This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 3bec3be More logical place to untaint
3bec3be is described below
commit 3bec3be82dcb2d0beaa256da4081a54a6cd3f4c7
Author: Sebb <[email protected]>
AuthorDate: Tue Jul 21 16:46:08 2020 +0100
More logical place to untaint
---
lib/whimsy/asf/svn.rb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index 19e76d6..2edd787 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb
@@ -132,11 +132,11 @@ module ASF
# Includes aliases
def self.svnurl(name)
entry = self._all_repo_entries[name] or return nil
- url = entry['url'].untaint
+ url = entry['url']
unless url # bad entry
raise Exception.new("Unable to find url attribute for SVN entry
#{name}")
end
- return (@base+url).to_s
+ return (@base+url).to_s.untaint # to_s makes the var tainted
end
# fetch a repository URL by name - abort if not found
@@ -155,7 +155,7 @@ module ASF
# name - the nickname for the URL
# relpath - the relative path(s) to the file
def self.svnpath!(name,*relpath)
- base = self.svnurl!(name).untaint # this should be OK
+ base = self.svnurl!(name)
base = base + '/' unless base.end_with? '/'
endpart = [relpath].join('/').sub(%r{^/+},'').gsub(%r{/+},'/')
return base + endpart
