schematronium 0.1.0-java → 0.1.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1e01f9933d9bb8a0c0243986a3d689faead19cfe
-  data.tar.gz: a95659f5b6b800072daab4a3e6bbda2b564930ef
+  metadata.gz: 74beaa03afb2404a3160870d78430983bc61622d
+  data.tar.gz: 56a65d7aaadce1887c8d4055e2578903ae7dafbd
 SHA512:
-  metadata.gz: 432fa66139ee4a2dbc825b77a8c2438c567e05241e5ff839771898eb7d740849411d2993422c444ca054b5b71c158be5b313fba8268d85cac86b11a21e6ab70c
-  data.tar.gz: 62dac2298331473194d1646401f6ffd27ff10e3ec317b4088cbb3c15aee401d2a269ad4d56791c1a736914a2f91d8cbb498053e2fb8dbcfe62692eeb7559143e
+  metadata.gz: 97e89b77ba28e47f438ed80c7b4ea34f61c6d2c5af43610b09f79d8c12c13444d276d7f35ba5fb8ebbd0f125465b8d50f61f41790e10506112dd6c84aace5457
+  data.tar.gz: b0212f6ef6a938ccab58f9dc142181a36406fb5bc57ea7db8e501f4106cba012b4c612180fbf44ca5a7bf8bc4348b7d58d3cdd4684748a6dd9c2548a07ec7e82

data/README.md

@@ -3,7 +3,7 @@
 Schematronium is a gem providing:
 
 1. A single-object, single-function API for compiling a [schematron](http://www.schematron.com/) script, and running it over an XML file, returning a [Nokogiri](Nokogiri.org) [NodeSet](http://www.rubydoc.info/github/sparklemotion/nokogiri/Nokogiri/XML/NodeSet) of the resulting `failed-assert`s and `successful-report`s.
-2. A script ([schematronium](bin/schematronium)) to run a schematron over one or many XML files and return aggregate date in a TBD format. Mostly meant as an example of something you could to with it.
+2. A script ([schematronium](bin/schematronium)) to run a schematron over one or many XML files and return aggregate date in a TBD format. Mostly meant as an example of something you could to with it. Also shows how to turn off some parser features to prevent XXE vulnerabilities, which is VERY IMPORTANT if you are parsing XML you do not personally 100% control.  Schematronium does NOT do this by default.
 
 The goals of Schematronium are very similar to [schematron-wrapper](https://github.com/Agilefreaks/schematron-wrapper).  The primary difference is that, where schematron-wrapper runs the saxon jar via backticks per file, Schematronium uses the jRuby-only [saxon-xslt](https://github.com/fidothe/saxon-xslt) library to compile and run the schematron.  This has the upshot of not incurring the penalty of JDK initialization per file, which tends to be a substantial cost savings over even a small number of files.
 

data/bin/schematronium

@@ -6,6 +6,14 @@ raise "Not enough arguments" if ARGV.length < 2
 
 Saxon::Processor.default.config[:line_numbering] = true
 
+# Disable a bunch of stuff in parser to prevent XXE vulnerabilities
+parser_options = Saxon::Processor.default.to_java.getUnderlyingConfiguration.parseOptions
+parser_options.add_parser_feature("http://apache.org/xml/features/disallow-doctype-decl", true)
+parser_options.add_parser_feature("http://xml.org/sax/features/external-general-entities", false)
+parser_options.add_parser_feature("http://xml.org/sax/features/external-parameter-entities", false)
+
+
+
 stron = Schematronium.new(ARGV.shift)
 
 @fnames = []
@@ -14,14 +22,11 @@ if ARGV.empty?
   @fnames = @fnames + Dir[File.join('.', "*.xml")]
 else
   ARGV.each do |arg|
-    # Because absolute_path doesn't work right? Investigate
-    arg = arg.sub(/~/, Dir.home)
-
-    @fnames += case File.absolute_path(arg)
+    @fnames += case File.expand_path(arg)
                when File.method(:directory?).to_proc
-                 Dir[File.join(File.absolute_path(arg), "*.xml")]
+                 Dir[File.join(File.expand_path(arg), "*.xml")]
                when File.method(:file?).to_proc
-                 [File.absolute_path(arg)]
+                 [File.expand_path(arg)]
                else
                  []
                end
@@ -35,7 +40,7 @@ puts '<?xml version="1.0" encoding="UTF-8"?><files>'
   xml = stron.check(s_xml)
   xml.remove_namespaces!
 
-  xml = xml.xpath("//*[self::failed-assert or self::successful-report]")
+  xml = xml.xpath("//failed-assert|//successful-report")
   xml.each do |el|
     el["line-number"] = s_xml.xpath(el.attr("location")).get_line_number
   end

data/lib/schematronium.rb

@@ -14,15 +14,16 @@ class Schematronium
                 iso_abstract_expand.xsl
                 iso_svrl_for_xslt2.xsl|.map{|s| iso_file s}
 
-    schematron = case schematron
-                 when IO
+    schematron = if schematron.respond_to? :read
                    Saxon.XML(schematron.read)
-                 when String
+                 elsif schematron.kind_of? String
                    if File.file? schematron
                      Saxon.XML(File.open(schematron))
                    else
                      Saxon.XML(schematron)
                    end
+                 else
+                   raise "Unable to generate Schematron document from #{schematron.class.to_s}"
                  end
 
     # Run schematron through each stage of the iso_schematron pipeline

data/schematronium.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |gem|
   gem.name = 'schematronium'
-  gem.version = '0.1.0'
+  gem.version = '0.1.4'
   gem.date = '2015-07-27'
   gem.summary = 'Tool for running schematron against XML strings/files'
   gem.description = 'Wraps the saxon-xslt wrapper for Saxon 9 HE, providing a simple (one function) interface for running a schematron against an XML string or file'
@@ -22,5 +22,4 @@ Gem::Specification.new do |gem|
 
   gem.add_development_dependency "rake", '~> 10.4'
   gem.add_development_dependency "minitest"
-
 end

data/test/test_data/schematron/test.sch

@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <schema xmlns="http://purl.oclc.org/dsdl/schematron" queryBinding="xslt2">
-  <pattern>
+  <phase id="testphase">
+    <active pattern="b" />
+  </phase>
+<pattern id="a">
     <rule context="*:test">
       <report test="*:testable">
         There should be 'testable' elements within 'test's.
@@ -9,5 +12,10 @@
     <rule context="*:test/*:testable">
       <assert test="@test-attr">Testables must have have the 'test-attr' attribute.</assert>
     </rule>
-  </pattern>
+</pattern>
+<pattern id="b">
+    <rule context="*:test[1]">
+      <assert test="@test-attr">Testables must have have the 'test-attr' attribute.</assert>
+    </rule>
+</pattern>
 </schema>

data/test/test_schematronium.rb

@@ -8,15 +8,18 @@ class SchematroniumTest < MiniTest::Test
     File.join(File.expand_path(File.dirname(__FILE__)), 'test_data', *path_segments)
   end
 
-  def setup
-    @stron = Schematronium.new(td('schematron', 'test.sch'))
-  end
-
   def test_check_with_file
-    results = @stron.check(File.open(td('xml', 'test.xml')))
+    stron = Schematronium.new(td('schematron', 'test.sch'))
+    results = stron.check(File.open(td('xml', 'test.xml')))
     results.remove_namespaces!
-    assert_equal 1, results.xpath("//failed-assert").count, "Expects one failure"
+    assert_equal 2, results.xpath("//failed-assert").count, "Expects two failures"
     assert_equal 2, results.xpath("//successful-report").count, "Expects two reports"
   end
 
+  def test_check_with_phase
+    stron = Schematronium.new(td('schematron', 'test.sch'), "'testphase'")
+    results = stron.check(File.open(td('xml', 'test.xml')))
+    results.remove_namespaces!
+    assert_equal 1, results.xpath("//failed-assert").count, "Expects one failure"
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: schematronium
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.4
 platform: java
 authors:
 - Dave Mayo
@@ -119,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: Tool for running schematron against XML strings/files