Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
MergeAsXML
MergeAsXML
This is a simple Ruby based command line tool that takes a delimited data file (like a CSV file) and merges it into a already existing XML file.
MergeAsXML v1.0.0
-i, --input filename File containing input data
-s separator The delimiter of each field in the input file (default: tab \t)
-X file The XML file to merge the data into
-p parent path The path of the parent node to insert at
-b previous sibling path The path of the sibling node to insert after
-c next sibling path The path of the sibling node to insert before
-t template ERB template to populate (defaults to inbuilt default template)
-d Dump default template to default.xml.erb
-h Display this screen
The basic use case involves you having :
- A delimited datafile, like a CSV file
- An XML file
And you need to get the data from the datafile formatting and inserted into the right place in the XML file.
To do this you specify:
- The datafile to use
- The delimiter for the file. Default is tab.
- An ERB template to control how the data is turned into XML.
- The XML file to insert the output into.
- An xpath expression to indicate where to insert the new XML. Only the first match is used.
- Whether the xpath expression indicates the parent node for the new data (
-p), or a sibling node to insert before (-c)or after (-b).
Here's an example of the command-line inserting CSV data as Markers into a Final Cut Pro XML export.
MergeAsXML -i timecode-data.csv -s , -X FC_XML_EXPORT.XML -b /xmeml/sequence/ismasterclip -t markers.xml.erb
A backup copy of the XML file is made with the suffix .backup.
Installing
It's available as a Ruby Gem.
sudo gem install MergeAsXML
Making templates
MergeAsXML uses ERB templates. You can read about ERB here.
You can get a copy of the default template using the -d parameter. It saves a copy of the default template in your current directory.
MergeAsXML -d
The default template looks like this:
<!-- generated data begins -->
<% data.each_index do | index | %>
<marker>
<name>Marker #<%= index %></name>
<comment><%= data[index][1] %></comment>
<color>
<alpha>0</alpha>
<red>255</red>
<green>0</green>
<blue>0</blue>
</color>
<in><%= data[index][0] %></in>
<out>-1</out>
</marker>
<% end %>
<!-- generated data ends -->
The data from the input file goes into a simple 2D array called data. So each specific item can be accessed as such:
data[row][col]
And you can step through each item using the .each_index operation.
FAQs
Unknown package
We found that MergeAsXML demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 May 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025