diff options
| author | Kornelius Kalnbach <murphy@rubychan.de> | 2013-07-21 18:28:54 +0200 |
|---|---|---|
| committer | Kornelius Kalnbach <murphy@rubychan.de> | 2013-07-21 18:28:54 +0200 |
| commit | e2546068d0f16fcba15268e740bbb6d9f4f223e9 (patch) | |
| tree | 00afc50d3f71558a77b2b9a0348206e4add615f5 | |
| parent | ee30738b0b0615715321aa4f1ed8c7e4025cb411 (diff) | |
| download | coderay-e2546068d0f16fcba15268e740bbb6d9f4f223e9.tar.gz | |
prevent Symbol attack in Raydebug scanner
| -rw-r--r-- | lib/coderay/scanners/raydebug.rb | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/coderay/scanners/raydebug.rb b/lib/coderay/scanners/raydebug.rb index ca35de0..6c1c10f 100644 --- a/lib/coderay/scanners/raydebug.rb +++ b/lib/coderay/scanners/raydebug.rb @@ -1,3 +1,5 @@ +require 'set' + module CodeRay module Scanners @@ -12,6 +14,11 @@ module Scanners protected + def setup + super + @known_token_kinds = TokenKinds.keys.map(&:to_s).to_set + end + def scan_tokens encoder, options opened_tokens = [] @@ -26,8 +33,13 @@ module Scanners encoder.text_token kind, :class encoder.text_token '(', :operator match = self[2] - # FIXME: cache attack - encoder.text_token match, kind.to_sym unless match.empty? + unless match.empty? + if @known_token_kinds.include? kind + encoder.text_token match, kind.to_sym + else + encoder.text_token match, :plain + end + end encoder.text_token match, :operator if match = scan(/\)/) elsif match = scan(/ (\w+) ([<\[]) /x) |