You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/10/02 10:04:00 UTC
[whimsy] branch master updated: Drop .untaint calls
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 6c8b07e Drop .untaint calls
6c8b07e is described below
commit 6c8b07e347696a1cf4dc3a8d7027637c11070c2f
Author: Sebb <se...@apache.org>
AuthorDate: Fri Oct 2 11:03:51 2020 +0100
Drop .untaint calls
They do nothing now
---
lib/whimsy/asf/agenda/minutes.rb | 2 +-
lib/whimsy/asf/mlist.rb | 2 +-
lib/whimsy/asf/nominees.rb | 2 +-
lib/whimsy/asf/podling.rb | 2 +-
lib/whimsy/asf/rack.rb | 2 --
tools/collate_minutes.rb | 2 +-
tools/comdevtalks.rb | 4 ++--
tools/proxyhelper.rb | 2 +-
www/board/agenda/bin/remind-cronjob.rb | 2 +-
www/board/agenda/daemon/events.rb | 4 ++--
www/board/agenda/daemon/session.rb | 8 ++++----
www/board/agenda/main.rb | 13 +++----------
www/board/agenda/models/comments.rb | 3 +--
www/board/agenda/models/reporter.rb | 3 +--
www/board/agenda/routes.rb | 10 +++++-----
www/board/agenda/views/actions/posted-reports.json.rb | 4 ++--
www/board/agenda/views/actions/potential-actions.json.rb | 2 +-
www/board/agenda/views/actions/publish.json.rb | 4 ++--
www/board/agenda/views/actions/reminder-text.json.rb | 4 ++--
www/board/agenda/views/actions/responses.json.rb | 4 ++--
www/board/agenda/views/actions/todos.json.rb | 6 +++---
www/board/agenda/views/committers_report.text.rb | 6 +++---
www/board/missing-reports.cgi | 2 +-
www/board/posted-reports.cgi | 2 +-
www/committers/testauth.cgi | 2 +-
www/fundraising/invoice.cgi | 6 +++---
www/incubator/graduated.cgi | 2 +-
www/members/inactive.cgi | 4 ++--
www/members/list-traffic.cgi | 6 +++---
www/members/mentor-update.cgi | 6 +++---
www/members/nominations.cgi | 6 +++---
www/officers/list-traffic.cgi | 4 ++--
www/secretary/icla-lint.cgi | 2 +-
www/secretary/workbench/models/safetemp.rb | 2 +-
www/secretary/workbench/tasks.rb | 8 ++++----
www/secretary/workbench/views/actions/burst.json.rb | 3 +--
www/secretary/workbench/views/actions/grant.json.rb | 2 +-
www/secretary/workbench/views/actions/icla.json.rb | 8 ++++----
www/secretary/workbench/views/index.json.rb | 2 +-
www/secretary/workbench/views/memapp.json.rb | 2 +-
www/status/passenger.cgi | 2 +-
www/status/svn.cgi | 14 +++++++-------
www/test/example.cgi | 2 +-
43 files changed, 83 insertions(+), 95 deletions(-)
diff --git a/lib/whimsy/asf/agenda/minutes.rb b/lib/whimsy/asf/agenda/minutes.rb
index cf87986..f4caf9e 100644
--- a/lib/whimsy/asf/agenda/minutes.rb
+++ b/lib/whimsy/asf/agenda/minutes.rb
@@ -25,7 +25,7 @@ class ASF::Board::Agenda
attrs['approved'] = attrs['approved'].strip.gsub(/\s+/, ' ')
if FOUNDATION_BOARD
- file = attrs['text'][/board_minutes[_\d]+\.txt/].untaint
+ file = attrs['text'][/board_minutes[_\d]+\.txt/]
if file and File.exist?(File.join(FOUNDATION_BOARD, file))
# unpublished minutes
diff --git a/lib/whimsy/asf/mlist.rb b/lib/whimsy/asf/mlist.rb
index bdf41ca..792d84b 100644
--- a/lib/whimsy/asf/mlist.rb
+++ b/lib/whimsy/asf/mlist.rb
@@ -388,7 +388,7 @@ module ASF
ARCH_MBOX_PUB, ARCH_MBOX_PRV, ARCH_MBOX_RST, ARCH_EXT_MAIL_ARCHIVE]
# TODO alias archivers: either add list or use RE to filter them
- LIST_BASE = ASF::Config[:subscriptions].untaint # allow overrides for testing etc
+ LIST_BASE = ASF::Config[:subscriptions] # allow overrides for testing etc
LIST_MODS = File.join(LIST_BASE, 'list-mods')
diff --git a/lib/whimsy/asf/nominees.rb b/lib/whimsy/asf/nominees.rb
index 2d4514d..702bace 100644
--- a/lib/whimsy/asf/nominees.rb
+++ b/lib/whimsy/asf/nominees.rb
@@ -13,7 +13,7 @@ module ASF
end
meetings = ASF::SVN['Meetings']
- nominations = Dir[File.join(meetings, '*', 'nominated-members.txt')].max.untaint
+ nominations = Dir[File.join(meetings, '*', 'nominated-members.txt')].max
nominations = File.read(nominations).split(/^\s*---+--\s*/)
nominations.shift(2)
diff --git a/lib/whimsy/asf/podling.rb b/lib/whimsy/asf/podling.rb
index b579245..206a11e 100644
--- a/lib/whimsy/asf/podling.rb
+++ b/lib/whimsy/asf/podling.rb
@@ -148,7 +148,7 @@ module ASF
podlings_xml = File.join(incubator_content, 'podlings.xml')
# see if there is a later version
- cache = ASF::Config.get(:cache).untaint
+ cache = ASF::Config.get(:cache)
if File.exist? File.join(cache, 'podlings.xml')
if File.mtime(File.join(cache, 'podlings.xml')) > File.mtime(podlings_xml)
podlings_xml = File.join(cache, 'podlings.xml')
diff --git a/lib/whimsy/asf/rack.rb b/lib/whimsy/asf/rack.rb
index 3c13a90..99122b1 100644
--- a/lib/whimsy/asf/rack.rb
+++ b/lib/whimsy/asf/rack.rb
@@ -20,8 +20,6 @@ module ASF
env.user, env.password = Base64.
decode64(auth[/^Basic ([A-Za-z0-9+\/=]+)$/,1].to_s).split(':',2)
end
- env.user.untaint unless env.user.frozen?
- env.password.untaint unless env.password.frozen?
env['REMOTE_USER'] ||= env.user
diff --git a/tools/collate_minutes.rb b/tools/collate_minutes.rb
index 5a86751..919ac5f 100755
--- a/tools/collate_minutes.rb
+++ b/tools/collate_minutes.rb
@@ -123,7 +123,7 @@ end
# get site information
DATAURI = 'https://whimsy.apache.org/public/committee-info.json'
-local_copy = File.expand_path('../../www/public/committee-info.json', __FILE__).untaint
+local_copy = File.expand_path('../../www/public/committee-info.json', __FILE__)
if File.exist? local_copy
Wunderbar.info "Using #{local_copy}"
cinfo = JSON.parse(File.read(local_copy))
diff --git a/tools/comdevtalks.rb b/tools/comdevtalks.rb
index 1f7c4a5..ff73afa 100644
--- a/tools/comdevtalks.rb
+++ b/tools/comdevtalks.rb
@@ -18,9 +18,9 @@ def parse_talks(dir = "#{COMDEVDIR}")
Dir[File.join("#{dir}", "*.yaml")].each do |fname|
begin
if fname =~ /_/
- talks["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname.untaint))
+ talks["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname))
elsif fname !~ /SKIPFILE/
- submitters["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname.untaint))
+ submitters["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname))
end
rescue Exception => e
puts "Bogosity! analyzing #{fname} raised #{e.message[0..255]}"
diff --git a/tools/proxyhelper.rb b/tools/proxyhelper.rb
index be37f5c..d0b353c 100644
--- a/tools/proxyhelper.rb
+++ b/tools/proxyhelper.rb
@@ -14,7 +14,7 @@ MEETINGS = ASF::SVN['Meetings']
# @return reminders {"proxy@apache.org" => ["IRC line", ...]}
# @see foundation/Meetings/*.rb for other scripts that deal with
# IRC log parsing, attendance marking, and proxy handling
-def reminder_lines(meeting = File.basename(Dir[File.join(MEETINGS, '2*')].max).untaint)
+def reminder_lines(meeting = File.basename(Dir[File.join(MEETINGS, '2*')].max))
lines = IO.read(File.join(MEETINGS, meeting, 'proxies'))
proxylist = lines.scan(/\s\s(.{25})(.*?)\((.*?)\)/).map { |l| [l[0].strip, l[1].strip, l[2]]} # [["Shane Curcuru ", "David Fisher ", "wave"], ...]
copyproxy = Hash.new{|h,k| h[k] = [] }
diff --git a/www/board/agenda/bin/remind-cronjob.rb b/www/board/agenda/bin/remind-cronjob.rb
index 1341747..efe4822 100644
--- a/www/board/agenda/bin/remind-cronjob.rb
+++ b/www/board/agenda/bin/remind-cronjob.rb
@@ -15,7 +15,7 @@ require 'mail'
require 'listen'
FOUNDATION_BOARD = ASF::SVN['foundation_board']
-AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
require './models/agenda'
diff --git a/www/board/agenda/daemon/events.rb b/www/board/agenda/daemon/events.rb
index d88139c..1a3ec28 100644
--- a/www/board/agenda/daemon/events.rb
+++ b/www/board/agenda/daemon/events.rb
@@ -15,9 +15,9 @@ require 'whimsy/asf/config'
class Events
if ENV['RACK_ENV'] == 'test'
- AGENDA_WORK = File.expand_path('test/work/data').untaint
+ AGENDA_WORK = File.expand_path('test/work/data')
else
- AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+ AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
end
WORKDIR = File.expand_path('events', AGENDA_WORK)
diff --git a/www/board/agenda/daemon/session.rb b/www/board/agenda/daemon/session.rb
index e48faad..ace25fd 100644
--- a/www/board/agenda/daemon/session.rb
+++ b/www/board/agenda/daemon/session.rb
@@ -21,9 +21,9 @@ require 'whimsy/asf/config'
class Session
if ENV['RACK_ENV'] == 'test'
- AGENDA_WORK = File.expand_path('test/work/data').untaint
+ AGENDA_WORK = File.expand_path('test/work/data')
else
- AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+ AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
end
WORKDIR = File.expand_path('sessions', AGENDA_WORK)
@@ -75,11 +75,11 @@ class Session
session
end
- # load sessions from disk
+ # load sessions from disk
def self.load(files=nil)
@@semaphore.synchronize do
# default files to all files in the workdir and @@sessions hash
- files ||= Dir["#{WORKDIR}/*"].map {|file| file.dup.untaint} +
+ files ||= Dir["#{WORKDIR}/*"] +
@@sessions.keys.map {|secret| File.join(WORKDIR, secret)}
files.uniq.each do |file|
diff --git a/www/board/agenda/main.rb b/www/board/agenda/main.rb
index 9561482..477acff 100755
--- a/www/board/agenda/main.rb
+++ b/www/board/agenda/main.rb
@@ -33,13 +33,13 @@ end
# determine where relevant data can be found
if ENV['RACK_ENV'] == 'test'
- FOUNDATION_BOARD = File.expand_path('test/work/board').untaint
- AGENDA_WORK = File.expand_path('test/work/data').untaint
+ FOUNDATION_BOARD = File.expand_path('test/work/board')
+ AGENDA_WORK = File.expand_path('test/work/data')
STDERR.puts "* SVN board : #{FOUNDATION_BOARD}"
STDERR.puts "* Agenda work: #{AGENDA_WORK}"
else
FOUNDATION_BOARD = ASF::SVN['foundation_board']
- AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+ AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
STDERR.puts "* SVN board : #{FOUNDATION_BOARD}"
STDERR.puts "* Agenda work: #{AGENDA_WORK}"
end
@@ -69,10 +69,3 @@ end
def dir(pattern, base=FOUNDATION_BOARD)
Dir[File.join(base, pattern)].map {|name| File.basename name}
end
-
-# workaround for https://github.com/rubygems/rubygems/issues/1265
-if Gem::Specification.respond_to? :stubs
- Gem::Specification.stubs.each do |stub|
- stub.full_require_paths.each {|path| path.untaint}
- end
-end
diff --git a/www/board/agenda/models/comments.rb b/www/board/agenda/models/comments.rb
index 0678b70..111f1c7 100644
--- a/www/board/agenda/models/comments.rb
+++ b/www/board/agenda/models/comments.rb
@@ -13,8 +13,7 @@ class HistoricalComments
# select and sort agendas for meetings past the cutoff
agendas = Dir[File.join(ASF::SVN['foundation_board'], '**', 'board_agenda_*')].
select {|file| File.basename(file) > cutoff}.
- sort_by {|file| File.basename(file)}.
- map {|file| file.untaint}
+ sort_by {|file| File.basename(file)}
# drop latest agenda
agendas.pop
diff --git a/www/board/agenda/models/reporter.rb b/www/board/agenda/models/reporter.rb
index 1d08854..4bcd2ad 100644
--- a/www/board/agenda/models/reporter.rb
+++ b/www/board/agenda/models/reporter.rb
@@ -14,8 +14,7 @@ class Reporter
def self.drafts(env, update=nil)
changed = false
- agenda_file = File.basename(
- Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max).untaint
+ agenda_file = File.basename(Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max)
if ENV['RACK_ENV'] == 'test'
return {agenda: agenda_file, drafts: []}
diff --git a/www/board/agenda/routes.rb b/www/board/agenda/routes.rb
index 243f5fd..4bc7956 100755
--- a/www/board/agenda/routes.rb
+++ b/www/board/agenda/routes.rb
@@ -180,7 +180,7 @@ end
# feedback
get %r{/(\d\d\d\d-\d\d-\d\d)/feedback.json} do |date|
- @agenda = "board_agenda_#{date.gsub('-', '_')}.txt".untaint
+ @agenda = "board_agenda_#{date.gsub('-', '_')}.txt"
@dryrun = true
_json :'actions/feedback'
end
@@ -188,7 +188,7 @@ end
post %r{/(\d\d\d\d-\d\d-\d\d)/feedback.json} do |date|
return [503, UNAVAILABLE] if UNAVAILABLE
- @agenda = "board_agenda_#{date.gsub('-', '_')}.txt".untaint
+ @agenda = "board_agenda_#{date.gsub('-', '_')}.txt"
@dryrun = false
_json :'actions/feedback'
end
@@ -373,7 +373,7 @@ end
# updates to agenda data
get %r{/(\d\d\d\d-\d\d-\d\d).json} do |date|
- file = "board_agenda_#{date.gsub('-','_')}.txt".untaint
+ file = "board_agenda_#{date.gsub('-','_')}.txt"
pass unless Agenda.parse file, :full
begin
@@ -415,7 +415,7 @@ end
# draft minutes
get '/text/minutes/:file' do |file|
- file = "board_minutes_#{file.gsub('-','_')}.txt".untaint
+ file = "board_minutes_#{file.gsub('-','_')}.txt"
if dir('board_minutes_*.txt').include? file
path = File.join(FOUNDATION_BOARD, file)
elsif not Dir[File.join(ASF::SVN['minutes'], file[/\d+/], file)].empty?
@@ -507,7 +507,7 @@ end
# draft minutes
get '/text/draft/:file' do |file|
- agenda = "board_agenda_#{file.gsub('-','_')}.txt".untaint
+ agenda = "board_agenda_#{file.gsub('-','_')}.txt"
minutes = AGENDA_WORK + '/' +
agenda.sub('_agenda_','_minutes_').sub('.txt','.yml')
diff --git a/www/board/agenda/views/actions/posted-reports.json.rb b/www/board/agenda/views/actions/posted-reports.json.rb
index 582f8de..c927805 100755
--- a/www/board/agenda/views/actions/posted-reports.json.rb
+++ b/www/board/agenda/views/actions/posted-reports.json.rb
@@ -50,7 +50,7 @@ archive = Dir[File.join(ARCHIVE, previous, '*'), File.join(ARCHIVE, current ,'*'
# select messages that have a subject line starting with [REPORT]
reports = []
archive.each do |email_path|
- email_path.untaint
+ email_path
next if File.mtime(email_path) < cutoff
next if email_path.end_with? '/index'
message = IO.read(email_path, mode: 'rb')
@@ -64,7 +64,7 @@ end
# Get a list of missing board reports
agendas = Dir[File.join(ASF::SVN['foundation_board'], 'board_agenda_*.txt')]
-parsed = ASF::Board::Agenda.parse(IO.read(agendas.max.untaint), true)
+parsed = ASF::Board::Agenda.parse(IO.read(agendas.max), true)
missing = parsed.select {|item| item['missing']}.
map {|item| item['title'].downcase}
diff --git a/www/board/agenda/views/actions/potential-actions.json.rb b/www/board/agenda/views/actions/potential-actions.json.rb
index fcffa08..6ec0390 100644
--- a/www/board/agenda/views/actions/potential-actions.json.rb
+++ b/www/board/agenda/views/actions/potential-actions.json.rb
@@ -3,7 +3,7 @@
#
# get posted action items from previous report
-base = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].sort[-2].untaint
+base = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].sort[-2]
parsed = ASF::Board::Agenda.parse(IO.read(base), true)
actions = parsed.find {|item| item['title'] == 'Action Items'}['actions']
diff --git a/www/board/agenda/views/actions/publish.json.rb b/www/board/agenda/views/actions/publish.json.rb
index 19c7419..4de3acd 100755
--- a/www/board/agenda/views/actions/publish.json.rb
+++ b/www/board/agenda/views/actions/publish.json.rb
@@ -52,7 +52,7 @@ minutes = "board_minutes_#{@date}.txt"
#Commit the Minutes
ASF::SVN.update MINUTES, @message, env, _ do |tmpdir|
- yeardir = File.join(tmpdir, year.to_s).untaint
+ yeardir = File.join(tmpdir, year.to_s)
ASF::SVN.svn_('update', yeardir, _) # TODO does this need auth?
unless Dir.exist? yeardir
@@ -88,7 +88,7 @@ end
# ...
# Update the Calendar from SVN
-ASF::SVN.update ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ).untaint, @message, env, _ do |_tmpdir, calendar|
+ASF::SVN.update ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ), @message, env, _ do |_tmpdir, calendar|
# add year header
unless calendar.include? "# #{year} Board meeting minutes"
calendar[/^()#.*Board meeting minutes #/,1] =
diff --git a/www/board/agenda/views/actions/reminder-text.json.rb b/www/board/agenda/views/actions/reminder-text.json.rb
index 76769ba..7db7ce7 100644
--- a/www/board/agenda/views/actions/reminder-text.json.rb
+++ b/www/board/agenda/views/actions/reminder-text.json.rb
@@ -6,7 +6,7 @@ require 'active_support/time'
template = File.read("#{FOUNDATION_BOARD}/templates/#@reminder.mustache")
# find the latest agenda
-agenda = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max.untaint
+agenda = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max
# determine meeting time
meeting = ASF::Board.nextMeeting
@@ -25,7 +25,7 @@ view = {
}
# perform the substitution
-template = Mustache.render(template.untaint, view)
+template = Mustache.render(template, view)
# extract subject
subject = template[/Subject: (.*)/, 1]
diff --git a/www/board/agenda/views/actions/responses.json.rb b/www/board/agenda/views/actions/responses.json.rb
index 72b46a1..ffdb925 100644
--- a/www/board/agenda/views/actions/responses.json.rb
+++ b/www/board/agenda/views/actions/responses.json.rb
@@ -11,8 +11,8 @@ responses = {}
Dir[maildir + '*'].sort.each do |dir|
next unless dir >= start
- Dir[dir.untaint + '/*'].each do |msg|
- text = File.open(msg.untaint, 'rb') {|file| file.read}
+ Dir[dir + '/*'].each do |msg|
+ text = File.open(msg, 'rb') {|file| file.read}
subject = text[/^Subject: .*/]
next unless subject and subject =~ /Board feedback on .* report/
date, pmc = subject.scan(/Board feedback on ([-\d]+) (.*) report/).first
diff --git a/www/board/agenda/views/actions/todos.json.rb b/www/board/agenda/views/actions/todos.json.rb
index 522e0bf..78b0815 100644
--- a/www/board/agenda/views/actions/todos.json.rb
+++ b/www/board/agenda/views/actions/todos.json.rb
@@ -144,7 +144,7 @@ if @establish and env.password
# create 'victims' file for tlpreq tool
ASF::SVN.svn('update', TLPREQ)
establish -= Dir[File.join(TLPREQ, 'victims-#{date}.*.txt')].
- map {|name| File.read(name.untaint).lines().map(&:chomp)}.flatten
+ map {|name| File.read(name).lines().map(&:chomp)}.flatten
unless establish.empty?
count = Dir[File.join(TLPREQ, 'victims-#{date}.*.txt')].length
message = "record #{date} approved TLP resolutions"
@@ -176,10 +176,10 @@ if (@change || @establish) and env.password
ASF::Mail.configure
sender = ASF::Person.new(env.user)
mail = Mail.new do
- from "#{sender.public_name.inspect} <#{...@apache.org>".untaint
+ from "#{sender.public_name.inspect} <#{...@apache.org>"
to people.map {|person|
- "#{person.public_name.inspect} <#{...@apache.org>".untaint
+ "#{person.public_name.inspect} <#{...@apache.org>"
}.to_a
cc 'Apache Board <bo...@apache.org>'
diff --git a/www/board/agenda/views/committers_report.text.rb b/www/board/agenda/views/committers_report.text.rb
index 921cede..dae80b5 100644
--- a/www/board/agenda/views/committers_report.text.rb
+++ b/www/board/agenda/views/committers_report.text.rb
@@ -4,8 +4,8 @@ require 'chronic'
# load agenda and minutes
board_svn = ASF::SVN['foundation_board']
-minutes_file = File.join(AGENDA_WORK, "board_minutes_#@date.yml").untaint
-agenda_file = File.join(board_svn, "board_agenda_#@date.txt").untaint
+minutes_file = File.join(AGENDA_WORK, "board_minutes_#@date.yml")
+agenda_file = File.join(board_svn, "board_agenda_#@date.txt")
minutes = YAML.load_file(minutes_file) rescue {}
agenda = Agenda.parse(File.basename(agenda_file), :full)
@@ -76,5 +76,5 @@ sender = ASF::Person.find(env.user || ENV['USER'])
@from = "#{sender.public_name.inspect} <#{...@apache.org>"
##### Write the report
-template = File.read('templates/committers_report.text.erb').untaint
+template = File.read('templates/committers_report.text.erb')
Erubis::Eruby.new(template).result(binding)
diff --git a/www/board/missing-reports.cgi b/www/board/missing-reports.cgi
index 97efe39..946c74e 100755
--- a/www/board/missing-reports.cgi
+++ b/www/board/missing-reports.cgi
@@ -42,7 +42,7 @@ _html do
end
_tbody do
agendas.reverse.each do |agenda|
- parsed = ASF::Board::Agenda.parse(File.read(agenda.untaint), true)
+ parsed = ASF::Board::Agenda.parse(File.read(agenda), true)
_tr_ do
_td parsed.count, align: 'right'
_td parsed.count {|report| report["missing"]}, align: 'right'
diff --git a/www/board/posted-reports.cgi b/www/board/posted-reports.cgi
index 2aa2034..dc908be 100755
--- a/www/board/posted-reports.cgi
+++ b/www/board/posted-reports.cgi
@@ -68,7 +68,7 @@ _html do
# Get a list of missing board reports from the agenda itself
Dir.chdir ASF::SVN['foundation_board']
agenda = Dir['board_agenda_*.txt'].max
- parsed = ASF::Board::Agenda.parse(IO.read(agenda.untaint), true)
+ parsed = ASF::Board::Agenda.parse(IO.read(agenda), true)
missing = parsed.select {|item| item['missing']}.
map {|item| item['title'].downcase}
# attempt to sort reports by PMC name
diff --git a/www/committers/testauth.cgi b/www/committers/testauth.cgi
index 76af603..4a6168e 100755
--- a/www/committers/testauth.cgi
+++ b/www/committers/testauth.cgi
@@ -23,7 +23,7 @@ _html do
}
) do
FOUNDATION_BOARD = ASF::SVN['foundation_board']
- agendafile = Dir[File.join(FOUNDATION_BOARD, 'board_agenda_*.txt')].max.untaint
+ agendafile = Dir[File.join(FOUNDATION_BOARD, 'board_agenda_*.txt')].max
agenda = ASF::Board::Agenda.parse(File.read(agendafile))
roll = agenda.find {|item| item['title'] == 'Roll Call'}
diff --git a/www/fundraising/invoice.cgi b/www/fundraising/invoice.cgi
index bd89be2..f51b35f 100755
--- a/www/fundraising/invoice.cgi
+++ b/www/fundraising/invoice.cgi
@@ -15,8 +15,8 @@ end
HISTORY = '/var/tools/invoice'
if %r{/(?<invoice>\d+)(\.\w+)?$} =~ ENV['PATH_INFO']
- if File.exist? "#{HISTORY}/#{invoice.untaint}"
- form = YAML.load_file("#{HISTORY}/#{invoice.untaint}")
+ if File.exist? "#{HISTORY}/#{invoice}"
+ form = YAML.load_file("#{HISTORY}/#{invoice}")
ENV['QUERY_STRING'] =
form.map {|k,v| "#{k}=#{CGI.escape(v.first)}"}.join("&") if form
end
@@ -101,7 +101,7 @@ _html do
_tbody do
Dir.chdir(HISTORY) do
Dir['*'].sort.reverse.each do |invoice|
- form = YAML.load_file("#{HISTORY}/#{invoice.untaint}")
+ form = YAML.load_file("#{HISTORY}/#{invoice}")
if form
_tr_ do
_td {_a invoice, href: invoice}
diff --git a/www/incubator/graduated.cgi b/www/incubator/graduated.cgi
index a7bdf8c..dc6657f 100755
--- a/www/incubator/graduated.cgi
+++ b/www/incubator/graduated.cgi
@@ -85,7 +85,7 @@ _html do
_tbody do
creports.map do |committee|
name = committee[/>(.*?)</, 1]
- href = committee[/href="(.*?)"/, 1].untaint
+ href = committee[/href="(.*?)"/, 1]
href = 'Polygene.html' if href == 'Zest.html'
page = File.read("#{source}/#{href}").
sub(/<footer.*<\/footer>/m, '')
diff --git a/www/members/inactive.cgi b/www/members/inactive.cgi
index 4a21d61..6420b88 100755
--- a/www/members/inactive.cgi
+++ b/www/members/inactive.cgi
@@ -28,7 +28,7 @@ _html do
_body? do
MEETINGS = ASF::SVN['Meetings']
attendance = MeetingUtil.get_attendance(MEETINGS)
- latest = MeetingUtil.get_latest(MEETINGS).untaint
+ latest = MeetingUtil.get_latest(MEETINGS)
# determine user's name as found in members.txt
name = ASF::Member.find_text_by_id($USER).to_s.split("\n").first
matrix = attendance['matrix'][name]
@@ -36,7 +36,7 @@ _html do
tracker = JSON.parse(IO.read(File.join(latest, 'non-participants.json')))
rescue Errno::ENOENT => err
# Fallback to reading previous meeting's data, and reset variable
- latest = MeetingUtil.get_previous(MEETINGS).untaint
+ latest = MeetingUtil.get_previous(MEETINGS)
tracker = JSON.parse(IO.read(File.join(latest, 'non-participants.json')))
end
# defaults for active users
diff --git a/www/members/list-traffic.cgi b/www/members/list-traffic.cgi
index b1407d4..f6679e9 100755
--- a/www/members/list-traffic.cgi
+++ b/www/members/list-traffic.cgi
@@ -178,7 +178,7 @@ _html do
end
}
) do
- months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+ months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
attendance = MeetingUtil.get_attendance(ASF::SVN['Meetings'])
style_cohorts(attendance) if attendance.has_key?('cohorts') # Allow to fail silently if data missing
# if ENV['QUERY_STRING'].include? 'Clear-Cache-No-Really'
@@ -187,7 +187,7 @@ _html do
# cache = Dir["#{SRV_MAIL}/??????.json"]
# ctr = 0
# cache.each do |f|
- # File.delete(f.untaint)
+ # File.delete(f)
# ctr += 1
# end
# _ "Successfully deleted #{ctr} files (will be rebuilt now)."
@@ -204,7 +204,7 @@ end
# Return just sorted data counts as JSON
_json do
- months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+ months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
data = Hash.new {|h, k| h[k] = {} }
months.sort.reverse.each do |month|
tmp = MailUtils.get_mails_month(mailroot: SRV_MAIL, yearmonth: month, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
diff --git a/www/members/mentor-update.cgi b/www/members/mentor-update.cgi
index 4174437..ebad281 100755
--- a/www/members/mentor-update.cgi
+++ b/www/members/mentor-update.cgi
@@ -117,7 +117,7 @@ end
# @return true if we think it succeeded; false in all other cases
def send_form(formdata: {})
rc = 999
- fn = "#{$USER}.json".untaint
+ fn = "#{$USER}.json"
mentor_update = JSON.pretty_generate(formdata) + "\n"
_div.well do
_p.lead "Updating your mentor record #{fn} to be:"
@@ -127,7 +127,7 @@ def send_form(formdata: {})
Dir.mktmpdir do |tmpdir|
credentials = {user: $USER, password: $PASSWORD}
# TODO: investigate if we should to --depth empty and attempt to get only that mentor's file
- ASF::SVN.svn_('checkout', [MentorFormat::MENTORS_SVN, tmpdir.untaint], _, credentials)
+ ASF::SVN.svn_('checkout', [MentorFormat::MENTORS_SVN, tmpdir], _, credentials)
Dir.chdir tmpdir do
if File.exist? fn
File.write(fn, mentor_update + "\n")
@@ -164,7 +164,7 @@ end
# @return user's current mentor data, or {} if none, or sets:
# myrecord[ERRORS] = "If any error occoured on read/parse"
def read_myrecord(id)
- file = File.join(ASF::SVN['foundation_mentors'], "#{id}.json").untaint
+ file = File.join(ASF::SVN['foundation_mentors'], "#{id}.json")
if File.exist?(file)
begin
return JSON.parse(File.read(file))
diff --git a/www/members/nominations.cgi b/www/members/nominations.cgi
index 2956c7e..f8a0d2c 100755
--- a/www/members/nominations.cgi
+++ b/www/members/nominations.cgi
@@ -25,7 +25,7 @@ def setup_data(cur_mtg_dir)
emails = []
archive.each do |email|
next if email.end_with? '/index'
- message = IO.read(email.untaint, mode: 'rb')
+ message = IO.read(email, mode: 'rb')
next unless message[/^Date: .*/].to_s.include? year
subject = message[/^Subject: .*/]
next if not subject # HACK: allow script to continue if bogus email
@@ -37,7 +37,7 @@ def setup_data(cur_mtg_dir)
end
# parse nominations for names and ids
- nominations = IO.read(File.join(cur_mtg_dir, 'nominated-members.txt').untaint).
+ nominations = IO.read(File.join(cur_mtg_dir, 'nominated-members.txt')).
scan(/^---+--\s+(?:[a-z_0-9-]+)\s+(.*?):?\n/).flatten
nominations.shift if nominations.first == '<empty line>'
@@ -78,7 +78,7 @@ _html do
_ 'This probably only works in the period shortly before or after a Members meeting!'
}
) do
- cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+ cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
nominations, people, emails = setup_data(cur_mtg_dir)
_div.flexbox do
_div.flexitem do
diff --git a/www/officers/list-traffic.cgi b/www/officers/list-traffic.cgi
index fde171b..8068b9c 100755
--- a/www/officers/list-traffic.cgi
+++ b/www/officers/list-traffic.cgi
@@ -140,7 +140,7 @@ _html do
}
) do
- months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+ months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
if ENV['QUERY_STRING'].include? 'week'
display_weekly(months: months, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
else
@@ -152,7 +152,7 @@ end
# Return just sorted data counts as JSON
_json do
- months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+ months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
data = Hash.new {|h, k| h[k] = {} }
months.sort.reverse.each do |month|
tmp = MailUtils.get_mails_month(yearmonth: month, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
diff --git a/www/secretary/icla-lint.cgi b/www/secretary/icla-lint.cgi
index ffeb537..f3450d8 100755
--- a/www/secretary/icla-lint.cgi
+++ b/www/secretary/icla-lint.cgi
@@ -95,7 +95,7 @@ _html do
end
input = File.join(ASF::SVN['officers'], 'iclas.txt')
- document = File.read(input).untaint
+ document = File.read(input)
document.scan(/^((\w.*?):.*?:(.*?):(.*?):(.*))/) do |(line, id, name, email, comment)|
issue, note = nil, nil
comment2 = comment.dup
diff --git a/www/secretary/workbench/models/safetemp.rb b/www/secretary/workbench/models/safetemp.rb
index 24bc7e9..b3bf582 100644
--- a/www/secretary/workbench/models/safetemp.rb
+++ b/www/secretary/workbench/models/safetemp.rb
@@ -15,7 +15,7 @@ class SafeTempFile
end
def path
- @tempfile.path.untaint
+ @tempfile.path
end
def unlink
diff --git a/www/secretary/workbench/tasks.rb b/www/secretary/workbench/tasks.rb
index c190db8..13ad57a 100644
--- a/www/secretary/workbench/tasks.rb
+++ b/www/secretary/workbench/tasks.rb
@@ -74,8 +74,8 @@ class Wunderbar::JsonBuilder
[
'--non-interactive',
'--no-auth-cache',
- '--username', env.user.dup.untaint, # could be frozen
- '--password', env.password.dup.untaint
+ '--username', env.user,
+ '--password', env.password
]
end
@@ -146,7 +146,7 @@ class Wunderbar::JsonBuilder
end
def template(name)
- path = File.expand_path("../templates/#{name}", __FILE__.untaint)
- ERB.new(File.read(path.untaint).untaint).result(binding)
+ path = File.expand_path("../templates/#{name}", __FILE__)
+ ERB.new(File.read(path)).result(binding)
end
end
diff --git a/www/secretary/workbench/views/actions/burst.json.rb b/www/secretary/workbench/views/actions/burst.json.rb
index d75fa44..3284ff4 100644
--- a/www/secretary/workbench/views/actions/burst.json.rb
+++ b/www/secretary/workbench/views/actions/burst.json.rb
@@ -12,8 +12,7 @@ begin
Dir.mktmpdir do |dir|
Kernel.system 'pdfseparate', source.path, "#{dir}/page_%d.pdf"
- pages = Dir["#{dir}/*.pdf"].map {|name| name.untaint}
- sort_by {|name| name[/d+/].to_i}
+ pages = Dir["#{dir}/*.pdf"].sort_by {|name| name[/d+/].to_i}
format = @selected.sub(/\.\w+$/, '') +
"-%0#{pages.length.to_s.length}d.pdf"
diff --git a/www/secretary/workbench/views/actions/grant.json.rb b/www/secretary/workbench/views/actions/grant.json.rb
index 6548677..a4611ed 100644
--- a/www/secretary/workbench/views/actions/grant.json.rb
+++ b/www/secretary/workbench/views/actions/grant.json.rb
@@ -15,7 +15,7 @@ grant = "#@filename#{fileext}"
# verify that a grant under that name doesn't already exist
if grant =~ /^\w[-\w]*\.?\w*$/
- if ASF::GrantFiles.exist?(grant.untaint)
+ if ASF::GrantFiles.exist?(grant)
_warn "documents/grants/#{grant} already exists"
end
else
diff --git a/www/secretary/workbench/views/actions/icla.json.rb b/www/secretary/workbench/views/actions/icla.json.rb
index fdf2a19..2558f2d 100644
--- a/www/secretary/workbench/views/actions/icla.json.rb
+++ b/www/secretary/workbench/views/actions/icla.json.rb
@@ -18,7 +18,7 @@ fileext = File.extname(@selected).downcase
# verify that an ICLA under that name doesn't already exist
if "#@filename#{fileext}" =~ /\A\w[-\w]*\.?\w*\z/
# Is there a matching ICLA? (returns first match, if any)
- file = ASF::ICLAFiles.match_claRef(@filename.untaint)
+ file = ASF::ICLAFiles.match_claRef(@filename)
if file
_warn "documents/iclas/#{file} already exists"
else
@@ -211,11 +211,11 @@ if @valid_user and @pmc and not @votelink.empty?
cc = ["#{@pubname.inspect} <#{@email}>"]
cc << "private@#{@pmc.mail_list}.apache.org" if @pmc # copy pmc
cc << @podling.private_mail_list if @podling # copy podling
- mail.cc = cc.uniq.map {|email| email.dup.untaint}
+ mail.cc = cc.uniq.map {|email| email}
# untaint from and to email addresses
- mail.to = mail.to.map {|email| email.dup.untaint}
- mail.from = @from.untaint
+ mail.to = mail.to.map {|email| email}
+ mail.from = @from
# echo email
form do
diff --git a/www/secretary/workbench/views/index.json.rb b/www/secretary/workbench/views/index.json.rb
index dc3f24f..42ed3c9 100644
--- a/www/secretary/workbench/views/index.json.rb
+++ b/www/secretary/workbench/views/index.json.rb
@@ -8,7 +8,7 @@ if index
prevmbox = nil
if index > 0
- prevmbox = available[index-1].untaint
+ prevmbox = available[index-1]
prevmbox = nil unless YAML.load_file(prevmbox).any? do |key, mail|
mail[:status] != :deleted and not Message.attachments(mail).empty?
end
diff --git a/www/secretary/workbench/views/memapp.json.rb b/www/secretary/workbench/views/memapp.json.rb
index 77f7c98..3de3b63 100644
--- a/www/secretary/workbench/views/memapp.json.rb
+++ b/www/secretary/workbench/views/memapp.json.rb
@@ -2,7 +2,7 @@
# find latest memapp-received.txt file in the foundation/Meetings directory
meetings = ASF::SVN['Meetings']
-received = Dir["#{meetings}/2*/memapp-received.txt"].max.untaint
+received = Dir["#{meetings}/2*/memapp-received.txt"].max
# extract contents
pattern = /^\w+\s+(\w+)\s+(\w+)\s+(\w+)\s+(\w+)\s+(.*?)\s*\n/
diff --git a/www/status/passenger.cgi b/www/status/passenger.cgi
index a08a2e5..21bc6b8 100755
--- a/www/status/passenger.cgi
+++ b/www/status/passenger.cgi
@@ -78,7 +78,7 @@ _html do
path = app[/\A(\/.*):/, 1]
if user.asf_officer_or_member?
- restart = File.join(path.untaint, "tmp/restart.txt") if path
+ restart = File.join(path, "tmp/restart.txt") if path
if restart and File.exist? restart
if _.post? and @restart == restart
FileUtils.touch restart
diff --git a/www/status/svn.cgi b/www/status/svn.cgi
index 6de40fe..ee6bf2e 100755
--- a/www/status/svn.cgi
+++ b/www/status/svn.cgi
@@ -27,7 +27,7 @@ _html do
# remains true if all local checkouts are writable
writable = true
svnroot = (svnrepos.length == 1 && svnrepos.first =~ /^(\/\w[-.\w]*)+\/\*$/ &&
- File.writable?(svnrepos.first.chomp('*').untaint))
+ File.writable?(svnrepos.first.chomp('*')))
_h1_ 'SVN Repository Status'
@@ -152,11 +152,11 @@ end
# process XMLHttpRequests
_json do
- local_path = ASF::SVN.find(@name.untaint)
+ local_path = ASF::SVN.find(@name)
if local_path
if @action == 'update'
- log = `svn cleanup #{local_path.untaint} 2>&1`
- log = log + `svn update #{local_path.untaint} 2>&1`
+ log = `svn cleanup #{local_path} 2>&1`
+ log = log + `svn update #{local_path} 2>&1`
end
info, err = ASF::SVN.getInfo(local_path)
@@ -173,13 +173,13 @@ _json do
repository_url = ASF::SVN.svnpath!(repository_url)
end
- log = `svn checkout #{repository_url.untaint} #{local_path.untaint} 2>&1`
+ log = `svn checkout #{repository_url} #{local_path} 2>&1`
end
end
- localrev, lerr = ASF::SVN.getInfoItem(local_path.untaint,'last-changed-revision')
+ localrev, lerr = ASF::SVN.getInfoItem(local_path,'last-changed-revision')
if repository_url
- serverrev, serr = ASF::SVN.getInfoItem(repository_url.untaint,'last-changed-revision')
+ serverrev, serr = ASF::SVN.getInfoItem(repository_url,'last-changed-revision')
{
log: log.to_s.split("\n"),
path: local_path,
diff --git a/www/test/example.cgi b/www/test/example.cgi
index c673473..242a73b 100755
--- a/www/test/example.cgi
+++ b/www/test/example.cgi
@@ -23,7 +23,7 @@ end
def get_svn_data()
dir = ASF::SVN['comdevtalks']
filename = 'README.yaml'
- data = YAML.load(File.read(File.join(dir, filename).untaint))
+ data = YAML.load(File.read(File.join(dir, filename)))
return data['title']
end