REXML: Fix a bug that unexpected methods can be called as a XPath function

[HackerOne:249295] Reported by Andrea Jegher. Thanks!!! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2017-08-13 12:14:24 +00:00 · 2017-08-13 12:14:24 +00:00 · 2bbc30520f
commit 2bbc30520f
parent 374c70c6cb
2 changed files with 39 additions and 3 deletions
--- a/lib/rexml/functions.rb
+++ b/lib/rexml/functions.rb
@ -8,10 +8,28 @@ module REXML
  # Therefore, in XML, "local-name()" is identical (and actually becomes)
  # "local_name()"
  module Functions
+    @@available_functions = {}
    @@context = nil
    @@namespace_context = {}
    @@variables = {}

+    INTERNAL_METHODS = [
+      :namespace_context,
+      :namespace_context=,
+      :variables,
+      :variables=,
+      :context=,
+      :get_namespace,
+      :send,
+    ]
+    class << self
+      def singleton_method_added(name)
+        unless INTERNAL_METHODS.include?(name)
+          @@available_functions[name] = true
+        end
+      end
+    end
+
    def Functions::namespace_context=(x) ; @@namespace_context=x ; end
    def Functions::variables=(x) ; @@variables=x ; end
    def Functions::namespace_context ; @@namespace_context ; end
@ -390,9 +408,14 @@ module REXML
      node.node_type == :processing_instruction
    end

-    def Functions::method_missing( id )
-      puts "METHOD MISSING #{id.id2name}"
-      XPath.match( @@context[:node], id.id2name )
+    def Functions::send(name, *args)
+      if @@available_functions[name.to_sym]
+        super
+      else
+        # TODO: Maybe, this is not XPath spec behavior.
+        # This behavior must be reconsidered.
+        XPath.match(@@context[:node], name.to_s)
+      end
    end
  end
 end
--- a/test/rexml/test_functions.rb
+++ b/test/rexml/test_functions.rb
@ -221,5 +221,18 @@ module REXMLTests
      m = REXML::XPath.match(doc, "//comment()[#{predicate}]")
      assert_equal( [REXML::Comment.new("COMMENT A")], m )
    end
+
+    def test_unregistered_method
+      doc = Document.new("<root/>")
+      assert_nil(XPath::first(doc.root, "to_s()"))
+    end
+
+    def test_nonexistent_function
+      doc = Document.new("<root><nonexistent/></root>")
+      # TODO: Maybe, this is not XPath spec behavior.
+      # This behavior must be reconsidered.
+      assert_equal(doc.root.elements[1],
+                   XPath::first(doc.root, "nonexistent()"))
+    end
  end
 end