security updates

lib/metanorma/standoc/base.rb

@@ -47,15 +47,15 @@ def document1(node)
 
       def insert_xml_cr(doc)
         doc.gsub(%r{(</(clause|table|figure|p|bibitem|ul|ol|dl|dt|dd|li|example|
-                       sourcecode|formula|quote|references|annex|appendix|title|
-                       name|note|thead|tbody|tfoot|th|td|form|requirement|
-                       recommendation|permission|imagemap|svgmap|preferred|
-                       admitted|related|deprecates|letter-symbol|domain|
-                       graphical-symbol|expression|abbreviation-type|subject|
-                       pronunciation|grammar|term|terms|termnote|termexample|
-                       termsource|origin|termref|modification)>)}x, "\\1\n")
+            sourcecode|formula|quote|references|annex|appendix|title|name|note|
+            thead|tbody|tfoot|th|td|form|requirement|recommendation|permission|
+            imagemap|svgmap|preferred|admitted|related|domain|deprecates|
+            letter-symbol|graphical-symbol|expression|subject|abbreviation-type|
+            pronunciation|grammar|term|terms|termnote|termexample|termsource|
+            origin|termref|modification)>)}x, "\\1\n")
           .gsub(%r{(<(title|name))}, "\n\\1")
-          .gsub(%r{(<sourcecode[^>]*>)\s+(<name[^>]*>[^<]+</name>)\s+}, "\\1\\2")
+          .gsub(%r{(<sourcecode[^<>]*>)\s+(<name[^<>]*>[^<]+</name>)\s+},
+                "\\1\\2")
       end
 
       def version

lib/metanorma/standoc/cleanup_inline.rb

@@ -99,7 +99,7 @@ def related_cleanup(xmldoc)
       def key_extract_locality(elem)
         elem["key"].include?(",") or return
         elem.add_child("<locality>#{elem['key'].sub(/^[^,]+,/, '')}</locality>")
-        elem["key"] = elem["key"].sub(/,.*$/, "")
+        elem["key"] = elem["key"].sub(/(^[^,]+),.*$/, "\\1")
       end
 
       def concept_termbase_cleanup(elem)

lib/metanorma/standoc/cleanup_text.rb

@@ -2,8 +2,8 @@ module Metanorma
   module Standoc
     module Cleanup
       def textcleanup(result)
-        text = result.flatten.map { |l| l.sub(/\s*\Z/, "") } * "\n"
-        text = text.gsub(/\s+<fn /, "<fn ")
+        text = result.flatten.map { |l| l.sub(/(?<!\s)\s*\Z/, "") } * "\n"
+        text = text.gsub(/(?<!\s)\s+<fn /, "<fn ")
         %w(passthrough passthrough-inline).each do |v|
           text.gsub!(%r{<#{v}\s+formats="metanorma">([^<]*)
                     </#{v}>}mx) { @c.decode($1) }

lib/metanorma/standoc/datamodel/plantuml_renderer.rb

@@ -15,7 +15,7 @@ def initialize(yml, plantuml_path)
       end
 
       def join_as_plantuml(*ary)
-        ary.compact.join("\n").sub(/\s+\Z/, "")
+        ary.compact.join("\n").sub(/(?<!\s)\s+\Z/, "")
       end
 
       def render

lib/metanorma/standoc/localbib.rb

@@ -23,7 +23,7 @@ def read_files(node)
 
       def init_file_bibdb_config(defn, key)
         /=/.match?(defn) or defn = "file=#{defn}"
-        values = defn.split(",").map { |item| item.split /\s*=\s*/ }.to_h
+        values = defn.split(",").map { |item| item.split /(?<!\s)\s*=\s*/ }.to_h
         values["key"] = key
         values["format"] ||= "bibtex" # all we currently suppoort
         values

lib/metanorma/standoc/macros.rb

@@ -22,7 +22,7 @@ class PseudocodeBlockMacro < Asciidoctor::Extensions::BlockProcessor
       on_context :example, :sourcecode
 
       def init_indent(line)
-        /^(?<prefix>[ \t]*)(?<suffix>.*)$/ =~ line
+        /^(?<prefix>[ \t]*)(?![ \t])(?<suffix>.*)$/ =~ line
         prefix = prefix.gsub("\t", "\u00a0\u00a0\u00a0\u00a0")
           .tr(" ", "\u00a0")
         prefix + suffix

lib/metanorma/standoc/macros_plantuml.rb

@@ -71,7 +71,7 @@ def self.save_plantuml(_parent, reader, _localdir)
 
       def self.prep_source(reader)
         src = reader.source
-        reader.lines.first.sub(/\s+$/, "").match /^@startuml($| )/ or
+        reader.lines.first.sub(/(?<!\s)\s+$/, "").match /^@startuml($| )/ or
           src = "@startuml\n#{src}\n@enduml\n"
         %r{@enduml\s*$}m.match?(src) or
           raise "@startuml without matching @enduml in PlantUML!"

lib/metanorma/standoc/ref.rb

@@ -5,7 +5,7 @@ module Metanorma
   module Standoc
     module Refs
       def iso_publisher(bib, code)
-        code.sub(/ .*$/, "").split("/").each do |abbrev|
+        code.sub(/(?<! ) .*$/, "").split("/").each do |abbrev|
           bib.contributor do |c|
             c.role type: "publisher"
             c.organization do |org|

lib/metanorma/standoc/ref_utility.rb

@@ -20,7 +20,7 @@ def id_and_year(id, year)
       def norm_year(year)
         /^&\#821[12];$/.match(year) and return "--"
         /^\d\d\d\d-\d\d\d\d$/.match(year) and return year
-        year&.sub(/(?<=[0-9])-.*$/, "")
+        year&.sub(/^([0-9]+)-.*$/, "\\1")
       end
 
       def conditional_date(bib, match, noyr)
@@ -46,7 +46,7 @@ def docid(bib, code)
                         @bibdb&.docid_type(code) || [nil, code]
                       end
         code1.sub!(/^nofetch\((.+)\)$/, "\\1")
-        bib.docidentifier **attr_code(type: type) do |d|
+        bib.docidentifier **attr_code(type:) do |d|
           d << code1
         end
       end
@@ -59,15 +59,16 @@ def docnumber(bib, code)
       end
 
       def mn_code(code)
-        code.sub(/^\(/, "[").sub(/\).*$/, "]")
+        code.sub(/^\(/, "[").sub(/^([^)]+)\).*$/, "\\1]")
           .sub(/^dropid\((.+)\)$/, "\\1")
           .sub(/^hidden\((.+)\)$/, "\\1")
           .sub(/^nofetch\((.+)\)$/, "\\1")
           .sub(/^local-file\((.+)\)$/, "\\1")
       end
 
       def analyse_ref_localfile(ret)
-        m = /^local-file\((?:(?<source>[^,]+),\s*)?(?<id>.+)\)$/.match(ret[:id])
+        m = /^local-file\((?:(?<source>[^,)]+),\s*)?(?<id>[^)]+)\)$/
+          .match(ret[:id])
         m or return ret
         ret.merge(id: m[:id], localfile: m[:source] || "default")
       end
@@ -88,15 +89,15 @@ def analyse_ref_dropid(ret)
       end
 
       def analyse_ref_repo_path(ret)
-        m = /^(?<type>repo|path|attachment):\((?<key>[^,]+),?(?<id>[^)]*)\)$/
+        m = /^(?<type>repo|path|attachment):\((?<key>[^,)]+),?(?<id>[^)]*)\)$/
           .match(ret[:id]) or return ret
         id = if m[:id].empty?
                if m[:type] == "attachment"
                  "(#{m[:key]})"
                else m[:key].sub(%r{^[^/]+/}, "")
                end
              else m[:id] end
-        ret.merge(id: id, type: m[:type], key: m[:key], nofetch: true)
+        ret.merge(id:, type: m[:type], key: m[:key], nofetch: true)
       end
 
       def analyse_ref_numeric(ret)

lib/metanorma/standoc/section.rb

@@ -14,8 +14,8 @@ def sectiontype1(node)
         node.attr("heading")&.downcase ||
           node.title
             .gsub(%r{<index>.*?</index>}m, "")
-            .gsub(%r{<fn[^>]*>.*?</fn>}m, "")
-            .gsub(/<[^>]+>/, "")
+            .gsub(%r{<fn[^<>]*>.*?</fn>}m, "")
+            .gsub(/<[^<>]+>/, "")
             .strip.downcase.sub(/\.$/, "")
       end
 

spec/metanorma/base_spec.rb

@@ -1378,7 +1378,7 @@
       :scripts: spec/assets/scripts.html
     INPUT
     html = File.read("test.html", encoding: "utf-8")
-    expect(html).to match(%r{<script>})
+    expect(html).to match(%r{<script>}i)
   end
 
   it "uses specified fonts and assets in HTML" do