This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 8c66840 More possible tainted strings
8c66840 is described below
commit 8c66840a216d342fe4a4072c56f71ec7e0ec2503
Author: Sebb <[email protected]>
AuthorDate: Fri Jul 17 17:47:12 2020 +0100
More possible tainted strings
---
lib/whimsy/asf/svn.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index a56b55f..d3dfa3e 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb
@@ -21,7 +21,7 @@ module ASF
else
svn_base = 'https://svn.apache.org/repos/'
end
- @base = URI.parse(svn_base)
+ @base = URI.parse(svn_base).untaint
@mock = 'file:///var/tools/svnrep/'
@semaphore = Mutex.new
@testdata = {}
@@ -132,7 +132,7 @@ module ASF
# Includes aliases
def self.svnurl(name)
entry = self._all_repo_entries[name] or return nil
- url = entry['url']
+ url = entry['url'].untaint
unless url # bad entry
raise Exception.new("Unable to find url attribute for SVN entry
#{name}")
end
