Class: REXML::Entity

Inherits:
Child
  • Object
show all
Defined in:
lib/rails-security-backports/ruby-cve-backports/cve-2008-3790.rb,
lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb

Instance Method Summary collapse

Instance Method Details

#unnormalizedObject 



21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/rails-security-backports/ruby-cve-backports/cve-2008-3790.rb', line 21

def unnormalized
  # Due to an optimisation in REXML, the default entities aren't
  # associated with a document.  As these enties are defined and
  # not recursive, we know that expanding them won't cause any
  # issues.  Other entities in the document will still have
  # the association to the document preventing this from opening
  # a new attack vector.
  document.record_entity_expansion! if document
  v = value()
  return nil if v.nil?
  @unnormalized = Text::unnormalize(v, parent)
  @unnormalized
end

#valueObject 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb', line 9

def value
  if @value
    matches = @value.scan(PEREFERENCE_RE)
    rv = @value.clone
    if @parent
      sum = 0
      matches.each do |entity_reference|
        entity_value = @parent.entity( entity_reference[0] )
        if sum + entity_value.size > Security.entity_expansion_text_limit
          raise "Processing aborted: entity expansion (#{sum + entity_value.size}) exceeded our limit (#{Security.entity_expansion_text_limit})."
        else
          sum += entity_value.size
        end
        rv.gsub!( /%#{entity_reference};/um, entity_value )
      end
    end
    return rv
  end
  nil
end