rpms/rubygem-kramdown
7
0
Fork 0
Code Issues Pull Requests Releases Activity
024ac4fb1c
rubygem-kramdown/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch

68 lines
2.3 KiB
Diff
Raw Blame History

From 1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde Mon Sep 17 00:00:00 2001
From: Thomas Leitner <t_leitner@gmx.at>
Date: Sat, 27 Jun 2020 14:47:21 +0200
Subject: [PATCH 1/2] Add option forbidden_inline_options
It is sometimes necessary to restrict the options that can be set
inline, ie. using the {::options ...} extensions.
By default, the template option is now forbidden to avoid possible
security problems. This addresses CVE-2020-14001.
---
lib/kramdown/options.rb | 10 ++++++++++
lib/kramdown/parser/kramdown/extensions.rb | 6 ++++++
test/testcases/block/12_extension/options.text | 2 ++
3 files changed, 18 insertions(+)
diff --git a/lib/kramdown/options.rb b/lib/kramdown/options.rb
index ea67913..0214e28 100644
--- a/lib/kramdown/options.rb
+++ b/lib/kramdown/options.rb
@@ -589,6 +589,16 @@ module Kramdown
Used by: HTML converter
EOF
+ define(:forbidden_inline_options, Object, %w[template], <<~EOF) do |val|
+ Defines the options that may not be set using the {::options} extension
+
+ Default: template
+ Used by: HTML converter
+ EOF
+ val.map! {|item| item.kind_of?(String) ? str_to_sym(item) : item }
+ simple_array_validator(val, :forbidden_inline_options)
+ end
+
end
end
diff --git a/lib/kramdown/parser/kramdown/extensions.rb b/lib/kramdown/parser/kramdown/extensions.rb
index 493dcf7..637d0fa 100644
--- a/lib/kramdown/parser/kramdown/extensions.rb
+++ b/lib/kramdown/parser/kramdown/extensions.rb
@@ -110,6 +110,12 @@ module Kramdown
opts.select do |k, v|
k = k.to_sym
if Kramdown::Options.defined?(k)
+ if @options[:forbidden_inline_options].include?(k) ||
+ k == :forbidden_inline_options
+ warning("Option #{k} may not be set inline")
+ next false
+ end
+
begin
val = Kramdown::Options.parse(k, v)
@options[k] = val
diff --git a/test/testcases/block/12_extension/options.text b/test/testcases/block/12_extension/options.text
index 5991ab7..b63f34b 100644
--- a/test/testcases/block/12_extension/options.text
+++ b/test/testcases/block/12_extension/options.text
@@ -19,3 +19,5 @@ some <span>*para*</span>
Some text[^ab].
[^ab]: Some text.
+
+{::options template="/etc/passwd" /}
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink