Merge pull request #41 from zendesk/dasch/secure-compilation

Use a string scanner to parse the templates

Author: dasch

lib/curly/compiler.rb

@@ -1,80 +1,92 @@
+require 'curly/scanner'
 require 'curly/invalid_reference'
 
 module Curly
-  class Compiler
-    REFERENCE_REGEX = %r(\{\{([\w\.]+)\}\})
-    COMMENT_REGEX = %r(\{\{\!\s*(.*)\s*\}\})
-    COMMENT_LINE_REGEX = %r(^\s*#{COMMENT_REGEX}\s*\n)
-
-    class << self
 
-      # Compiles a Curly template to Ruby code.
-      #
-      # template - The template String that should be compiled.
-      #
-      # Returns a String containing the Ruby code.
-      def compile(template, presenter_class)
-        if presenter_class.nil?
-          raise ArgumentError, "presenter class cannot be nil"
-        end
+  # Compiles Curly templates into executable Ruby code.
+  #
+  # A template must be accompanied by a presenter class. This class defines the
+  # references that are valid within the template.
+  #
+  class Compiler
+    # Compiles a Curly template to Ruby code.
+    #
+    # template        - The template String that should be compiled.
+    # presenter_class - The presenter Class.
+    #
+    # Returns a String containing the Ruby code.
+    def self.compile(template, presenter_class)
+      new(template, presenter_class).compile
+    end
 
-        source = template.dup
+    # Whether the Curly template is valid. This includes whether all
+    # references are available on the presenter class.
+    #
+    # template        - The template String that should be validated.
+    # presenter_class - The presenter Class.
+    #
+    # Returns true if the template is valid, false otherwise.
+    def self.valid?(template, presenter_class)
+      compile(template, presenter_class)
+
+      true
+    rescue InvalidReference
+      false
+    end
 
-        # Escape double quotes.
-        source.gsub!('"', '\"')
+    attr_reader :template, :presenter_class
 
-        source.gsub!(REFERENCE_REGEX) { compile_reference($1, presenter_class) }
-        source.gsub!(COMMENT_LINE_REGEX) { compile_comment_line($1) }
-        source.gsub!(COMMENT_REGEX) { compile_comment($1) }
+    def initialize(template, presenter_class)
+      @template, @presenter_class = template, presenter_class
+    end
 
-        '"%s"' % source
+    def compile
+      if presenter_class.nil?
+        raise ArgumentError, "presenter class cannot be nil"
       end
 
-      # Whether the Curly template is valid. This includes whether all
-      # references are available on the presenter class.
-      #
-      # template        - The template String that should be validated.
-      # presenter_class - The presenter Class.
-      #
-      # Returns true if the template is valid, false otherwise.
-      def valid?(template, presenter_class)
-        compile(template, presenter_class)
-
-        true
-      rescue InvalidReference
-        false
-      end
+      tokens = Scanner.scan(template)
 
-      private
+      parts = tokens.map do |type, value|
+        send("compile_#{type}", value)
+      end
 
-      def compile_reference(reference, presenter_class)
-        method, argument = reference.split(".", 2)
+      parts.join(" << ")
+    end
 
-        unless presenter_class.method_available?(method.to_sym)
-          raise Curly::InvalidReference.new(method.to_sym)
-        end
+    private
 
-        if presenter_class.instance_method(method).arity == 1
-          # The method accepts a single argument -- pass it in.
-          code = <<-RUBY
-            presenter.#{method}(#{argument.inspect}) {|*args| yield(*args) }
-          RUBY
-        else
-          code = <<-RUBY
-            presenter.#{method} {|*args| yield(*args) }
-          RUBY
-        end
+    def compile_reference(reference)
+      method, argument = reference.split(".", 2)
 
-        '#{ERB::Util.html_escape(%s)}' % code.strip
+      unless presenter_class.method_available?(method.to_sym)
+        raise Curly::InvalidReference.new(method.to_sym)
       end
 
-      def compile_comment_line(comment)
-        "" # Replace the content with an empty string.
+      if presenter_class.instance_method(method).arity == 1
+        # The method accepts a single argument -- pass it in.
+        code = <<-RUBY
+          presenter.#{method}(#{argument.inspect}) {|*args| yield(*args) }
+        RUBY
+      else
+        code = <<-RUBY
+          presenter.#{method} {|*args| yield(*args) }
+        RUBY
       end
 
-      def compile_comment(comment)
-        "" # Replace the content with an empty string.
-      end
+      'ERB::Util.html_escape(%s)' % code.strip
+    end
+
+    def compile_text(text)
+      text.inspect
+    end
+
+    def compile_comment_line(comment)
+      "''" # Replace the content with an empty string.
+    end
+
+    def compile_comment(comment)
+      "''" # Replace the content with an empty string.
     end
   end
 end

lib/curly/scanner.rb

@@ -0,0 +1,111 @@
+require 'strscan'
+
+module Curly
+
+  # Scans Curly templates for tokens.
+  #
+  # The Scanner goes through the template piece by piece, extracting tokens
+  # until the end of the template is reached.
+  #
+  class Scanner
+    REFERENCE_REGEX = %r(\{\{[\w\.]+\}\})
+    COMMENT_REGEX = %r(\{\{!.*\}\})
+    COMMENT_LINE_REGEX = %r(\s*#{COMMENT_REGEX}\s*\n)
+
+    # Scans a Curly template for tokens.
+    #
+    # source - The String source of the template.
+    #
+    # Example
+    #
+    #   Curly::Scanner.scan("hello {{name}}!")
+    #   #=> [[:text, "hello "], [:reference, "name"], [:text, "!"]]
+    #
+    # Returns an Array of type/value pairs representing the tokens in the
+    #   template.
+    def self.scan(source)
+      new(source).scan
+    end
+
+    def initialize(source)
+      @scanner = StringScanner.new(source)
+    end
+
+    def scan
+      tokens = []
+      tokens << scan_token until @scanner.eos?
+      tokens
+    end
+
+    private
+
+    # Scans the next token in the template.
+    #
+    # Returns a two-element Array, the first element being the Symbol type of
+    #   the token and the second being the String value.
+    def scan_token
+      scan_reference ||
+        scan_comment_line ||
+        scan_comment ||
+        scan_text ||
+        scan_remainder
+    end
+
+    # Scans a reference token, if a reference is the next token in the template.
+    #
+    # Returns an Array representing the token, or nil if no reference token can
+    #   be found at the current position.
+    def scan_reference
+      if value = @scanner.scan(REFERENCE_REGEX)
+        # Return the reference name excluding "{{" and "}}".
+        [:reference, value[2..-3]]
+      end
+    end
+
+    # Scans a comment line token, if a comment line is the next token in the
+    # template.
+    #
+    # Returns an Array representing the token, or nil if no comment line token
+    #   can be found at the current position.
+    def scan_comment_line
+      if value = @scanner.scan(COMMENT_LINE_REGEX)
+        # Returns the comment excluding "{{!" and "}}".
+        [:comment_line, value[3..-4]]
+      end
+    end
+
+    # Scans a comment token, if a comment is the next token in the template.
+    #
+    # Returns an Array representing the token, or nil if no comment token can
+    #   be found at the current position.
+    def scan_comment
+      if value = @scanner.scan(COMMENT_REGEX)
+        # Returns the comment excluding "{{!" and "}}".
+        [:comment, value[3..-3]]
+      end
+    end
+
+    # Scans a text token, if a text is the next token in the template.
+    #
+    # Returns an Array representing the token, or nil if no text token can
+    #   be found at the current position.
+    def scan_text
+      if value = @scanner.scan_until(/\{\{/)
+        # Rewind the scanner until before the "{{"
+        @scanner.pos -= 2
+
+        # Return the text up until "{{".
+        [:text, value[0..-3]]
+      end
+    end
+
+    # Scans the remainder of the template and treats it as a text token.
+    #
+    # Returns an Array representing the token, or nil if no text is remaining.
+    def scan_remainder
+      if value = @scanner.scan(/.+/m)
+        [:text, value]
+      end
+    end
+  end
+end

spec/compiler_spec.rb

@@ -85,10 +85,6 @@ def method_missing(*args)
       evaluate("{{yield_value}}") {|v| v.upcase }.should == "FOO, please?"
     end
 
-    it "properly handles quotes in the template" do
-      evaluate('"').should == '"'
-    end
-
     it "escapes non HTML safe strings returned from the presenter" do
       presenter.stub(:dirty) { "<p>dirty</p>" }
       evaluate("{{dirty}}").should == "&lt;p&gt;dirty&lt;/p&gt;"
@@ -106,10 +102,14 @@ def method_missing(*args)
     it "removes comment lines from the output" do
       evaluate(<<-CURLY.strip_heredoc).should == "HELO\nWORLD\n"
         HELO
-          {{! I'm a comment }}
+        {{! I'm a comment }}
         WORLD
       CURLY
     end
+
+    it "does not execute arbitrary Ruby code" do
+      evaluate('#{foo}').should == '#{foo}'
+    end
   end
 
   describe ".valid?" do

spec/scanner_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe Curly::Scanner, ".scan" do
+  it "returns the tokens in the source" do
+    scan("foo {{bar}} baz").should == [
+      [:text, "foo "],
+      [:reference, "bar"],
+      [:text, " baz"]
+    ]
+  end
+
+  it "scans parameterized references" do
+    scan("{{foo.bar}}").should == [
+      [:reference, "foo.bar"]
+    ]
+  end
+
+  it "scans comments in the source" do
+    scan("foo {{!bar}} baz").should == [
+      [:text, "foo "],
+      [:comment, "bar"],
+      [:text, " baz"]
+    ]
+  end
+
+  it "scans comment lines in the source" do
+    scan("foo\n{{!bar}}\nbaz").should == [
+      [:text, "foo\n"],
+      [:comment_line, "bar"],
+      [:text, "baz"]
+    ]
+  end
+
+  it "scans to the end of the source" do
+    scan("foo\n").should == [
+      [:text, "foo\n"]
+    ]
+  end
+
+  it "treats quotes as text" do
+    scan('"').should == [
+      [:text, '"']
+    ]
+  end
+
+  it "treats Ruby interpolation as text" do
+    scan('#{foo}').should == [
+      [:text, '#{foo}']
+    ]
+  end
+
+  def scan(source)
+    Curly::Scanner.scan(source)
+  end
+end