ruby_aem 3.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ad39db69fe2af43f30457e2cb77bda360e23c681
-  data.tar.gz: ed20117bacbe4fdf4d6b22b7c725ed58cb609230
+  metadata.gz: 0b0a6212a4f5bbc0f881e0b21b77e0b6b37574b8
+  data.tar.gz: e4eca0cf03bc1b4d2aefb25ec7594804b3d6d128
 SHA512:
-  metadata.gz: b1bddd288141f8cd2b04c0292a6a8e886950226d18d1e3c1d6b9ea92d0cae961959c6cb3539ddcba75377e01566fca2ffb26558e16cdb6b332f064aaec596b51
-  data.tar.gz: 074b7eb604f7bc1c75deb5b14304aa4084cba64e5faf2a29d8a1a665e98cb5179b88238aa853b6ef7b7e84461db50cdebe3f17ceeb6063ee35671cfd56c23bcd
+  metadata.gz: afab96f68130c55370b1bd3b8fe79fe9efd37767cf5d3665db7d78a3c0a9e23bbd317f7c14d9e62fe82a7797c22ffadae829bf8655957f3b43e8c3b6e2133b84
+  data.tar.gz: d63d4d96f027adfbc70434bd93ec53a4b74744981dec62c32087141c58232e4122a186b68b296be7bdf9200415614dda695b298cd973f2c1c584dfabdd0f862e

data/conf/gem.yaml

@@ -0,0 +1 @@
+version: 3.1.0

data/lib/ruby_aem/handlers/html.rb

@@ -12,11 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'nokogiri'
+require 'rexml/document'
 
 module RubyAem
   # Response handlers for HTML payload.
+  # AEM response body needs to be sanitized due to missing closing HTML tags
+  # scattered across many AEM web pages. The sanitisations are done manually
+  # using simple gsub call in order to avoid dependency to nokogiri which
+  # carries native compilation cost and security vulnerability on libxml
+  # dependency.
   module Handlers
+    include REXML
     # Parse authorizable ID from response body data.
     # This is used to get the authorizable ID of a newly created user/group.
     #
@@ -25,8 +31,9 @@ module RubyAem
     # @param call_params API call parameters
     # @return RubyAem::Result
     def self.html_authorizable_id(response, response_spec, call_params)
-      html = Nokogiri::HTML(response.body)
-      authorizable_id = html.xpath('//title/text()').to_s
+      sanitized_body = _sanitise_html(response.body, /<img.+">/, '')
+      html = Document.new(sanitized_body)
+      authorizable_id = XPath.first(html, '//title/text()').to_s
       authorizable_id.slice! "Content created #{call_params[:path]}"
       call_params[:authorizable_id] = authorizable_id.sub(%r{^/}, '')
 
@@ -45,10 +52,10 @@ module RubyAem
     # @param call_params API call parameters
     # @return RubyAem::Result
     def self.html_package_service_allow_error(response, response_spec, call_params)
-      html = Nokogiri::HTML(response.body)
-      title = html.xpath('//title/text()').to_s
-      desc = html.xpath('//p/text()').to_s
-      reason = html.xpath('//pre/text()').to_s
+      html = Document.new(response.body)
+      title = XPath.first(html, '//title/text()').to_s
+      desc = XPath.first(html, '//p/text()').to_s
+      reason = XPath.first(html, '//pre/text()').to_s
 
       call_params[:title] = title
       call_params[:desc] = desc
@@ -74,9 +81,11 @@ module RubyAem
         raise RubyAem::Error.new(message, result)
       end
 
-      html = Nokogiri::HTML(response.body)
-      user = html.xpath('//body/div/table/tr/td/b/text()').to_s
-      desc = html.xpath('//body/div/table/tr/td/font/text()').to_s
+      sanitized_body = _sanitise_html(response.body, /<input.+>/, '')
+      sanitized_body = _sanitise_html(sanitized_body, /< 0/, '&lt; 0')
+      html = Document.new(sanitized_body)
+      user = XPath.first(html, '//body/div/table/tr/td/b/text()').to_s
+      desc = XPath.first(html, '//body/div/table/tr/td/font/text()').to_s
 
       if desc == 'Password successfully changed.'
         call_params[:user] = user
@@ -88,5 +97,23 @@ module RubyAem
         raise RubyAem::Error.new(message, result)
       end
     end
+
+    # Sanitise HTML string but only when the regex to be replaced actually
+    # exists. The intention for sanitising the HTML is to strip out unused
+    # invalid HTML tags, so that the remaining HTML is valid for rexml to parse.
+    # It's important to not assume that the regex exists due to the possibility
+    # of future AEM versions to produce a different response body that might /
+    # might not contain the invalid HTML tags on the older AEM versions.
+    #
+    # @param html HTML response body string
+    # @param regex Ruby regular expression, all regex matches will be replaced
+    # @param replacement all existence of the regex will be replaced with this string
+    def self._sanitise_html(html, regex, replacement)
+      if regex.match?(html)
+        html.gsub!(regex, replacement)
+      else
+        html
+      end
+    end
   end
 end

data/lib/ruby_aem/handlers/xml.rb

@@ -12,11 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'nokogiri'
+require 'rexml/document'
 
 module RubyAem
   # Response handlers for XML payload.
   module Handlers
+    include REXML
+
     # Handle package list XML by removing non-packages data.
     #
     # @param response HTTP response containing status_code, body, and headers
@@ -24,15 +26,15 @@ module RubyAem
     # @param call_params API call parameters
     # @return RubyAem::Result
     def self.xml_package_list(response, response_spec, call_params)
-      xml = Nokogiri::XML(response.body)
+      xml = Document.new(response.body)
 
-      status_code = xml.xpath('//crx/response/status/@code').to_s
-      status_text = xml.xpath('//crx/response/status/text()').to_s
+      status_code = XPath.first(xml, '//crx/response/status/@code').to_s
+      status_text = XPath.first(xml, '//crx/response/status/text()').to_s
 
       if status_code == '200' && status_text == 'ok'
         message = response_spec['message'] % call_params
         result = RubyAem::Result.new(message, response)
-        result.data = xml.xpath('//crx/response/data/packages')
+        result.data = XPath.first(xml, '//crx/response/data/packages')
       else
         result = RubyAem::Result.new("Unable to retrieve package list, getting status code #{status_code} and status text #{status_text}", response)
       end

data/lib/ruby_aem/resources/aem.rb

@@ -12,9 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'nori'
 require 'retries'
 require 'ruby_aem/error'
+require 'rexml/document'
 
 module RubyAem
   #  AEM resources
@@ -270,7 +270,7 @@ module RubyAem
       # @return RubyAem::Result
       def get_packages
         result = @client.call(self.class, __callee__.to_s, @call_params)
-        packages = Nori.new.parse(result.data.to_s)['packages']['package']
+        packages = REXML::XPath.match(REXML::Document.new(result.data.to_s), '//packages/package')
         result_copy = RubyAem::Result.new(result.message, result.response)
         result_copy.data = packages
         result_copy

data/lib/ruby_aem/resources/package.rb

@@ -13,11 +13,13 @@
 # limitations under the License.
 
 require 'retries'
+require 'rexml/document'
 
 module RubyAem
   module Resources
     # Package class contains API calls related to managing an AEM package.
     class Package
+      include REXML
       # Initialise a package.
       # Package name and version will then be used to construct the package file in the filesystem.
       # E.g. package name 'somepackage' with version '1.2.3' will translate to somepackage-1.2.3.zip in the filesystem.
@@ -160,11 +162,11 @@ module RubyAem
       # @return RubyAem::Result
       def get_versions
         packages = list_all.data
-        package_versions = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\"]")
+        package_versions = XPath.match(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\"]")
 
         versions = []
         package_versions.each do |package|
-          version = package.xpath('version/text()')
+          version = XPath.first(package, 'version/text()')
           versions.push(version.to_s) if version.to_s != ''
         end
 
@@ -181,7 +183,7 @@ module RubyAem
       # @return RubyAem::Result
       def exists
         packages = list_all.data
-        package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
+        package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
 
         if package.to_s != ''
           message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} exists"
@@ -219,8 +221,8 @@ module RubyAem
       # @return RubyAem::Result
       def is_installed
         packages = list_all.data
-        package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
-        last_unpacked_by = package.xpath('lastUnpackedBy')
+        package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
+        last_unpacked_by = XPath.first(package, 'lastUnpackedBy') if package
 
         if !['', '<lastUnpackedBy/>', '<lastUnpackedBy>null</lastUnpackedBy>'].include? last_unpacked_by.to_s
           message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} is installed"
@@ -241,8 +243,8 @@ module RubyAem
       # @return RubyAem::Result
       def is_empty
         packages = list_all.data
-        package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
-        size = package.xpath('size/text()').to_s.to_i
+        package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
+        size = XPath.first(package, 'size/text()').to_s.to_i
 
         if size.zero?
           message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} is empty"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_aem
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Shine Solutions
@@ -9,36 +9,8 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-14 00:00:00.000000000 Z
+date: 2019-06-03 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: nokogiri
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.10.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.10.3
-- !ruby/object:Gem::Dependency
-  name: nori
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.6.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.6.0
 - !ruby/object:Gem::Dependency
   name: retries
   requirement: !ruby/object:Gem::Requirement
@@ -104,7 +76,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- conf/app.yaml
+- conf/gem.yaml
 - conf/spec.yaml
 - lib/ruby_aem.rb
 - lib/ruby_aem/client.rb
@@ -137,7 +109,7 @@ files:
 - lib/ruby_aem/swagger.rb
 homepage: https://github.com/shinesolutions/ruby_aem
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []

data/conf/app.yaml

@@ -1 +0,0 @@
-version: 3.0.0