* lib/rexml/document.rb: add REXML::Document#document.

reported by Tomas Hoger <thoger@redhat.com> and patched by nahi. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2014-11-13 13:29:50 +00:00 · 2014-11-13 13:29:50 +00:00 · 2e8f953d68
commit 2e8f953d68
parent b19c39f94f
4 changed files with 61 additions and 0 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Thu Nov 13 21:59:58 2014  CHIKANAGA Tomoyuki  <nagachika@ruby-lang.org>
+
+	* lib/rexml/document.rb: add REXML::Document#document.
+	  reported by Tomas Hoger <thoger@redhat.com> and patched by nahi.
+
 Thu Nov 13 21:51:56 2014  Tanaka Akira  <akr@fsij.org>

 	* test/monitor/test_monitor.rb: Use assert_join_threads.
--- a/lib/rexml/document.rb
+++ b/lib/rexml/document.rb
@ -278,6 +278,10 @@ module REXML
      end
    end

+    def document
+      self
+    end
+
    private
    def build( source )
      Parsers::TreeParser.new( source, self ).parse
--- a/lib/rexml/entity.rb
+++ b/lib/rexml/entity.rb
@ -157,6 +157,7 @@ module REXML

  # This is a set of entity constants -- the ones defined in the XML
  # specification.  These are +gt+, +lt+, +amp+, +quot+ and +apos+.
+  # CAUTION: these entities does not have parent and document
  module EntityConst
    # +>+
    GT = Entity.new( 'gt', '>' )
--- a/test/rexml/test_document.rb
+++ b/test/rexml/test_document.rb
@ -46,6 +46,22 @@ EOF
 <member>
 &a;
 </member>
+EOF
+
+    XML_WITH_NESTED_EMPTY_ENTITY = <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE member [
+  <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
+  <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
+  <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
+  <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
+  <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
+  <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
+  <!ENTITY g "">
+]>
+<member>
+&a;
+</member>
 EOF

    XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF
@ -60,6 +76,20 @@ EOF
  <!ENTITY test "test %g;">
 ]>
 <cd></cd>
+EOF
+
+    XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF
+<!DOCTYPE root [
+  <!ENTITY % a "">
+  <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;">
+  <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;">
+  <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;">
+  <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;">
+  <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;">
+  <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;">
+  <!ENTITY test "test %g;">
+]>
+<cd></cd>
 EOF

    XML_WITH_4_ENTITY_EXPANSION = <<EOF
@ -88,6 +118,18 @@ EOF
      end
      assert_equal(101, doc.entity_expansion_count)

+      doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY)
+      assert_raise(RuntimeError) do
+        doc.root.children.first.value
+      end
+      REXML::Security.entity_expansion_limit = 100
+      assert_equal(100, REXML::Security.entity_expansion_limit)
+      doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY)
+      assert_raise(RuntimeError) do
+        doc.root.children.first.value
+      end
+      assert_equal(101, doc.entity_expansion_count)
+
      REXML::Security.entity_expansion_limit = 4
      doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION)
      assert_equal("\na\na a\n<\n", doc.root.children.first.value)
@ -109,6 +151,15 @@ EOF
      assert_raise(REXML::ParseException) do
        REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY)
      end
+
+      assert_raise(REXML::ParseException) do
+        REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY)
+      end
+      REXML::Security.entity_expansion_limit = 100
+      assert_equal(100, REXML::Security.entity_expansion_limit)
+      assert_raise(REXML::ParseException) do
+        REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY)
+      end
    ensure
      REXML::Security.entity_expansion_limit = 10000
    end