Skip to content

Commit

Permalink
fix: REXML contains a denial of service vulnerability #1 (#28)
Browse files Browse the repository at this point in the history 
* fix: REXML contains a denial of service vulnerability #1

Signed-off-by: Daniel Liszka <[email protected]>
  • Loading branch information
@danlishka
danlishka authored Jul 9, 2024
1 parent afb272b commit ffd9ead
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 176 deletions.
2 changes: 1 addition & 1 deletion tools/Gemfile
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
source "https://rubygems.org"
gem 'bashly', '~> 1.1', '>= 1.1.10'
gem 'bashly', '~> 1.2'
14 changes: 8 additions & 6 deletions tools/Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
GEM
remote: https://rubygems.org/
specs:
bashly (1.1.10)
bashly (1.2.0)
colsole (>= 0.8.1, < 2)
completely (~> 0.6.1)
filewatcher (~> 2.0)
Expand All @@ -11,7 +11,7 @@ GEM
psych (>= 3.3.2, < 7)
tty-markdown (~> 0.7)
colsole (1.0.0)
completely (0.6.2)
completely (0.6.3)
colsole (>= 0.8.1, < 2)
mister_bin (~> 0.7)
docopt_ng (0.7.1)
Expand All @@ -29,14 +29,16 @@ GEM
tty-color (~> 0.5)
psych (5.1.2)
stringio
rexml (3.2.6)
rouge (4.2.0)
stringio (3.1.0)
rexml (3.3.1)
strscan
rouge (4.3.0)
stringio (3.1.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
strscan (3.1.0)
tty-color (0.6.0)
tty-markdown (0.7.2)
kramdown (>= 1.16.2, < 3.0)
Expand All @@ -54,7 +56,7 @@ PLATFORMS
ruby

DEPENDENCIES
bashly (~> 1.1, >= 1.1.10)
bashly (~> 1.2)

BUNDLED WITH
2.5.11
188 changes: 19 additions & 169 deletions tools/c8l
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
# This script was generated by bashly 1.1.10 (https://bashly.dannyb.co)
# This script was generated by bashly 1.2.0 (https://bashly.dannyb.co)
# Modifying it manually is not recommended

if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then
Expand All @@ -12,15 +12,7 @@ version_command() {
}

c8l_usage() {
if [[ -n $long_usage ]]; then
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
echo

else
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
echo

fi
printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n\n"

printf "%s\n" "Usage:"
printf " c8l COMMAND\n"
Expand Down Expand Up @@ -50,16 +42,7 @@ c8l_usage() {
}

c8l_help_usage() {
if [[ -n $long_usage ]]; then
printf "c8l help - Show help about a command\n"
echo

else
printf "c8l help - Show help about a command\n"
echo

fi

printf "c8l help - Show help about a command\n\n"
printf "Alias: h\n"
echo

Expand All @@ -79,16 +62,7 @@ c8l_help_usage() {
}

c8l_inspect_usage() {
if [[ -n $long_usage ]]; then
printf "c8l inspect - [i] Inspect.\n"
echo

else
printf "c8l inspect - [i] Inspect.\n"
echo

fi

printf "c8l inspect - [i] Inspect.\n\n"
printf "Alias: i\n"
echo

Expand All @@ -108,15 +82,7 @@ c8l_inspect_usage() {
}

c8l_source_usage() {
if [[ -n $long_usage ]]; then
printf "c8l source - Show the content of c8l script ready for sourcing.\n"
echo

else
printf "c8l source - Show the content of c8l script ready for sourcing.\n"
echo

fi
printf "c8l source - Show the content of c8l script ready for sourcing.\n\n"

printf "%s\n" "Usage:"
printf " c8l source\n"
Expand All @@ -134,16 +100,7 @@ c8l_source_usage() {
}

c8l_cmd_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cmd - Run a command in the c8l environment.\n"
echo

else
printf "c8l cmd - Run a command in the c8l environment.\n"
echo

fi

printf "c8l cmd - Run a command in the c8l environment.\n\n"
printf "Alias: r\n"
echo

Expand All @@ -169,16 +126,7 @@ c8l_cmd_usage() {
}

c8l_cli_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli - Chainloop CLI UX improved\n"
echo

else
printf "c8l cli - Chainloop CLI UX improved\n"
echo

fi

printf "c8l cli - Chainloop CLI UX improved\n\n"
printf "Alias: c\n"
echo

Expand Down Expand Up @@ -212,16 +160,7 @@ c8l_cli_usage() {
}

c8l_cli_install_tools_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
echo

else
printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
echo

fi

printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n\n"
printf "Alias: it\n"
echo

Expand All @@ -241,16 +180,7 @@ c8l_cli_install_tools_usage() {
}

c8l_cli_attestation_add_from_yaml_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
echo

else
printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
echo

fi

printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n\n"
printf "Alias: aafy\n"
echo

Expand All @@ -270,16 +200,7 @@ c8l_cli_attestation_add_from_yaml_usage() {
}

c8l_cli_attestation_status_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
echo

else
printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
echo

fi

printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n\n"
printf "Alias: as\n"
echo

Expand All @@ -299,16 +220,7 @@ c8l_cli_attestation_status_usage() {
}

c8l_cli_attestation_push_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
echo

else
printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
echo

fi

printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n\n"
printf "Alias: ap\n"
echo

Expand All @@ -328,16 +240,7 @@ c8l_cli_attestation_push_usage() {
}

c8l_cli_generate_github_summary_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
echo

else
printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
echo

fi

printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n\n"
printf "Alias: ggs\n"
echo

Expand All @@ -357,16 +260,7 @@ c8l_cli_generate_github_summary_usage() {
}

c8l_cli_get_attestations_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
echo

else
printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
echo

fi

printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n\n"
printf "Alias: ga\n"
echo

Expand All @@ -392,16 +286,7 @@ c8l_cli_get_attestations_usage() {
}

c8l_cli_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli get - [g] Get artifact from Chainloop\n"
echo

else
printf "c8l cli get - [g] Get artifact from Chainloop\n"
echo

fi

printf "c8l cli get - [g] Get artifact from Chainloop\n\n"
printf "Alias: g\n"
echo

Expand Down Expand Up @@ -431,16 +316,7 @@ c8l_cli_get_usage() {
}

c8l_cli_workflow_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
echo

else
printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
echo

fi

printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n\n"
printf "Alias: wg\n"
echo

Expand Down Expand Up @@ -470,16 +346,7 @@ c8l_cli_workflow_get_usage() {
}

c8l_cli_workflow_list_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
echo

else
printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
echo

fi

printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n\n"
printf "Alias: wl\n"
echo

Expand All @@ -499,16 +366,7 @@ c8l_cli_workflow_list_usage() {
}

c8l_cli_workflow_run_get_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
echo

else
printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
echo

fi

printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n\n"
printf "Alias: wrg\n"
echo

Expand Down Expand Up @@ -538,16 +396,7 @@ c8l_cli_workflow_run_get_usage() {
}

c8l_cli_workflow_run_list_usage() {
if [[ -n $long_usage ]]; then
printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
echo

else
printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
echo

fi

printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n\n"
printf "Alias: wrl\n"
echo

Expand Down Expand Up @@ -1538,6 +1387,7 @@ c8l_cmd_parse_requirements() {

if [[ -z ${args['command']+x} ]]; then
printf "missing required argument: COMMAND\nusage: c8l cmd COMMAND\n" >&2

exit 1
fi

Expand Down

0 comments on commit ffd9ead

Please sign in to comment.