ruby_aem 3.0.0 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ad39db69fe2af43f30457e2cb77bda360e23c681
4
- data.tar.gz: ed20117bacbe4fdf4d6b22b7c725ed58cb609230
3
+ metadata.gz: 0b0a6212a4f5bbc0f881e0b21b77e0b6b37574b8
4
+ data.tar.gz: e4eca0cf03bc1b4d2aefb25ec7594804b3d6d128
5
5
  SHA512:
6
- metadata.gz: b1bddd288141f8cd2b04c0292a6a8e886950226d18d1e3c1d6b9ea92d0cae961959c6cb3539ddcba75377e01566fca2ffb26558e16cdb6b332f064aaec596b51
7
- data.tar.gz: 074b7eb604f7bc1c75deb5b14304aa4084cba64e5faf2a29d8a1a665e98cb5179b88238aa853b6ef7b7e84461db50cdebe3f17ceeb6063ee35671cfd56c23bcd
6
+ metadata.gz: afab96f68130c55370b1bd3b8fe79fe9efd37767cf5d3665db7d78a3c0a9e23bbd317f7c14d9e62fe82a7797c22ffadae829bf8655957f3b43e8c3b6e2133b84
7
+ data.tar.gz: d63d4d96f027adfbc70434bd93ec53a4b74744981dec62c32087141c58232e4122a186b68b296be7bdf9200415614dda695b298cd973f2c1c584dfabdd0f862e
data/conf/gem.yaml ADDED
@@ -0,0 +1 @@
1
+ version: 3.1.0
@@ -12,11 +12,17 @@
12
12
  # See the License for the specific language governing permissions and
13
13
  # limitations under the License.
14
14
 
15
- require 'nokogiri'
15
+ require 'rexml/document'
16
16
 
17
17
  module RubyAem
18
18
  # Response handlers for HTML payload.
19
+ # AEM response body needs to be sanitized due to missing closing HTML tags
20
+ # scattered across many AEM web pages. The sanitisations are done manually
21
+ # using simple gsub call in order to avoid dependency to nokogiri which
22
+ # carries native compilation cost and security vulnerability on libxml
23
+ # dependency.
19
24
  module Handlers
25
+ include REXML
20
26
  # Parse authorizable ID from response body data.
21
27
  # This is used to get the authorizable ID of a newly created user/group.
22
28
  #
@@ -25,8 +31,9 @@ module RubyAem
25
31
  # @param call_params API call parameters
26
32
  # @return RubyAem::Result
27
33
  def self.html_authorizable_id(response, response_spec, call_params)
28
- html = Nokogiri::HTML(response.body)
29
- authorizable_id = html.xpath('//title/text()').to_s
34
+ sanitized_body = _sanitise_html(response.body, /<img.+">/, '')
35
+ html = Document.new(sanitized_body)
36
+ authorizable_id = XPath.first(html, '//title/text()').to_s
30
37
  authorizable_id.slice! "Content created #{call_params[:path]}"
31
38
  call_params[:authorizable_id] = authorizable_id.sub(%r{^/}, '')
32
39
 
@@ -45,10 +52,10 @@ module RubyAem
45
52
  # @param call_params API call parameters
46
53
  # @return RubyAem::Result
47
54
  def self.html_package_service_allow_error(response, response_spec, call_params)
48
- html = Nokogiri::HTML(response.body)
49
- title = html.xpath('//title/text()').to_s
50
- desc = html.xpath('//p/text()').to_s
51
- reason = html.xpath('//pre/text()').to_s
55
+ html = Document.new(response.body)
56
+ title = XPath.first(html, '//title/text()').to_s
57
+ desc = XPath.first(html, '//p/text()').to_s
58
+ reason = XPath.first(html, '//pre/text()').to_s
52
59
 
53
60
  call_params[:title] = title
54
61
  call_params[:desc] = desc
@@ -74,9 +81,11 @@ module RubyAem
74
81
  raise RubyAem::Error.new(message, result)
75
82
  end
76
83
 
77
- html = Nokogiri::HTML(response.body)
78
- user = html.xpath('//body/div/table/tr/td/b/text()').to_s
79
- desc = html.xpath('//body/div/table/tr/td/font/text()').to_s
84
+ sanitized_body = _sanitise_html(response.body, /<input.+>/, '')
85
+ sanitized_body = _sanitise_html(sanitized_body, /< 0/, '&lt; 0')
86
+ html = Document.new(sanitized_body)
87
+ user = XPath.first(html, '//body/div/table/tr/td/b/text()').to_s
88
+ desc = XPath.first(html, '//body/div/table/tr/td/font/text()').to_s
80
89
 
81
90
  if desc == 'Password successfully changed.'
82
91
  call_params[:user] = user
@@ -88,5 +97,23 @@ module RubyAem
88
97
  raise RubyAem::Error.new(message, result)
89
98
  end
90
99
  end
100
+
101
+ # Sanitise HTML string but only when the regex to be replaced actually
102
+ # exists. The intention for sanitising the HTML is to strip out unused
103
+ # invalid HTML tags, so that the remaining HTML is valid for rexml to parse.
104
+ # It's important to not assume that the regex exists due to the possibility
105
+ # of future AEM versions to produce a different response body that might /
106
+ # might not contain the invalid HTML tags on the older AEM versions.
107
+ #
108
+ # @param html HTML response body string
109
+ # @param regex Ruby regular expression, all regex matches will be replaced
110
+ # @param replacement all existence of the regex will be replaced with this string
111
+ def self._sanitise_html(html, regex, replacement)
112
+ if regex.match?(html)
113
+ html.gsub!(regex, replacement)
114
+ else
115
+ html
116
+ end
117
+ end
91
118
  end
92
119
  end
@@ -12,11 +12,13 @@
12
12
  # See the License for the specific language governing permissions and
13
13
  # limitations under the License.
14
14
 
15
- require 'nokogiri'
15
+ require 'rexml/document'
16
16
 
17
17
  module RubyAem
18
18
  # Response handlers for XML payload.
19
19
  module Handlers
20
+ include REXML
21
+
20
22
  # Handle package list XML by removing non-packages data.
21
23
  #
22
24
  # @param response HTTP response containing status_code, body, and headers
@@ -24,15 +26,15 @@ module RubyAem
24
26
  # @param call_params API call parameters
25
27
  # @return RubyAem::Result
26
28
  def self.xml_package_list(response, response_spec, call_params)
27
- xml = Nokogiri::XML(response.body)
29
+ xml = Document.new(response.body)
28
30
 
29
- status_code = xml.xpath('//crx/response/status/@code').to_s
30
- status_text = xml.xpath('//crx/response/status/text()').to_s
31
+ status_code = XPath.first(xml, '//crx/response/status/@code').to_s
32
+ status_text = XPath.first(xml, '//crx/response/status/text()').to_s
31
33
 
32
34
  if status_code == '200' && status_text == 'ok'
33
35
  message = response_spec['message'] % call_params
34
36
  result = RubyAem::Result.new(message, response)
35
- result.data = xml.xpath('//crx/response/data/packages')
37
+ result.data = XPath.first(xml, '//crx/response/data/packages')
36
38
  else
37
39
  result = RubyAem::Result.new("Unable to retrieve package list, getting status code #{status_code} and status text #{status_text}", response)
38
40
  end
@@ -12,9 +12,9 @@
12
12
  # See the License for the specific language governing permissions and
13
13
  # limitations under the License.
14
14
 
15
- require 'nori'
16
15
  require 'retries'
17
16
  require 'ruby_aem/error'
17
+ require 'rexml/document'
18
18
 
19
19
  module RubyAem
20
20
  # AEM resources
@@ -270,7 +270,7 @@ module RubyAem
270
270
  # @return RubyAem::Result
271
271
  def get_packages
272
272
  result = @client.call(self.class, __callee__.to_s, @call_params)
273
- packages = Nori.new.parse(result.data.to_s)['packages']['package']
273
+ packages = REXML::XPath.match(REXML::Document.new(result.data.to_s), '//packages/package')
274
274
  result_copy = RubyAem::Result.new(result.message, result.response)
275
275
  result_copy.data = packages
276
276
  result_copy
@@ -13,11 +13,13 @@
13
13
  # limitations under the License.
14
14
 
15
15
  require 'retries'
16
+ require 'rexml/document'
16
17
 
17
18
  module RubyAem
18
19
  module Resources
19
20
  # Package class contains API calls related to managing an AEM package.
20
21
  class Package
22
+ include REXML
21
23
  # Initialise a package.
22
24
  # Package name and version will then be used to construct the package file in the filesystem.
23
25
  # E.g. package name 'somepackage' with version '1.2.3' will translate to somepackage-1.2.3.zip in the filesystem.
@@ -160,11 +162,11 @@ module RubyAem
160
162
  # @return RubyAem::Result
161
163
  def get_versions
162
164
  packages = list_all.data
163
- package_versions = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\"]")
165
+ package_versions = XPath.match(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\"]")
164
166
 
165
167
  versions = []
166
168
  package_versions.each do |package|
167
- version = package.xpath('version/text()')
169
+ version = XPath.first(package, 'version/text()')
168
170
  versions.push(version.to_s) if version.to_s != ''
169
171
  end
170
172
 
@@ -181,7 +183,7 @@ module RubyAem
181
183
  # @return RubyAem::Result
182
184
  def exists
183
185
  packages = list_all.data
184
- package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
186
+ package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
185
187
 
186
188
  if package.to_s != ''
187
189
  message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} exists"
@@ -219,8 +221,8 @@ module RubyAem
219
221
  # @return RubyAem::Result
220
222
  def is_installed
221
223
  packages = list_all.data
222
- package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
223
- last_unpacked_by = package.xpath('lastUnpackedBy')
224
+ package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
225
+ last_unpacked_by = XPath.first(package, 'lastUnpackedBy') if package
224
226
 
225
227
  if !['', '<lastUnpackedBy/>', '<lastUnpackedBy>null</lastUnpackedBy>'].include? last_unpacked_by.to_s
226
228
  message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} is installed"
@@ -241,8 +243,8 @@ module RubyAem
241
243
  # @return RubyAem::Result
242
244
  def is_empty
243
245
  packages = list_all.data
244
- package = packages.xpath("//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
245
- size = package.xpath('size/text()').to_s.to_i
246
+ package = XPath.first(packages, "//packages/package[group=\"#{@call_params[:group_name]}\" and name=\"#{@call_params[:package_name]}\" and version=\"#{@call_params[:package_version]}\"]")
247
+ size = XPath.first(package, 'size/text()').to_s.to_i
246
248
 
247
249
  if size.zero?
248
250
  message = "Package #{@call_params[:group_name]}/#{@call_params[:package_name]}-#{@call_params[:package_version]} is empty"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_aem
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shine Solutions
@@ -9,36 +9,8 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-05-14 00:00:00.000000000 Z
12
+ date: 2019-06-03 00:00:00.000000000 Z
13
13
  dependencies:
14
- - !ruby/object:Gem::Dependency
15
- name: nokogiri
16
- requirement: !ruby/object:Gem::Requirement
17
- requirements:
18
- - - '='
19
- - !ruby/object:Gem::Version
20
- version: 1.10.3
21
- type: :runtime
22
- prerelease: false
23
- version_requirements: !ruby/object:Gem::Requirement
24
- requirements:
25
- - - '='
26
- - !ruby/object:Gem::Version
27
- version: 1.10.3
28
- - !ruby/object:Gem::Dependency
29
- name: nori
30
- requirement: !ruby/object:Gem::Requirement
31
- requirements:
32
- - - '='
33
- - !ruby/object:Gem::Version
34
- version: 2.6.0
35
- type: :runtime
36
- prerelease: false
37
- version_requirements: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - '='
40
- - !ruby/object:Gem::Version
41
- version: 2.6.0
42
14
  - !ruby/object:Gem::Dependency
43
15
  name: retries
44
16
  requirement: !ruby/object:Gem::Requirement
@@ -104,7 +76,7 @@ executables: []
104
76
  extensions: []
105
77
  extra_rdoc_files: []
106
78
  files:
107
- - conf/app.yaml
79
+ - conf/gem.yaml
108
80
  - conf/spec.yaml
109
81
  - lib/ruby_aem.rb
110
82
  - lib/ruby_aem/client.rb
@@ -137,7 +109,7 @@ files:
137
109
  - lib/ruby_aem/swagger.rb
138
110
  homepage: https://github.com/shinesolutions/ruby_aem
139
111
  licenses:
140
- - Apache 2.0
112
+ - Apache-2.0
141
113
  metadata: {}
142
114
  post_install_message:
143
115
  rdoc_options: []
data/conf/app.yaml DELETED
@@ -1 +0,0 @@
1
- version: 3.0.0