resolves asciidoctor#4357 change internal uriish? to only detect a UR…

…I pattern at start of string (GHSL-2022-084)
mojavelinux · Sep 23, 2022 · 93522cc · 93522cc
1 parent 542f12d
commit 93522cc
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -60,6 +60,7 @@ Improvements::
 
 Bug Fixes::
 
+  * Change internal `uriish?` helper to only detect a URI pattern at start of a string; avoids misleading messages (#4357)
   * Prevent highlight.js warning when no language is set on source block; don't call `highlightBlock` if `data-lang` attribute is absent
   * Don't raise error if `Asciidoctor::Extensions.unregister` is called before groups are initialized (#4270)
   * If path is included both partially and fully, store it with true value (included fully) in includes table of document catalog

diff --git a/lib/asciidoctor/rx.rb b/lib/asciidoctor/rx.rb
@@ -717,7 +717,7 @@ module Rx; end
   #
   #   not c:/sample.adoc or c:\sample.adoc
   #
-  UriSniffRx = %r(^#{CG_ALPHA}[#{CC_ALNUM}.+-]+:/{0,2})
+  UriSniffRx = %r(\A#{CG_ALPHA}[#{CC_ALNUM}.+-]+:/{0,2})
 
   # Detects XML tags
   XmlSanitizeRx = /<[^>]+>/

diff --git a/test/helpers_test.rb b/test/helpers_test.rb
@@ -51,6 +51,10 @@
       assert Asciidoctor::UriSniffRx !~ 'c:/sample.adoc'
       assert Asciidoctor::UriSniffRx !~ 'c:\\sample.adoc'
     end
+
+    test 'UriSniffRx should not detect URI that does not start on first line' do
+      assert Asciidoctor::UriSniffRx !~ %(text\nhttps://example.org)
+    end
   end
 
   context 'Type Resolution' do

diff --git a/test/reader_test.rb b/test/reader_test.rb
@@ -748,6 +748,21 @@ class ReaderTest < Minitest::Test
         end
       end
 
+      test 'include directive should not attempt to resolve target as remote if allow-uri-read is set and URL is not on first line' do
+        using_memory_logger do |logger|
+          input = <<~'EOS'
+          :target: not-a-file.adoc + \
+          http://example.org/team.adoc
+
+          include::{target}[]
+          EOS
+          doc = Asciidoctor.load input, safe: :safe, base_dir: fixturedir
+          lines = doc.blocks[0].lines
+          assert_equal [%(Unresolved directive in <stdin> - include::not-a-file.adoc +\nhttp://example.org/team.adoc[])], lines
+          assert_message logger, :ERROR, %(<stdin>: line 4: include file not found: #{fixture_path 'not-a-file.adoc'} +\nhttp://example.org/team.adoc), Hash
+        end
+      end
+
       test 'include directive should resolve file relative to current include' do
         input = 'include::fixtures/parent-include.adoc[]'
         pseudo_docfile = File.join DIRNAME, 'main.adoc'