diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | lib/rexml/document.rb | 4 | ||||
| -rw-r--r-- | lib/rexml/entity.rb | 1 | ||||
| -rw-r--r-- | test/rexml/test_document.rb | 51 |
4 files changed, 61 insertions, 0 deletions
@@ -1,3 +1,8 @@ +Thu Nov 13 21:59:58 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * lib/rexml/document.rb: add REXML::Document#document. + reported by Tomas Hoger <thoger@redhat.com> and patched by nahi. + Thu Nov 13 21:51:56 2014 Tanaka Akira <akr@fsij.org> * test/monitor/test_monitor.rb: Use assert_join_threads. diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb index 8342b96e6a..d7d24f4732 100644 --- a/lib/rexml/document.rb +++ b/lib/rexml/document.rb @@ -278,6 +278,10 @@ module REXML end end + def document + self + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse diff --git a/lib/rexml/entity.rb b/lib/rexml/entity.rb index f447202394..3a35ec6b94 100644 --- a/lib/rexml/entity.rb +++ b/lib/rexml/entity.rb @@ -157,6 +157,7 @@ module REXML # This is a set of entity constants -- the ones defined in the XML # specification. These are +gt+, +lt+, +amp+, +quot+ and +apos+. + # CAUTION: these entities does not have parent and document module EntityConst # +>+ GT = Entity.new( 'gt', '>' ) diff --git a/test/rexml/test_document.rb b/test/rexml/test_document.rb index 171d480557..43efbca38c 100644 --- a/test/rexml/test_document.rb +++ b/test/rexml/test_document.rb @@ -48,6 +48,22 @@ EOF </member> EOF + XML_WITH_NESTED_EMPTY_ENTITY = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g ""> +]> +<member> +&a; +</member> +EOF + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF <!DOCTYPE root [ <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> @@ -62,6 +78,20 @@ EOF <cd></cd> EOF + XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a ""> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -88,6 +118,18 @@ EOF end assert_equal(101, doc.entity_expansion_count) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + REXML::Security.entity_expansion_limit = 4 doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) assert_equal("\na\na a\n<\n", doc.root.children.first.value) @@ -109,6 +151,15 @@ EOF assert_raise(REXML::ParseException) do REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) end + + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end ensure REXML::Security.entity_expansion_limit = 10000 end |