fix: REXML contains a denial of service vulnerability #1 (#28)

danlishka · web-flow · commit ffd9eadc0f26 · 2024-07-09T18:45:22.000+02:00
* fix: REXML contains a denial of service vulnerability #1 Signed-off-by: Daniel Liszka <daniel@chainloop.dev>
diff --git a/tools/Gemfile b/tools/Gemfile
@@ -1,2 +1,2 @@
 source "https://rubygems.org"
-gem 'bashly', '~> 1.1', '>= 1.1.10'
+gem 'bashly', '~> 1.2'
diff --git a/tools/Gemfile.lock b/tools/Gemfile.lock
@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    bashly (1.1.10)
+    bashly (1.2.0)
       colsole (>= 0.8.1, < 2)
       completely (~> 0.6.1)
       filewatcher (~> 2.0)
@@ -11,7 +11,7 @@ GEM
       psych (>= 3.3.2, < 7)
       tty-markdown (~> 0.7)
     colsole (1.0.0)
-    completely (0.6.2)
+    completely (0.6.3)
       colsole (>= 0.8.1, < 2)
       mister_bin (~> 0.7)
     docopt_ng (0.7.1)
@@ -29,14 +29,16 @@ GEM
       tty-color (~> 0.5)
     psych (5.1.2)
       stringio
-    rexml (3.2.6)
-    rouge (4.2.0)
-    stringio (3.1.0)
+    rexml (3.3.1)
+      strscan
+    rouge (4.3.0)
+    stringio (3.1.1)
     strings (0.2.1)
       strings-ansi (~> 0.2)
       unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
+    strscan (3.1.0)
     tty-color (0.6.0)
     tty-markdown (0.7.2)
       kramdown (>= 1.16.2, < 3.0)
@@ -54,7 +56,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  bashly (~> 1.1, >= 1.1.10)
+  bashly (~> 1.2)
 
 BUNDLED WITH
    2.5.11
diff --git a/tools/c8l b/tools/c8l
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# This script was generated by bashly 1.1.10 (https://bashly.dannyb.co)
+# This script was generated by bashly 1.2.0 (https://bashly.dannyb.co)
 # Modifying it manually is not recommended
 
 if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then
@@ -12,15 +12,7 @@ version_command() {
 }
 
 c8l_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
-    echo
-
-  else
-    printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n"
-    echo
-
-  fi
+  printf "c8l - [EXPERIMENTAL] (c8l) Chainloop Labs CLI\n\n"
 
   printf "%s\n" "Usage:"
   printf "  c8l COMMAND\n"
@@ -50,16 +42,7 @@ c8l_usage() {
 }
 
 c8l_help_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l help - Show help about a command\n"
-    echo
-
-  else
-    printf "c8l help - Show help about a command\n"
-    echo
-
-  fi
-
+  printf "c8l help - Show help about a command\n\n"
   printf "Alias: h\n"
   echo
 
@@ -79,16 +62,7 @@ c8l_help_usage() {
 }
 
 c8l_inspect_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l inspect - [i] Inspect.\n"
-    echo
-
-  else
-    printf "c8l inspect - [i] Inspect.\n"
-    echo
-
-  fi
-
+  printf "c8l inspect - [i] Inspect.\n\n"
   printf "Alias: i\n"
   echo
 
@@ -108,15 +82,7 @@ c8l_inspect_usage() {
 }
 
 c8l_source_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l source - Show the content of c8l script ready for sourcing.\n"
-    echo
-
-  else
-    printf "c8l source - Show the content of c8l script ready for sourcing.\n"
-    echo
-
-  fi
+  printf "c8l source - Show the content of c8l script ready for sourcing.\n\n"
 
   printf "%s\n" "Usage:"
   printf "  c8l source\n"
@@ -134,16 +100,7 @@ c8l_source_usage() {
 }
 
 c8l_cmd_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cmd - Run a command in the c8l environment.\n"
-    echo
-
-  else
-    printf "c8l cmd - Run a command in the c8l environment.\n"
-    echo
-
-  fi
-
+  printf "c8l cmd - Run a command in the c8l environment.\n\n"
   printf "Alias: r\n"
   echo
 
@@ -169,16 +126,7 @@ c8l_cmd_usage() {
 }
 
 c8l_cli_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli - Chainloop CLI UX improved\n"
-    echo
-
-  else
-    printf "c8l cli - Chainloop CLI UX improved\n"
-    echo
-
-  fi
-
+  printf "c8l cli - Chainloop CLI UX improved\n\n"
   printf "Alias: c\n"
   echo
 
@@ -212,16 +160,7 @@ c8l_cli_usage() {
 }
 
 c8l_cli_install_tools_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
-    echo
-
-  else
-    printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n"
-    echo
-
-  fi
-
+  printf "c8l cli install-tools - [it] Install Chainloop CLI and all required tools\n\n"
   printf "Alias: it\n"
   echo
 
@@ -241,16 +180,7 @@ c8l_cli_install_tools_usage() {
 }
 
 c8l_cli_attestation_add_from_yaml_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
-    echo
-
-  else
-    printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n"
-    echo
-
-  fi
-
+  printf "c8l cli attestation-add-from-yaml - [aafy] Add to the current atestation based on the yaml file.\n\n"
   printf "Alias: aafy\n"
   echo
 
@@ -270,16 +200,7 @@ c8l_cli_attestation_add_from_yaml_usage() {
 }
 
 c8l_cli_attestation_status_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
-    echo
-
-  else
-    printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n"
-    echo
-
-  fi
-
+  printf "c8l cli attestation-status - [as] Get the status of the current attestation.\n\n"
   printf "Alias: as\n"
   echo
 
@@ -299,16 +220,7 @@ c8l_cli_attestation_status_usage() {
 }
 
 c8l_cli_attestation_push_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
-    echo
-
-  else
-    printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n"
-    echo
-
-  fi
-
+  printf "c8l cli attestation-push - [ap] Push the current attestation to the Chainloop server.\n\n"
   printf "Alias: ap\n"
   echo
 
@@ -328,16 +240,7 @@ c8l_cli_attestation_push_usage() {
 }
 
 c8l_cli_generate_github_summary_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
-    echo
-
-  else
-    printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n"
-    echo
-
-  fi
-
+  printf "c8l cli generate-github-summary - [ggs] Generate a summary of the attestation for GitHub Action.\n\n"
   printf "Alias: ggs\n"
   echo
 
@@ -357,16 +260,7 @@ c8l_cli_generate_github_summary_usage() {
 }
 
 c8l_cli_get_attestations_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
-    echo
-
-  else
-    printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n"
-    echo
-
-  fi
-
+  printf "c8l cli get-attestations - [ga] Get all attestations for artifact\n\n"
   printf "Alias: ga\n"
   echo
 
@@ -392,16 +286,7 @@ c8l_cli_get_attestations_usage() {
 }
 
 c8l_cli_get_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli get - [g] Get artifact from Chainloop\n"
-    echo
-
-  else
-    printf "c8l cli get - [g] Get artifact from Chainloop\n"
-    echo
-
-  fi
-
+  printf "c8l cli get - [g] Get artifact from Chainloop\n\n"
   printf "Alias: g\n"
   echo
 
@@ -431,16 +316,7 @@ c8l_cli_get_usage() {
 }
 
 c8l_cli_workflow_get_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
-    echo
-
-  else
-    printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n"
-    echo
-
-  fi
-
+  printf "c8l cli workflow-get - [wg] Get workflow from Chainloop.\n\n"
   printf "Alias: wg\n"
   echo
 
@@ -470,16 +346,7 @@ c8l_cli_workflow_get_usage() {
 }
 
 c8l_cli_workflow_list_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
-    echo
-
-  else
-    printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n"
-    echo
-
-  fi
-
+  printf "c8l cli workflow-list - [wl] List workflows from Chainloop.\n\n"
   printf "Alias: wl\n"
   echo
 
@@ -499,16 +366,7 @@ c8l_cli_workflow_list_usage() {
 }
 
 c8l_cli_workflow_run_get_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
-    echo
-
-  else
-    printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n"
-    echo
-
-  fi
-
+  printf "c8l cli workflow-run-get - [wrg] Get workflow run from Chainloop.\n\n"
   printf "Alias: wrg\n"
   echo
 
@@ -538,16 +396,7 @@ c8l_cli_workflow_run_get_usage() {
 }
 
 c8l_cli_workflow_run_list_usage() {
-  if [[ -n $long_usage ]]; then
-    printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
-    echo
-
-  else
-    printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n"
-    echo
-
-  fi
-
+  printf "c8l cli workflow-run-list - [wrl] List workflow runs from Chainloop.\n\n"
   printf "Alias: wrl\n"
   echo
 
@@ -1538,6 +1387,7 @@ c8l_cmd_parse_requirements() {
 
   if [[ -z ${args['command']+x} ]]; then
     printf "missing required argument: COMMAND\nusage: c8l cmd COMMAND\n" >&2
+
     exit 1
   fi
 

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`source "https://rubygems.org"`
`2`		`-gem 'bashly', '~> 1.1', '>= 1.1.10'`
	`2`	`+gem 'bashly', '~> 1.2'`