id' => spec_url }
       }
     end
   end

data/lib/ro_crate/reader.rb

@@ -1,7 +1,11 @@
+require 'zip/version'
+
 module ROCrate
   ##
   # A class to handle reading of RO-Crates from Zip files or directories.
   class Reader
+    LEGACY_EXTRACT = Zip::VERSION.start_with?('2.').freeze
+
     ##
     # Reads an RO-Crate from a directory or zip file.
     #
@@ -42,15 +46,15 @@ module ROCrate
     #
     # @param source [#read] An IO-like object containing a Zip file.
     # @param target [String, ::File, Pathname] The target directory where the file should be unzipped.
-    def self.unzip_io_to(io, target)
-      Dir.chdir(target) do
-        Zip::InputStream.open(io) do |input|
-          while (entry = input.get_next_entry)
-            unless ::File.exist?(entry.name) || entry.name_is_directory?
-              FileUtils::mkdir_p(::File.dirname(entry.name))
-              ::File.binwrite(entry.name, input.read)
-            end
-          end
+    def self.unzip_io_to(source, target)
+      target_path = Pathname(target)
+      Zip::InputStream.open(source) do |input|
+        while (entry = input.get_next_entry)
+          next if entry.name_is_directory?
+          dest = safe_join(target_path, entry.name)
+          next if dest.exist?
+          FileUtils.mkdir_p(dest.dirname)
+          ::File.binwrite(dest, input.read)
         end
       end
     end
@@ -60,15 +64,14 @@ module ROCrate
     #
     # @param source [String, ::File, Pathname] The location of the zip file.
     # @param target [String, ::File, Pathname] The target directory where the file should be unzipped.
-    def self.unzip_file_to(file_or_path, target)
-      Dir.chdir(target) do
-        Zip::File.open(file_or_path) do |zipfile|
-          zipfile.each do |entry|
-            unless ::File.exist?(entry.name)
-              FileUtils::mkdir_p(::File.dirname(entry.name))
-              zipfile.extract(entry, entry.name)
-            end
-          end
+    def self.unzip_file_to(source, target)
+      target_path = Pathname(target)
+      Zip::File.open(source) do |zipfile|
+        zipfile.each do |entry|
+          dest = safe_join(target_path, entry.name)
+          next if dest.exist?
+          FileUtils.mkdir_p(dest.dirname)
+          LEGACY_EXTRACT ? entry.extract(dest) : entry.extract(entry.name, destination_directory: target_path)
         end
       end
     end
@@ -87,6 +90,7 @@ module ROCrate
 
       # Traverse the unzipped directory to try and find the crate's root
       root_dir = detect_root_directory(target_dir)
+      raise ROCrate::ReadException, "No metadata found!" unless root_dir
 
       read_directory(root_dir)
     end
@@ -184,7 +188,10 @@ module ROCrate
     def self.initialize_crate(entity_hash, source, crate_class: ROCrate::Crate, context:)
       crate_class.new.tap do |crate|
         crate.properties = entity_hash.delete(ROCrate::Crate::IDENTIFIER)
-        crate.metadata.properties = entity_hash.delete(ROCrate::Metadata::IDENTIFIER)
+        metadata_props = entity_hash.delete(ROCrate::Metadata::IDENTIFIER)
+        crate.metadata.properties = metadata_props
+        parsed_version = extract_version(metadata_props)
+        crate.metadata.version = parsed_version if parsed_version
         crate.metadata.context = context
         preview_properties = entity_hash.delete(ROCrate::Preview::IDENTIFIER)
         preview_path = ::File.join(source, ROCrate::Preview::IDENTIFIER)
@@ -265,7 +272,7 @@ module ROCrate
 
     ##
     # Extract the metadata entity from the entity hash, according to the rules defined here:
-    # https://www.researchobject.org/ro-crate/1.1/root-data-entity.html#finding-the-root-data-entity
+    # https://www.researchobject.org/ro-crate/specification/1.2/root-data-entity.html#finding-the-root-data-entity
     # @return [nil, Hash{String => Hash}] A Hash containing (hopefully) one value, the metadata entity's properties
     # mapped by its @id, or nil if nothing is found.
     def self.extract_metadata_entity(entities)
@@ -284,6 +291,24 @@ module ROCrate
           entities.delete(ROCrate::Metadata::IDENTIFIER_1_0))
     end
 
+    ##
+    # Extract the spec version from the metadata entity's `conformsTo`.
+    # Looks for an `@id` matching `https://w3id.org/ro/crate/<version>` and returns `<version>`.
+    # @param metadata_props [Hash, nil] The metadata entity's properties.
+    # @return [String, nil] The parsed version string, or nil if not found.
+    def self.extract_version(metadata_props)
+      return nil unless metadata_props
+      conforms = metadata_props['conformsTo']
+      conforms = [conforms] unless conforms.is_a?(Array)
+      conforms.compact.each do |c|
+        id = c.is_a?(Hash) ? c['@id'] : c
+        next unless id&.start_with?(ROCrate::Metadata::RO_CRATE_BASE)
+        version = id.sub(ROCrate::Metadata::RO_CRATE_BASE, '').split('/').first
+        return version if version && !version.empty?
+      end
+      nil
+    end
+
     ##
     # Extract the ro-crate-preview entity from the entity hash.
     # @return [Hash{String => Hash}] A Hash containing the preview entity's properties mapped by its @id, or nil if nothing is found.
@@ -293,7 +318,7 @@ module ROCrate
 
     ##
     # Extract the root entity from the entity hash, according to the rules defined here:
-    # https://www.researchobject.org/ro-crate/1.1/root-data-entity.html#finding-the-root-data-entity
+    # https://www.researchobject.org/ro-crate/specification/1.2/root-data-entity.html#finding-the-root-data-entity
     # @return [Hash{String => Hash}] A Hash containing (hopefully) one value, the root entity's properties,
     # mapped by its @id.
     def self.extract_root_entity(entities)
@@ -303,7 +328,7 @@ module ROCrate
     end
 
     ##
-    # Finds an RO-Crate's root directory (where `ro-crate-metdata.json` is located) within a given directory.
+    # Finds an RO-Crate's root directory (where `ro-crate-metadata.json` is located) within a given directory.
     #
     # @param source [String, ::File, Pathname] The location of the directory.
     # @return [Pathname, nil] The path to the root, or nil if not found.
@@ -323,5 +348,28 @@ module ROCrate
 
       nil
     end
+
+    ##
+    # Safely joins a desired file path onto a base directory, raising an exception if the path attempts to traverse
+    # outside it.
+    #
+    # @param base [Pathname] The base directory where the file will go.
+    # @param path [String] The desired file path.
+    #
+    # @raise [ROCrate::ReadException] Raised if an unsafe path is given.
+    #
+    # @return [Pathname] The safely joined base + path.
+    def self.safe_join(base, path)
+      dest = base.join(path)
+      # Guard against zip-slip attacks.
+      begin
+        unsafe = dest.expand_path.relative_path_from(base.expand_path).each_filename.first == '..'
+      rescue ArgumentError # Handle unjoinable paths, e.g. on different drives.
+        unsafe = true
+      end
+      raise ROCrate::ReadException, "Unsafe path in zip entry: #{path}" if unsafe
+
+      dest
+    end
   end
 end

data/lib/ro_crate/writer.rb

@@ -44,7 +44,7 @@ module ROCrate
     # @param destination [String, ::File] The destination where to write the RO-Crate zip.
     # @param skip_preview [Boolean] Whether or not to skip generation of the RO-Crate preview HTML file.
     def write_zip(destination, skip_preview: false)
-      Zip::File.open(destination, Zip::File::CREATE) do |zip|
+      Zip::File.open(destination, create: true) do |zip|
         @crate.payload.each do |path, entry|
           next if entry.directory?
           next if skip_preview && entry&.source.is_a?(ROCrate::PreviewGenerator)

data/ro_crate.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = 'ro-crate'
-  s.version     = '0.5.3'
+  s.version     = '0.7.0'
   s.summary     = 'Create, manipulate, read RO-Crates.'
   s.authors     = ['Finn Bacall']
   s.email       = 'finn.bacall@manchester.ac.uk'
@@ -8,12 +8,13 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/ResearchObject/ro-crate-ruby'
   s.require_paths = ['lib']
   s.licenses    = ['MIT']
-  s.add_runtime_dependency 'addressable', '>= 2.7', '< 2.9'
-  s.add_runtime_dependency 'rubyzip', '~> 2.0.0'
-  s.add_development_dependency 'rake', '~> 13.0.0'
+  s.required_ruby_version = '>= 2.7.0'
+  s.add_runtime_dependency 'addressable', '>= 2.7', '< 3'
+  s.add_runtime_dependency 'rubyzip', '>= 2.3', '< 4'
+  s.add_development_dependency 'rake', '~> 13.4.2'
   s.add_development_dependency 'test-unit', '~> 3.5.3'
   s.add_development_dependency 'simplecov', '~> 0.21.2'
   s.add_development_dependency 'yard', '~> 0.9.25'
-  s.add_development_dependency 'webmock', '~> 3.8.3'
-  s.add_development_dependency 'rexml', '~> 3.2.5'
+  s.add_development_dependency 'webmock', '~> 3.26.2'
+  s.add_development_dependency 'rexml', '~> 3.4.4'
 end

data/test/crate_test.rb

@@ -377,4 +377,33 @@ class CrateTest < Test::Unit::TestCase
     assert_nil crate.get('#joe')
     assert crate.get('#joehouse')
   end
+
+  test 'defaults to RO-Crate spec 1.3' do
+    crate = ROCrate::Crate.new
+    assert_equal '1.3', crate.metadata.version
+    assert_equal 'https://w3id.org/ro/crate/1.3/context', crate.metadata.context
+    assert_equal 'https://w3id.org/ro/crate/1.3', crate.metadata.spec_url
+    assert_equal({ '@id' => 'https://w3id.org/ro/crate/1.3' }, crate.metadata.properties['conformsTo'])
+  end
+
+  test 'can write older spec version' do
+    crate = ROCrate::Crate.new(ROCrate::Crate::IDENTIFIER, {}, version: '1.1')
+    assert_equal '1.1', crate.metadata.version
+    assert_equal 'https://w3id.org/ro/crate/1.1/context', crate.metadata.context
+    assert_equal({ '@id' => 'https://w3id.org/ro/crate/1.1' }, crate.metadata.properties['conformsTo'])
+  end
+
+  test 'warns but accepts unrecognized spec version' do
+    original_stderr = $stderr
+    begin
+      $stderr = StringIO.new
+      crate = ROCrate::Crate.new(ROCrate::Crate::IDENTIFIER, {}, version: '1.5')
+      err = $stderr.string
+      assert_match(/Unrecognized RO-Crate version/, err)
+      assert_equal '1.5', crate.metadata.version
+      assert_equal 'https://w3id.org/ro/crate/1.5', crate.metadata.spec_url
+    ensure
+      $stderr = original_stderr
+    end
+  end
 end

data/test/fixtures/crate-spec1.2/file with spaces.txt

@@ -0,0 +1 @@
+I have spaces in my name

data/test/fixtures/crate-spec1.2/ro-crate-metadata.json

@@ -0,0 +1,42 @@
+{
+  "@context": "https://w3id.org/ro/crate/1.2/context",
+  "@graph": [
+    {
+      "@id": "ro-crate-metadata.json",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      },
+      "conformsTo": {
+        "@id": "https://w3id.org/ro/crate/1.2"
+      }
+    },
+    {
+      "@id": "ro-crate-preview.html",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      }
+    },
+    {
+      "@id": "./",
+      "@type": "Dataset",
+      "hasPart": [
+        {
+          "@id": "http://example.com/external_ref.txt"
+        },
+        {
+          "@id": "file%20with%20spaces.txt"
+        }
+      ]
+    },
+    {
+      "@id": "http://example.com/external_ref.txt",
+      "@type": "File"
+    },
+    {
+      "@id": "file%20with%20spaces.txt",
+      "@type": "File"
+    }
+  ]
+}

data/test/fixtures/crate-spec1.2/ro-crate-preview.html

@@ -0,0 +1,82 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>New RO-Crate</title>
+  <script type="application/ld+json">{
+  "@context": "https://w3id.org/ro/crate/1.2/context",
+  "@graph": [
+    {
+      "@id": "ro-crate-metadata.json",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      },
+      "conformsTo": {
+        "@id": "https://w3id.org/ro/crate/1.2"
+      }
+    },
+    {
+      "@id": "ro-crate-preview.html",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      }
+    },
+    {
+      "@id": "./",
+      "@type": "Dataset",
+      "hasPart": [
+        {
+          "@id": "http://example.com/external_ref.txt"
+        },
+        {
+          "@id": "file%20with%20spaces.txt"
+        }
+      ]
+    },
+    {
+      "@id": "http://example.com/external_ref.txt",
+      "@type": "File"
+    },
+    {
+      "@id": "file%20with%20spaces.txt",
+      "@type": "File"
+    }
+  ]
+}</script>
+  <meta name="generator" content="https://github.com/ResearchObject/ro-crate-ruby">
+  <meta name="keywords" content="RO-Crate">
+  <meta charset="utf-8">
+</head>
+<body>
+  <h1>New RO-Crate</h1>
+  
+  <p>
+    
+  </p>
+  <dl>
+    
+    
+    
+    
+  </dl>
+
+  <h2>Contents</h2>
+  <ul>
+    
+      <li>
+        <strong><a href="http://example.com/external_ref.txt" target="_blank">http://example.com/external_ref.txt</a></strong>
+        
+        
+      </li>
+    
+      <li>
+        <strong>file%20with%20spaces.txt</strong>
+        
+        
+      </li>
+    
+  </ul>
+</body>
+</html>

data/test/fixtures/crate-spec1.3/file with spaces.txt

@@ -0,0 +1 @@
+I have spaces in my name

data/test/fixtures/crate-spec1.3/ro-crate-metadata.json

@@ -0,0 +1,42 @@
+{
+  "@context": "https://w3id.org/ro/crate/1.3/context",
+  "@graph": [
+    {
+      "@id": "ro-crate-metadata.json",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      },
+      "conformsTo": {
+        "@id": "https://w3id.org/ro/crate/1.3"
+      }
+    },
+    {
+      "@id": "ro-crate-preview.html",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      }
+    },
+    {
+      "@id": "./",
+      "@type": "Dataset",
+      "hasPart": [
+        {
+          "@id": "http://example.com/external_ref.txt"
+        },
+        {
+          "@id": "file%20with%20spaces.txt"
+        }
+      ]
+    },
+    {
+      "@id": "http://example.com/external_ref.txt",
+      "@type": "File"
+    },
+    {
+      "@id": "file%20with%20spaces.txt",
+      "@type": "File"
+    }
+  ]
+}

data/test/fixtures/crate-spec1.3/ro-crate-preview.html

@@ -0,0 +1,82 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>New RO-Crate</title>
+  <script type="application/ld+json">{
+  "@context": "https://w3id.org/ro/crate/1.3/context",
+  "@graph": [
+    {
+      "@id": "ro-crate-metadata.json",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      },
+      "conformsTo": {
+        "@id": "https://w3id.org/ro/crate/1.3"
+      }
+    },
+    {
+      "@id": "ro-crate-preview.html",
+      "@type": "CreativeWork",
+      "about": {
+        "@id": "./"
+      }
+    },
+    {
+      "@id": "./",
+      "@type": "Dataset",
+      "hasPart": [
+        {
+          "@id": "http://example.com/external_ref.txt"
+        },
+        {
+          "@id": "file%20with%20spaces.txt"
+        }
+      ]
+    },
+    {
+      "@id": "http://example.com/external_ref.txt",
+      "@type": "File"
+    },
+    {
+      "@id": "file%20with%20spaces.txt",
+      "@type": "File"
+    }
+  ]
+}</script>
+  <meta name="generator" content="https://github.com/ResearchObject/ro-crate-ruby">
+  <meta name="keywords" content="RO-Crate">
+  <meta charset="utf-8">
+</head>
+<body>
+  <h1>New RO-Crate</h1>
+  
+  <p>
+    
+  </p>
+  <dl>
+    
+    
+    
+    
+  </dl>
+
+  <h2>Contents</h2>
+  <ul>
+    
+      <li>
+        <strong><a href="http://example.com/external_ref.txt" target="_blank">http://example.com/external_ref.txt</a></strong>
+        
+        
+      </li>
+    
+      <li>
+        <strong>file%20with%20spaces.txt</strong>
+        
+        
+      </li>
+    
+  </ul>
+</body>
+</html>

data/test/reader_test.rb

@@ -188,6 +188,48 @@ class ReaderTest < Test::Unit::TestCase
     assert crate.preview.source.source.is_a?(ROCrate::PreviewGenerator)
   end
 
+  test 'can read a 1.2 spec crate' do
+    stub_request(:get, "http://example.com/external_ref.txt").to_return(status: 200, body: 'file contents')
+
+    crate = ROCrate::Reader.read_directory(fixture_file('crate-spec1.2').path)
+    file = crate.dereference('file with spaces.txt')
+    assert file
+    assert file.is_a?(ROCrate::File)
+    refute file.remote?
+    assert file.source.is_a?(ROCrate::Entry)
+    assert_equal 'file%20with%20spaces.txt', file.id
+
+    ext_file = crate.dereference('http://example.com/external_ref.txt')
+    assert ext_file
+    assert ext_file.is_a?(ROCrate::File)
+    assert ext_file.remote?
+    assert ext_file.source.is_a?(ROCrate::RemoteEntry)
+    assert_equal 'http://example.com/external_ref.txt', ext_file.id
+    assert_equal 'file contents', ext_file.source.read
+    assert crate.preview.source.source.is_a?(Pathname)
+  end
+
+  test 'can read a 1.3 spec crate' do
+    stub_request(:get, "http://example.com/external_ref.txt").to_return(status: 200, body: 'file contents')
+
+    crate = ROCrate::Reader.read_directory(fixture_file('crate-spec1.3').path)
+    file = crate.dereference('file with spaces.txt')
+    assert file
+    assert file.is_a?(ROCrate::File)
+    refute file.remote?
+    assert file.source.is_a?(ROCrate::Entry)
+    assert_equal 'file%20with%20spaces.txt', file.id
+
+    ext_file = crate.dereference('http://example.com/external_ref.txt')
+    assert ext_file
+    assert ext_file.is_a?(ROCrate::File)
+    assert ext_file.remote?
+    assert ext_file.source.is_a?(ROCrate::RemoteEntry)
+    assert_equal 'http://example.com/external_ref.txt', ext_file.id
+    assert_equal 'file contents', ext_file.source.read
+    assert crate.preview.source.source.is_a?(Pathname)
+  end
+
   test 'reading from directory with unlisted files' do
     crate = ROCrate::Reader.read_directory(fixture_file('sparse_directory_crate').path)
 
@@ -358,6 +400,11 @@ class ReaderTest < Test::Unit::TestCase
       ROCrate::Reader.read(fixture_file('broken/missing_file'))
     end
     assert_include e.message, 'not found in crate: file1.txt'
+
+    e = check_exception(ROCrate::ReadException) do
+      ROCrate::Reader.read(fixture_file('just_a_zip.zip').path)
+    end
+    assert_include e.message, 'No metadata found'
   end
 
   test 'tolerates arcp identifier on root data entity (and missing hasPart)' do
@@ -381,18 +428,56 @@ class ReaderTest < Test::Unit::TestCase
     assert_equal 'a_file', data.first.name
   end
 
-  private
+  test 'protect against zip-slip' do
+    Dir.mktmpdir do |dir|
+      subdir = ::File.join(dir, 'subdir')
+      ::Dir.mkdir(subdir)
+
+      # Relative
+      e = check_exception(ROCrate::ReadException) do
+        ROCrate::Reader.unzip_file_to(fixture_file('unsafe/relative0.zip').path, subdir)
+      end
+      assert_include e.message, 'Unsafe path in zip entry: ../moo'
+      refute ::File.exist?(::File.join(dir, 'moo'))
+
+      e = check_exception(ROCrate::ReadException) do
+        ROCrate::Reader.unzip_io_to(fixture_file('unsafe/relative0.zip'), subdir)
+      end
+      assert_include e.message, 'Unsafe path in zip entry: ../moo'
+      refute ::File.exist?(::File.join(dir, 'moo'))
+
+      # Absolute
+      e = check_exception(ROCrate::ReadException) do
+        ROCrate::Reader.unzip_file_to(fixture_file('unsafe/absolute1.zip').path, subdir)
+      end
+      assert_include e.message, 'Unsafe path in zip entry: /tmp/moo'
 
-  def check_exception(exception_class)
-    e = nil
-    assert_raise(exception_class) do
+      e = check_exception(ROCrate::ReadException) do
+        ROCrate::Reader.unzip_io_to(fixture_file('unsafe/absolute1.zip'), subdir)
+      end
+      assert_include e.message, 'Unsafe path in zip entry: /tmp/moo'
+
+      # Simulate ArgumentError in safe_join
       begin
-        yield
-      rescue exception_class => e
-        raise e
+        original_expand_path = Pathname.instance_method(:expand_path)
+        Pathname.define_method(:expand_path) do |*args|
+          raise ArgumentError, 'Oh no'
+        end
+        e = check_exception(ROCrate::ReadException) do
+          ROCrate::Reader.unzip_file_to(fixture_file('unsafe/absolute1.zip').path, subdir)
+        end
+        assert_include e.message, 'Unsafe path in zip entry: /tmp/moo'
+      ensure
+        Pathname.define_method(:expand_path, original_expand_path)
       end
     end
+  end
+
+  test 'reads spec 1.1 RO-Crate and preserves version' do
+    crate = ROCrate::Reader.read(fixture_file('crate-spec1.1').path)
 
-    e
+    assert_equal '1.1', crate.metadata.version
+    assert_equal 'https://w3id.org/ro/crate/1.1', crate.metadata.spec_url
+    assert_equal 'https://w3id.org/ro/crate/1.1/context', crate.metadata.context_url
   end
 end

data/test/test_helper.rb

@@ -5,10 +5,37 @@ require 'test/unit'
 require 'ro_crate'
 require 'webmock/test_unit'
 
+class Test::Unit::TestCase
+  def teardown
+    self._opened_files.each do |f|
+      f.close unless f.closed?
+    end
+  end
+
+  def _opened_files
+    @opened_files ||= []
+  end
+end
+
 def fixture_file(name, *args)
-  ::File.open(::File.join(fixture_dir, name), *args)
+  f = ::File.open(::File.join(fixture_dir, name), *args)
+  self._opened_files << f
+  f
 end
 
 def fixture_dir
   ::File.join(::File.dirname(__FILE__), 'fixtures')
 end
+
+def check_exception(exception_class)
+  e = nil
+  assert_raise(exception_class) do
+    begin
+      yield
+    rescue exception_class => e
+      raise e
+    end
+  end
+
+  e
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ro-crate
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.7.0
 platform: ruby
 authors:
 - Finn Bacall
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-01-30 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -19,7 +18,7 @@ dependencies:
         version: '2.7'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.9'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,35 +28,41 @@ dependencies:
         version: '2.7'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.9'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.3'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 13.0.0
+        version: 13.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 13.0.0
+        version: 13.4.2
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -106,29 +111,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.3
+        version: 3.26.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.3
+        version: 3.26.2
 - !ruby/object:Gem::Dependency
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.5
+        version: 3.4.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.5
-description: 
+        version: 3.4.4
 email: finn.bacall@manchester.ac.uk
 executables: []
 extensions: []
@@ -181,6 +185,12 @@ files:
 - test/fixtures/conflicting_data_directory/nested.txt
 - test/fixtures/crate-spec1.1/file with spaces.txt
 - test/fixtures/crate-spec1.1/ro-crate-metadata.json
+- test/fixtures/crate-spec1.2/file with spaces.txt
+- test/fixtures/crate-spec1.2/ro-crate-metadata.json
+- test/fixtures/crate-spec1.2/ro-crate-preview.html
+- test/fixtures/crate-spec1.3/file with spaces.txt
+- test/fixtures/crate-spec1.3/ro-crate-metadata.json
+- test/fixtures/crate-spec1.3/ro-crate-preview.html
 - test/fixtures/data.csv
 - test/fixtures/dir_symlink
 - test/fixtures/directory.zip
@@ -200,6 +210,7 @@ files:
 - test/fixtures/directory_crate/ro-crate-preview.html
 - test/fixtures/file with spaces.txt
 - test/fixtures/info.txt
+- test/fixtures/just_a_zip.zip
 - test/fixtures/misc_data_entity_crate/ro-crate-metadata.json
 - test/fixtures/multi_metadata_crate.crate.zip
 - test/fixtures/nested_directory.zip
@@ -232,6 +243,8 @@ files:
 - test/fixtures/unlinked_entity_crate/test/test1/input.bed
 - test/fixtures/unlinked_entity_crate/test/test1/output_exp.bed
 - test/fixtures/unlinked_entity_crate/test/test1/sort-and-change-case-test.yml
+- test/fixtures/unsafe/absolute1.zip
+- test/fixtures/unsafe/relative0.zip
 - test/fixtures/uri_heavy_crate/main.nf
 - test/fixtures/uri_heavy_crate/ro-crate-metadata.json
 - test/fixtures/uri_heavy_crate/ro-crate-preview.html
@@ -2473,7 +2486,6 @@ homepage: https://github.com/ResearchObject/ro-crate-ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -2481,15 +2493,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
-signing_key: 
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Create, manipulate, read RO-Crates.
 test_files: []