vendor/rails/activesupport/lib/active_support/core_ext/rexml.rb

   1 # Fixes the rexml vulnerability disclosed at:
   2 # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
   3 # This fix is identical to rexml-expansion-fix version 1.0.1
   4 require 'rexml/rexml'
   5
   6 # Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
   7 unless (defined?(REXML::VERSION) ? REXML::VERSION : REXML::Version) > "3.1.7.2"
   8   require 'rexml/document'
   9
  10   # REXML in 1.8.7 has the patch but didn't update Version from 3.1.7.2.
  11   unless REXML::Document.respond_to?(:entity_expansion_limit=)
  12     require 'rexml/entity'
  13
  14     module REXML
  15       class Entity < Child
  16         undef_method :unnormalized
  17         def unnormalized
  18           document.record_entity_expansion! if document
  19           v = value()
  20           return nil if v.nil?
  21           @unnormalized = Text::unnormalize(v, parent)
  22           @unnormalized
  23         end
  24       end
  25       class Document < Element
  26         @@entity_expansion_limit = 10_000
  27         def self.entity_expansion_limit= val
  28           @@entity_expansion_limit = val
  29         end
  30
  31         def record_entity_expansion!
  32           @number_of_expansions ||= 0
  33           @number_of_expansions += 1
  34           if @number_of_expansions > @@entity_expansion_limit
  35             raise "Number of entity expansions exceeded, processing aborted."
  36           end
  37         end
  38       end
  39     end
  40   end
  41 end