Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: REXML contains a denial of service vulnerability #1 #28

Merged
merged 2 commits into from
Jul 9, 2024
Merged

fix: REXML contains a denial of service vulnerability #1 #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
978bffd
fix: REXML contains a denial of service vulnerability #1
danlishka Jul 9, 2024
762d6aa
fix: REXML contains a denial of service vulnerability #1
danlishka Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion tools/Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
source "https://rubygems.org"
gem 'bashly', '~> 1.1', '>= 1.1.10'
gem 'bashly', '~> 1.2'
14 changes: 8 additions & 6 deletions tools/Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
GEM
remote: https://rubygems.org/
specs:
bashly (1.1.10)
bashly (1.2.0)
colsole (>= 0.8.1, < 2)
completely (~> 0.6.1)
filewatcher (~> 2.0)
Expand All @@ -11,7 +11,7 @@ GEM
psych (>= 3.3.2, < 7)
tty-markdown (~> 0.7)
colsole (1.0.0)
completely (0.6.2)
completely (0.6.3)
colsole (>= 0.8.1, < 2)
mister_bin (~> 0.7)
docopt_ng (0.7.1)
Expand All @@ -29,14 +29,16 @@ GEM
tty-color (~> 0.5)
psych (5.1.2)
stringio
rexml (3.2.6)
rouge (4.2.0)
stringio (3.1.0)
rexml (3.3.1)
strscan
rouge (4.3.0)
stringio (3.1.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
strscan (3.1.0)
tty-color (0.6.0)
tty-markdown (0.7.2)
kramdown (>= 1.16.2, < 3.0)
Expand All @@ -54,7 +56,7 @@ PLATFORMS
ruby

DEPENDENCIES
bashly (~> 1.1, >= 1.1.10)
bashly (~> 1.2)

BUNDLED WITH
2.5.11
188 changes: 19 additions & 169 deletions tools/c8l
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
# This script was generated by bashly 1.1.10 (https://bashly.dannyb.co)
# This script was generated by bashly 1.2.0 (https://bashly.dannyb.co)
# Modifying it manually is not recommended

if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then
Expand All @@ -12,15 +12,7 @@ version_command() {
}

c8l_usage() {
if [[ -n $long_usage ]]; then
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
echo

else
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
echo

fi
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n\n"

printf "%s\n" "Usage:"
printf " c8l COMMAND\n"
Expand Down Expand Up @@ -50,16 +42,7 @@ c8l_usage() {
}

c8l_help_usage() {
if [[ -n $long_usage ]]; then
printf "c8l help - Show help about a command\n"
echo

else
printf "c8l help - Show help about a command\n"
echo

fi

printf "c8l help - Show help about a command\n\n"
printf "Alias: h\n"
echo

Expand All @@ -79,16 +62,7 @@ c8l_help_usage() {
}

c8l_inspect_usage() {
if [[ -n $long_usage ]]; then
printf "c8l inspect - [i] Inspect.\n"
echo

else
printf "c8l inspect - [i] Inspect.\n"
echo

fi

printf "c8l inspect - [i] Inspect.\n\n"
printf "Alias: i\n"
echo

Expand All @@ -108,15 +82,7 @@ c8l_inspect_usage() {
}

c8l_source_usage() {
if [[ -n $long_usage ]]; then
printf "c8l source - Show the content of c8l script ready for sourcing.\n"
echo

else
printf "c8l source - Show the content of c8l script ready for sourcing.\n"
echo

fi
printf "c8l source - Show the content of c8l script ready for sourcing.\n\n"

printf "%s\n" "Usage:"
printf " c8l source\n"
Expand All @@ -134,16 +100,7 @@ c8l_source_usage() {
}

c8l_cmd_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cmd - Run a command in the c8l environment.\n"
echo

else
printf "c8l cmd - Run a command in the c8l environment.\n"
echo

fi

printf "c8l cmd - Run a command in the c8l environment.\n\n"
printf "Alias: r\n"
echo

Expand All @@ -169,16 +126,7 @@ c8l_cmd_usage() {
}

c8l_cli_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli - Chainloop CLI UX improved\n"
echo

else
printf "c8l cli - Chainloop CLI UX improved\n"
echo

fi

printf "c8l cli - Chainloop CLI UX improved\n\n"
printf "Alias: c\n"
echo

Expand Down Expand Up @@ -212,16 +160,7 @@ c8l_cli_usage() {
}

c8l_cli_install_tools_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
echo

else
printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
echo

fi

printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n\n"
printf "Alias: it\n"
echo

Expand All @@ -241,16 +180,7 @@ c8l_cli_install_tools_usage() {
}

c8l_cli_attestation_add_from_yaml_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
echo

else
printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
echo

fi

printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n\n"
printf "Alias: aafy\n"
echo

Expand All @@ -270,16 +200,7 @@ c8l_cli_attestation_add_from_yaml_usage() {
}

c8l_cli_attestation_status_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
echo

else
printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
echo

fi

printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n\n"
printf "Alias: as\n"
echo

Expand All @@ -299,16 +220,7 @@ c8l_cli_attestation_status_usage() {
}

c8l_cli_attestation_push_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
echo

else
printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
echo

fi

printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n\n"
printf "Alias: ap\n"
echo

Expand All @@ -328,16 +240,7 @@ c8l_cli_attestation_push_usage() {
}

c8l_cli_generate_github_summary_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
echo

else
printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
echo

fi

printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n\n"
printf "Alias: ggs\n"
echo

Expand All @@ -357,16 +260,7 @@ c8l_cli_generate_github_summary_usage() {
}

c8l_cli_get_attestations_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
echo

else
printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
echo

fi

printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n\n"
printf "Alias: ga\n"
echo

Expand All @@ -392,16 +286,7 @@ c8l_cli_get_attestations_usage() {
}

c8l_cli_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli get - [g] Get artifact from Chainloop\n"
echo

else
printf "c8l cli get - [g] Get artifact from Chainloop\n"
echo

fi

printf "c8l cli get - [g] Get artifact from Chainloop\n\n"
printf "Alias: g\n"
echo

Expand Down Expand Up @@ -431,16 +316,7 @@ c8l_cli_get_usage() {
}

c8l_cli_workflow_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
echo

else
printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
echo

fi

printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n\n"
printf "Alias: wg\n"
echo

Expand Down Expand Up @@ -470,16 +346,7 @@ c8l_cli_workflow_get_usage() {
}

c8l_cli_workflow_list_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
echo

else
printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
echo

fi

printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n\n"
printf "Alias: wl\n"
echo

Expand All @@ -499,16 +366,7 @@ c8l_cli_workflow_list_usage() {
}

c8l_cli_workflow_run_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
echo

else
printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
echo

fi

printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n\n"
printf "Alias: wrg\n"
echo

Expand Down Expand Up @@ -538,16 +396,7 @@ c8l_cli_workflow_run_get_usage() {
}

c8l_cli_workflow_run_list_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
echo

else
printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
echo

fi

printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n\n"
printf "Alias: wrl\n"
echo

Expand Down Expand Up @@ -1538,6 +1387,7 @@ c8l_cmd_parse_requirements() {

if [[ -z ${args['command']+x} ]]; then
printf "missing required argument: COMMAND\nusage: c8l cmd COMMAND\n" >&2

exit 1
fi

Expand Down