ruby-changes:36321
From: nagachika <ko1@a...>
Date: Thu, 13 Nov 2014 22:29:57 +0900 (JST)
Subject: [ruby-changes:36321] nagachika:r48402 (trunk): * lib/rexml/document.rb: add REXML::Document#document.
nagachika 2014-11-13 22:29:50 +0900 (Thu, 13 Nov 2014) New Revision: 48402 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=48402 Log: * lib/rexml/document.rb: add REXML::Document#document. reported by Tomas Hoger <thoger@r...> and patched by nahi. Modified files: trunk/ChangeLog trunk/lib/rexml/document.rb trunk/lib/rexml/entity.rb trunk/test/rexml/test_document.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 48401) +++ ChangeLog (revision 48402) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu Nov 13 21:59:58 2014 CHIKANAGA Tomoyuki <nagachika@r...> + + * lib/rexml/document.rb: add REXML::Document#document. + reported by Tomas Hoger <thoger@r...> and patched by nahi. + Thu Nov 13 21:51:56 2014 Tanaka Akira <akr@f...> * test/monitor/test_monitor.rb: Use assert_join_threads. Index: lib/rexml/document.rb =================================================================== --- lib/rexml/document.rb (revision 48401) +++ lib/rexml/document.rb (revision 48402) @@ -278,6 +278,10 @@ module REXML https://github.com/ruby/ruby/blob/trunk/lib/rexml/document.rb#L278 end end + def document + self + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse Index: lib/rexml/entity.rb =================================================================== --- lib/rexml/entity.rb (revision 48401) +++ lib/rexml/entity.rb (revision 48402) @@ -157,6 +157,7 @@ module REXML https://github.com/ruby/ruby/blob/trunk/lib/rexml/entity.rb#L157 # This is a set of entity constants -- the ones defined in the XML # specification. These are +gt+, +lt+, +amp+, +quot+ and +apos+. + # CAUTION: these entities does not have parent and document module EntityConst # +>+ GT = Entity.new( 'gt', '>' ) Index: test/rexml/test_document.rb =================================================================== --- test/rexml/test_document.rb (revision 48401) +++ test/rexml/test_document.rb (revision 48402) @@ -48,6 +48,22 @@ EOF https://github.com/ruby/ruby/blob/trunk/test/rexml/test_document.rb#L48 </member> EOF + XML_WITH_NESTED_EMPTY_ENTITY = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g ""> +]> +<member> +&a; +</member> +EOF + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF <!DOCTYPE root [ <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> @@ -62,6 +78,20 @@ EOF https://github.com/ruby/ruby/blob/trunk/test/rexml/test_document.rb#L78 <cd></cd> EOF + XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a ""> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -88,6 +118,18 @@ EOF https://github.com/ruby/ruby/blob/trunk/test/rexml/test_document.rb#L118 end assert_equal(101, doc.entity_expansion_count) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + REXML::Security.entity_expansion_limit = 4 doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) assert_equal("\na\na a\n<\n", doc.root.children.first.value) @@ -109,6 +151,15 @@ EOF https://github.com/ruby/ruby/blob/trunk/test/rexml/test_document.rb#L151 assert_raise(REXML::ParseException) do REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) end + + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end ensure REXML::Security.entity_expansion_limit = 10000 end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/