pywb 2.6.7 (#710)

ikreymer · web-flow · commit 09f7084aa1c8 · 2022-04-14T20:21:24.000-07:00
* rewrite: add missing wordbreak to eval regex to avoid false positives, eg. '_eval' from being rewritten!

* dependencies: bump gevent to 21.12.0

* inputrequest: remove unnecessary print

* bump version to 2.6.7, update CHANGES for 2.6.7
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,3 +1,9 @@
+pywb 2.6.7 changelist
+~~~~~~~~~~~~~~~~~~~~~
+
+* dependency: bump gevent to latest (21.12.0)
+* rewrite: fix eval rewriting where '._eval' was accidentally being rewritten
+
 pywb 2.6.6 changelist
 ~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/pywb/rewrite/regex_rewriters.py b/pywb/rewrite/regex_rewriters.py
@@ -84,6 +84,8 @@ def __init__(self):
 
         check_loc = '((self.__WB_check_loc && self.__WB_check_loc(location, arguments)) || {}).href = '
 
+        eval_str = 'WB_wombat_runEval(function _____evalIsEvil(_______eval_arg$$) { return eval(_______eval_arg$$); }.bind(this)).eval'
+
         self.local_objs = [
             'window',
             'self',
@@ -102,7 +104,7 @@ def __init__(self):
 
         rules = [
             # rewriting 'eval(...)' - invocation
-            (r'(?<!function\s)(?:^|[^,$])eval\s*\(', self.replace_str('WB_wombat_runEval(function _____evalIsEvil(_______eval_arg$$) { return eval(_______eval_arg$$); }.bind(this)).eval', 'eval'), 0),
+            (r'(?<!function\s)(?:^|[^,$])\beval\s*\(', self.replace_str(eval_str, 'eval'), 0),
             # rewriting 'x = eval' - no invocation
             (r'(?<=[=,])\s*\beval\b\s*(?![(:.$])', self.replace_str('self.eval', 'eval'), 0),
             (r'(?<=\.)postMessage\b\(', self.add_prefix('__WB_pmw(self).'), 0),
diff --git a/pywb/rewrite/test/test_regex_rewriters.py b/pywb/rewrite/test/test_regex_rewriters.py
@@ -254,6 +254,12 @@
 >>> _test_js_obj_proxy('x = obj.eval(a)')
 'x = obj.eval(a)'
 
+>>> _test_js_obj_proxy('x = obj._eval(a)')
+'x = obj._eval(a)'
+
+>>> _test_js_obj_proxy('x = obj.$eval(a)')
+'x = obj.$eval(a)'
+
 
 #=================================================================
 # XML Rewriting
diff --git a/pywb/version.py b/pywb/version.py
@@ -1,4 +1,4 @@
-__version__ = '2.6.6'
+__version__ = '2.6.7'
 
 if __name__ == '__main__':
     print(__version__)
diff --git a/pywb/warcserver/inputrequest.py b/pywb/warcserver/inputrequest.py
@@ -277,7 +277,6 @@ def handle_binary(query):
             try:
                 query = self.json_parse(query)
             except Exception as e:
-                print(e)
                 query = ''
 
         elif mime.startswith('text/plain'):
diff --git a/requirements.txt b/requirements.txt
@@ -8,7 +8,7 @@ brotlipy
 pyyaml
 werkzeug
 webencodings
-gevent==20.9.0
+gevent==21.12.0
 webassets==0.12.1
 portalocker
 wsgiprox>=1.5.1
