24 April 2014

The Ruby Reflector

Topic

REXML

  Source Favicon
On Ruby News 1 year ago.
Email

This release includes security fixes about bundled JSON and REXML.

Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269)

Entity expansion DoS vulnerability in REXML ( XML bomb)

And some small bugfixes are also included.

See tickets and ChangeLog for details.

Download

You can download this release from:

<URL:ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p392.tar.bz2> SIZE: 10024221 …

ruby-lang.org Read
  Source Favicon
On Ruby News 1 year ago.
Email

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. (The CVE identifier will be assigned later.) We strongly recommend to upgrade ruby.

Details

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.

Impacted code will look something like this: document = REXML::Document.new some_xml_doc document.root.text

When …

ruby-lang.org Read
  Source Favicon
By Mike Perham of over 3 years ago.
Email

…it better than me. Some other dude agreed , REXML in this case should be unbundled.

I was proposing unbundling DRb and Tk not because their codebase sucks but simply because they aren't used by the vast majority of the Ruby community. treetop and shoes are very useful libraries also but they don't belong in stdlib either.

I'm not proposing we do this in the next 1.9.2 patch, but for 2.0, sure. Now that rubygems is in core (thanks Eric!), I think we should …

mikeperham.com Read
  Source Favicon
By Eric Hodel of Segment7 over 3 years ago.
Email

REXML

We all know that REXML is not the best and Nokogiri is the best XML library in ruby, but replacing it has many issues to resolve .

DRb and Rinda

These two libraries are beautifully simple and provide an excellent example of the power of ruby. There's a terrific amount of fun you can have with these two libraries.

Net:: FTP, Net::POP, Net:: Telnet, RSS

I've never used any of these libraries and can't say anything good or bad about …

blog.segment7.net Read
  Source Favicon
By Peter Cooper of Ruby Inside over 3 years ago.
Email

…substantial libraries, like Net::* (including the popular Net:: HTTP), DRb, REXML, RSS, and even WEBrick, and to have them as separate, RubyGems-installable libraries.

I agree. Even forgetting the technical aspects, freeing these libraries from the clutches of the standard library and having defined maintainers (on, say, GitHub) could encourage more developers to engage with them, fork them, provide patches, and so forth, as we see with other popular Ruby libraries.

The sticking …

rubyinside.com Read
  Source Favicon
By Mike Perham of over 3 years ago.
Email

…as the base for higher-level API abstractions (e.g. httparty, rest-client).

So looking at Ruby's core RDoc , my suggested list for removal (where removal means move to a rubygem):

Net::*

DRb

REXML

RSS

Rinda

WEBrick

XML

Any others I missed? Will Ruby 1.9.3 or 2.0 get a good spring cleaning or will we have to live with these classes forever?

mikeperham.com Read
  Source Favicon
By Loren Segal of gnuu.org over 3 years ago.
Email

Ruby comes packaged with ( RubyGems, RDoc, JSON, REXML, etc.). To do this, we just need to re-run YARD in our same Ruby source tree, but on the lib and ext directories instead. Fortunately, YARD already knows to look for lib and ext, so we don't actually need to pass any parameters, but let's pass a few so that we don't clobber our existing .yardoc and doc folders that we just created for the core docs. To specify a new .yardoc dir and HTML output folder, respectively, …

gnuu.org Read
  Source Favicon
By Satish Talim of RubyLearning Blog over 3 years ago.
Email

You can use any XML library. I used REXML as it's already there if you have Ruby installed; so don't need to worry about any gem installs. You may also want to look at how REXML uses XPath.

Submit your solution of your code, which includes a test file that answers the three questions.

How to Enter the Challenge

Read the Challenge Rules . By participating in this challenge, you agree to be bound by these Challenge Rules. It's free and registration …

rubylearning.com Read
  Source Favicon
By Brian Ford of Engine Yard Developer Blog over 3 years ago.
Email

…until you try to run REXML in the Ruby Standard Library. REXML has an Attributes class that inherits from Hash. The Attributes class then implements an each_attribute method. For good measure, it overrides each to use each_attribute . And each_attribute calls each_value . Waiter, I believe there's a StackError in my Attributes . The moral of the story: the two edges on this wonderful Ruby sword are sharp. It does take extra work to consider how methods on a particular class …

engineyard.com Read
  Source Favicon
On AkitaOnRails.com - English almost 4 years ago.
Email

…nowadays, chances are that you're using Nokogiri underneath. Before that we only had REXML and Hpricot, but Nokogiri delivered on performance. Another project was Mechanize. Because of that we now have great parsers for the main internet formats, specially if you consider that in Rails the JSON parser is actually the YAML parser.

Direct video link

Gregory Brown

Also known as @ seacreature and also known for Ruby Mendicant. I was used to use his Ruport

akitaonrails.com Read