pywb 2.6.7 (#710)

* rewrite: add missing wordbreak to eval regex to avoid false positives, eg. '_eval' from being rewritten! * dependencies: bump gevent to 21.12.0 * inputrequest: remove unnecessary print * bump version to 2.6.7, update CHANGES for 2.6.7
2025-03-15 00:03:28 +01:00 · 2022-04-14 20:21:24 -07:00 · 2022-04-14 20:21:24 -07:00 · 09f7084aa1
commit 09f7084aa1
parent 403167fbe0
6 changed files with 17 additions and 4 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -1,3 +1,9 @@
+pywb 2.6.7 changelist
+~~~~~~~~~~~~~~~~~~~~~
+
+* dependency: bump gevent to latest (21.12.0)
+* rewrite: fix eval rewriting where '._eval' was accidentally being rewritten
+
 pywb 2.6.6 changelist
 ~~~~~~~~~~~~~~~~~~~~~

--- a/pywb/rewrite/regex_rewriters.py
+++ b/pywb/rewrite/regex_rewriters.py
@ -84,6 +84,8 @@ if (!self.__WB_pmw) {{ self.__WB_pmw = function(obj) {{ this.__WB_source = obj;

        check_loc = '((self.__WB_check_loc && self.__WB_check_loc(location, arguments)) || {}).href = '

+        eval_str = 'WB_wombat_runEval(function _____evalIsEvil(_______eval_arg$$) { return eval(_______eval_arg$$); }.bind(this)).eval'
+
        self.local_objs = [
            'window',
            'self',
@ -102,7 +104,7 @@ if (!self.__WB_pmw) {{ self.__WB_pmw = function(obj) {{ this.__WB_source = obj;

        rules = [
            # rewriting 'eval(...)' - invocation
-            (r'(?<!function\s)(?:^|[^,$])eval\s*\(', self.replace_str('WB_wombat_runEval(function _____evalIsEvil(_______eval_arg$$) { return eval(_______eval_arg$$); }.bind(this)).eval', 'eval'), 0),
+            (r'(?<!function\s)(?:^|[^,$])\beval\s*\(', self.replace_str(eval_str, 'eval'), 0),
            # rewriting 'x = eval' - no invocation
            (r'(?<=[=,])\s*\beval\b\s*(?![(:.$])', self.replace_str('self.eval', 'eval'), 0),
            (r'(?<=\.)postMessage\b\(', self.add_prefix('__WB_pmw(self).'), 0),
--- a/pywb/rewrite/test/test_regex_rewriters.py
+++ b/pywb/rewrite/test/test_regex_rewriters.py
@ -254,6 +254,12 @@ r"""
 >>> _test_js_obj_proxy('x = obj.eval(a)')
 'x = obj.eval(a)'

+>>> _test_js_obj_proxy('x = obj._eval(a)')
+'x = obj._eval(a)'
+
+>>> _test_js_obj_proxy('x = obj.$eval(a)')
+'x = obj.$eval(a)'
+

 #=================================================================
 # XML Rewriting
--- a/pywb/version.py
+++ b/pywb/version.py
@ -1,4 +1,4 @@
-__version__ = '2.6.6'
+__version__ = '2.6.7'

 if __name__ == '__main__':
    print(__version__)
--- a/pywb/warcserver/inputrequest.py
+++ b/pywb/warcserver/inputrequest.py
@ -277,7 +277,6 @@ class MethodQueryCanonicalizer(object):
            try:
                query = self.json_parse(query)
            except Exception as e:
-                print(e)
                query = ''

        elif mime.startswith('text/plain'):
--- a/requirements.txt
+++ b/requirements.txt
@ -8,7 +8,7 @@ brotlipy
 pyyaml
 werkzeug
 webencodings
-gevent==20.9.0
+gevent==21.12.0
 webassets==0.12.1
 portalocker
 wsgiprox>=1.5.1