Merge pull request #2017 from Skarlso/eliminated_eval_from_jsonpath

Update JsonPath to latest version.
This commit is contained in:
Dominik Sander 2017-06-06 19:21:07 +02:00 committed by GitHub
commit 154c058729
5 changed files with 5 additions and 14 deletions

View file

@ -195,10 +195,6 @@ FARADAY_HTTP_BACKEND=typhoeus
# by Agents that allow overriding the User-Agent header value.
DEFAULT_HTTP_USER_AGENT="Huginn - https://github.com/cantino/huginn"
# Allow JSONPath eval expresions. i.e., $..price[?(@ < 20)]
# You should not allow this on a shared Huginn box because it is not secure.
ALLOW_JSONPATH_EVAL=false
# Enable this setting to allow insecure Agents like the ShellCommandAgent. Only do this
# when you trust everyone using your Huginn installation.
ENABLE_INSECURE_AGENTS=false

View file

@ -108,7 +108,7 @@ gem 'httmultiparty', '~> 0.3.16'
gem 'jquery-rails', '~> 4.2.1'
gem 'huginn_agent', '~> 0.4.0'
gem 'json', '~> 1.8.1'
gem 'jsonpath', '~> 0.7.2'
gem 'jsonpath', '~> 0.8.3'
gem 'kaminari', github: "amatsuda/kaminari", branch: '0-17-stable', ref: 'abbf93d557208ee1d0b612c612cd079f86ed54f4'
gem 'kramdown', '~> 1.3.3'
gem 'liquid', '~> 4.0'

View file

@ -324,7 +324,7 @@ GEM
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (1.8.6)
jsonpath (0.7.2)
jsonpath (0.8.3)
multi_json
jwt (1.4.1)
kgio (2.10.0)
@ -659,7 +659,7 @@ DEPENDENCIES
hypdf (~> 1.0.10)
jquery-rails (~> 4.2.1)
json (~> 1.8.1)
jsonpath (~> 0.7.2)
jsonpath (~> 0.8.3)
kaminari!
kramdown (~> 1.3.3)
letter_opener_web (~> 1.3.1)

View file

@ -87,7 +87,7 @@ module Utils
escape = false
end
result = JsonPath.new(path, :allow_eval => ENV['ALLOW_JSONPATH_EVAL'] == "true").on(data.is_a?(String) ? data : data.to_json)
result = JsonPath.new(path).on(data.is_a?(String) ? data : data.to_json)
if escape
result.map {|r| CGI::escape r }
else

View file

@ -68,17 +68,12 @@ describe Utils do
it "returns the value at a JSON path" do
expect(Utils.value_at({ :foo => { :bar => :baz }}.to_json, "foo.bar")).to eq("baz")
expect(Utils.value_at({ :foo => { :bar => { :bing => 2 } }}, "foo.bar.bing")).to eq(2)
expect(Utils.value_at({ :foo => { :bar => { :bing => 2 } }}, "foo.bar[?(@.bing == 2)].bing")).to eq(2)
end
it "returns nil when the path cannot be followed" do
expect(Utils.value_at({ :foo => { :bar => :baz }}, "foo.bing")).to be_nil
end
it "does not eval" do
expect {
Utils.value_at({ :foo => 2 }, "foo[?(@ > 1)]")
}.to raise_error(RuntimeError, /Cannot use .*? eval/)
end
end
describe "#values_at" do