Skip to content

Commit

Permalink
Improve #unnormalize and fix sum calculation
Browse files Browse the repository at this point in the history
* Improve `#unnormalize` by only iterating over unique matches
* Fix bug where `sum` for `#unnormalize` is calculated multiple times over causing a runtime error "entity expansion has grown too large"
* Adjust tests to the reflect the changes to the `entity_expansion_count`

See ruby#193
  • Loading branch information
vikiv480 committed Aug 7, 2024
1 parent e3f747f commit 4fd8b6b
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 17 deletions.
2 changes: 1 addition & 1 deletion lib/rexml/parsers/baseparser.rb
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ def unnormalize( string, entities=nil, filter=nil )
matches.collect!{|x|x[0]}.compact!
if matches.size > 0
sum = 0
matches.each do |entity_reference|
matches.uniq.each do |entity_reference|
unless filter and filter.include?(entity_reference)
entity_value = entity( entity_reference, entities )
if entity_value
Expand Down
17 changes: 8 additions & 9 deletions test/test_pullparser.rb
Original file line number Diff line number Diff line change
Expand Up @@ -204,21 +204,20 @@ def test_empty_value
</member>
XML

REXML::Security.entity_expansion_limit = 5
parser = REXML::Parsers::PullParser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
while parser.has_next?
parser.pull
end
while parser.has_next?
parser.pull
end

REXML::Security.entity_expansion_limit = 100
REXML::Security.entity_expansion_limit = 4
parser = REXML::Parsers::PullParser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
while parser.has_next?
parser.pull
end
end
assert_equal(101, parser.entity_expansion_count)
assert_equal(5, parser.entity_expansion_count)
end

def test_with_default_entity
Expand All @@ -235,15 +234,15 @@ def test_with_default_entity
</member>
XML

REXML::Security.entity_expansion_limit = 4
REXML::Security.entity_expansion_limit = 3
parser = REXML::Parsers::PullParser.new(source)
while parser.has_next?
parser.pull
end

REXML::Security.entity_expansion_limit = 3
REXML::Security.entity_expansion_limit = 2
parser = REXML::Parsers::PullParser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
assert_raise(RuntimeError) do
while parser.has_next?
parser.pull
end
Expand Down
13 changes: 6 additions & 7 deletions test/test_sax.rb
Original file line number Diff line number Diff line change
Expand Up @@ -145,17 +145,16 @@ def test_empty_value
</member>
XML

REXML::Security.entity_expansion_limit = 5
sax = REXML::Parsers::SAX2Parser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
sax.parse
end
sax.parse

REXML::Security.entity_expansion_limit = 100
REXML::Security.entity_expansion_limit = 4
sax = REXML::Parsers::SAX2Parser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
sax.parse
end
assert_equal(101, sax.entity_expansion_count)
assert_equal(5, sax.entity_expansion_count)
end

def test_with_default_entity
Expand All @@ -172,11 +171,11 @@ def test_with_default_entity
</member>
XML

REXML::Security.entity_expansion_limit = 4
REXML::Security.entity_expansion_limit = 3
sax = REXML::Parsers::SAX2Parser.new(source)
sax.parse

REXML::Security.entity_expansion_limit = 3
REXML::Security.entity_expansion_limit = 2
sax = REXML::Parsers::SAX2Parser.new(source)
assert_raise(RuntimeError.new("number of entity expansions exceeded, processing aborted.")) do
sax.parse
Expand Down

0 comments on commit 4fd8b6b

Please sign in to comment.