Class: Liquid::Expression

Inherits:
Object
  • Object
show all
Defined in:
lib/liquid/expression.rb

Constant Summary collapse

LITERALS = 
{
  nil => nil,
  'nil' => nil,
  'null' => nil,
  '' => nil,
  'true' => true,
  'false' => false,
  'blank' => '',
  'empty' => '',
  # in lax mode, minus sign can be a VariableLookup
  # For simplicity and performace, we treat it like a literal
  '-' => VariableLookup.parse("-", nil).freeze,
}.freeze
DOT = 
".".ord
ZERO = 
"0".ord
NINE = 
"9".ord
DASH = 
"-".ord
RANGES_REGEX =

Use an atomic group (?>…) to avoid pathological backtracing from malicious input as described in github.com/Shopify/liquid/issues/1357

/\A\(\s*(?>(\S+)\s*\.\.)\s*(\S+)\s*\)\z/
INTEGER_REGEX = 
/\A(-?\d+)\z/
FLOAT_REGEX = 
/\A(-?\d+)\.\d+\z/

Class Method Summary collapse

Class Method Details

.inner_parse(markup, ss, cache) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/liquid/expression.rb', line 55

def inner_parse(markup, ss, cache)
  if (markup.start_with?("(") && markup.end_with?(")")) && markup =~ RANGES_REGEX
    return RangeLookup.parse(
      Regexp.last_match(1),
      Regexp.last_match(2),
      ss,
      cache,
    )
  end

  if (num = parse_number(markup, ss))
    num
  else
    VariableLookup.parse(markup, ss, cache)
  end
end

.parse(markup, ss = StringScanner.new(""), cache = nil) ⇒ Object 



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/liquid/expression.rb', line 33

def parse(markup, ss = StringScanner.new(""), cache = nil)
  return unless markup

  markup = markup.strip # markup can be a frozen string

  if (markup.start_with?('"') && markup.end_with?('"')) ||
    (markup.start_with?("'") && markup.end_with?("'"))
    return markup[1..-2]
  elsif LITERALS.key?(markup)
    return LITERALS[markup]
  end

  # Cache only exists during parsing
  if cache
    return cache[markup] if cache.key?(markup)

    cache[markup] = inner_parse(markup, ss, cache).freeze
  else
    inner_parse(markup, ss, nil).freeze
  end
end

.parse_number(markup, ss) ⇒ Object 



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/liquid/expression.rb', line 72

def parse_number(markup, ss)
  # check if the markup is simple integer or float
  case markup
  when INTEGER_REGEX
    return Integer(markup, 10)
  when FLOAT_REGEX
    return markup.to_f
  end

  ss.string = markup
  # the first byte must be a digit, a period, or  a dash
  byte = ss.scan_byte

  return false if byte != DASH && byte != DOT && (byte < ZERO || byte > NINE)

  # The markup could be a float with multiple dots
  first_dot_pos = nil
  num_end_pos = nil

  while (byte = ss.scan_byte)
    return false if byte != DOT && (byte < ZERO || byte > NINE)

    # we found our number and now we are just scanning the rest of the string
    next if num_end_pos

    if byte == DOT
      if first_dot_pos.nil?
        first_dot_pos = ss.pos
      else
        # we found another dot, so we know that the number ends here
        num_end_pos = ss.pos - 1
      end
    end
  end

  num_end_pos = markup.length if ss.eos?

  if num_end_pos
    # number ends with a number "123.123"
    markup.byteslice(0, num_end_pos).to_f
  else
    # number ends with a dot "123."
    markup.byteslice(0, first_dot_pos).to_f
  end
end