!!![TASK] Breaking: Disallow raw directive

Using the raw directive is a potencial securtiy risk. releases: main, 1.0
phpDocumentor · Mar 17, 2024 · fbad95c · fbad95c
1 parent 3ddcbbd
commit fbad95c
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 28 deletions.
diff --git a/packages/guides-restructured-text/src/RestructuredText/Directives/RawDirective.php b/packages/guides-restructured-text/src/RestructuredText/Directives/RawDirective.php
@@ -13,34 +13,27 @@
 
 namespace phpDocumentor\Guides\RestructuredText\Directives;
 
-use phpDocumentor\Guides\Nodes\Node;
-use phpDocumentor\Guides\Nodes\RawNode;
 use phpDocumentor\Guides\RestructuredText\Parser\BlockContext;
 use phpDocumentor\Guides\RestructuredText\Parser\Directive;
-
-use function implode;
+use Psr\Log\LoggerInterface;
 
 /**
- * Renders a raw block, example:
- *
- * .. raw::
- *
- *      <u>Underlined!</u>
- *
- * @link https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through
+ * This directive is deactivated for security reasons. If you need it in your project, you must implement it yourself.
  */
-final class RawDirective extends BaseDirective
+final class RawDirective extends ActionDirective
 {
+    public function __construct(
+        private readonly LoggerInterface $logger,
+    ) {
+    }
+
     public function getName(): string
     {
         return 'raw';
     }
 
-    /** {@inheritDoc} */
-    public function process(
-        BlockContext $blockContext,
-        Directive $directive,
-    ): Node|null {
-        return new RawNode(implode("\n", $blockContext->getDocumentIterator()->toArray()));
+    public function processAction(BlockContext $blockContext, Directive $directive): void
+    {
+        $this->logger->error('The raw directive is not supported for security reasons. ', $blockContext->getLoggerInformation());
     }
 }
diff --git a/...tured-text/src/RestructuredText/Parser/Productions/FieldList/AuthorsFieldListItemRule.php b/...tured-text/src/RestructuredText/Parser/Productions/FieldList/AuthorsFieldListItemRule.php
@@ -14,12 +14,12 @@
 namespace phpDocumentor\Guides\RestructuredText\Parser\Productions\FieldList;
 
 use phpDocumentor\Guides\Nodes\FieldLists\FieldListItemNode;
+use phpDocumentor\Guides\Nodes\Inline\PlainTextInlineNode;
 use phpDocumentor\Guides\Nodes\ListNode;
 use phpDocumentor\Guides\Nodes\Metadata\AuthorNode;
 use phpDocumentor\Guides\Nodes\Metadata\AuthorsNode;
 use phpDocumentor\Guides\Nodes\Metadata\MetadataNode;
 use phpDocumentor\Guides\Nodes\ParagraphNode;
-use phpDocumentor\Guides\Nodes\RawNode;
 use phpDocumentor\Guides\RestructuredText\Parser\BlockContext;
 
 use function count;
@@ -46,12 +46,12 @@ public function apply(FieldListItemNode $fieldListItemNode, BlockContext $blockC
                 if (str_contains($fieldListItemNode->getPlaintextContent(), ';')) {
                     $authorStrings = explode(';', $fieldListItemNode->getPlaintextContent());
                     foreach ($authorStrings as $authorString) {
-                        $authorNodes[] = new AuthorNode($authorString, [new RawNode($authorString)]);
+                        $authorNodes[] = new AuthorNode($authorString, [new PlainTextInlineNode($authorString)]);
                     }
                 } elseif (str_contains($fieldListItemNode->getPlaintextContent(), ',')) {
                     $authorStrings = explode(',', $fieldListItemNode->getPlaintextContent());
                     foreach ($authorStrings as $authorString) {
-                        $authorNodes[] = new AuthorNode($authorString, [new RawNode($authorString)]);
+                        $authorNodes[] = new AuthorNode($authorString, [new PlainTextInlineNode($authorString)]);
                     }
                 } else {
                     $authorNodes[] = new AuthorNode($fieldListItemNode->getPlaintextContent(), $fieldListItemNode->getChildren());

diff --git a/tests/Functional/tests/raw/raw.html b/tests/Functional/tests/raw/raw.html
diff --git a/tests/Functional/tests/raw/raw.rst b/tests/Functional/tests/raw/raw.rst
diff --git a/tests/Integration/tests/raw-forbidden/expected/index.html b/tests/Integration/tests/raw-forbidden/expected/index.html
@@ -0,0 +1,7 @@
+<!-- content start -->
+    <div class="section" id="raw-directive-must-not-work">
+            <h1>Raw directive must not work</h1>
+
+    </div>
+
+<!-- content end -->
diff --git a/tests/Integration/tests/raw-forbidden/expected/logs/error.log b/tests/Integration/tests/raw-forbidden/expected/logs/error.log
@@ -0,0 +1 @@
+app.ERROR: The raw directive is not supported for security reasons.
diff --git a/tests/Integration/tests/raw-forbidden/expected/logs/warning.log b/tests/Integration/tests/raw-forbidden/expected/logs/warning.log
@@ -0,0 +1 @@
+app.ERROR: The raw directive is not supported for security reasons.
diff --git a/tests/Integration/tests/raw-forbidden/input/index.rst b/tests/Integration/tests/raw-forbidden/input/index.rst
@@ -0,0 +1,9 @@
+===========================
+Raw directive must not work
+===========================
+
+..  raw:: html
+
+    <div style="background-color: red; color: black;">This HTML must not show!!</div>
+
+    <script>alert('Some very bad JavaScript works!!!')</script>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		app.ERROR: The raw directive is not supported for security reasons.