This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new d3ef3b2 More untaints
d3ef3b2 is described below
commit d3ef3b2181bcd4333ddd5eb09b6d07fc6d93ba82
Author: Sebb <[email protected]>
AuthorDate: Fri Oct 2 12:13:13 2020 +0100
More untaints
---
www/members/meeting.cgi | 2 +-
www/members/proxy.cgi | 12 ++++++------
www/members/watch.cgi | 4 +---
www/officers/acreq.cgi | 14 +++++++-------
www/officers/coi.cgi | 20 ++++++++++----------
www/roster/models/committer.rb | 3 +--
www/secretary/workbench/models/attachment.rb | 5 ++---
www/secretary/workbench/models/mailbox.rb | 6 +++---
www/secretary/workbench/views/actions/ccla.json.rb | 2 +-
.../workbench/views/actions/check-signature.json.rb | 3 +--
.../workbench/views/actions/emeritus-request.json.rb | 4 ++--
www/secretary/workbench/views/actions/icla2.json.rb | 10 +++++-----
12 files changed, 40 insertions(+), 45 deletions(-)
diff --git a/www/members/meeting.cgi b/www/members/meeting.cgi
index abba81f..368e34e 100755
--- a/www/members/meeting.cgi
+++ b/www/members/meeting.cgi
@@ -70,7 +70,7 @@ end
_html do
_body? do
MEETINGS = ASF::SVN['Meetings']
- cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+ cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
meeting = File.basename(cur_mtg_dir)
svn_mtg_dir = File.join(MeetingUtil::RECORDS, meeting)
mtg_date = Date.parse(meeting)
diff --git a/www/members/proxy.cgi b/www/members/proxy.cgi
index 134c320..b0f5c00 100755
--- a/www/members/proxy.cgi
+++ b/www/members/proxy.cgi
@@ -128,7 +128,7 @@ def emit_form(cur_mtg_dir, _meeting, volunteers)
end
end
end
- _pre IO.read(File.join(cur_mtg_dir, 'member_proxy.txt').untaint)
+ _pre IO.read(File.join(cur_mtg_dir, 'member_proxy.txt'))
end
end
end
@@ -174,25 +174,25 @@ def emit_post(cur_mtg_dir, meeting, _)
proxy[/Date: _(#{'_' *date.length})/, 1] = date.gsub(' ', '_')
- proxyform = proxy.untaint
+ proxyform = proxy
# report on commit
_div.transcript do
Dir.mktmpdir do |tmpdir|
svn = ASF::SVN.getInfoItem(File.join(MEETINGS,meeting),'url')
- ASF::SVN.svn_('checkout',[svn.untaint, tmpdir.untaint], _,
+ ASF::SVN.svn_('checkout',[svn, tmpdir], _,
{quiet: true, user: $USER, password: $PASSWORD})
Dir.chdir(tmpdir) do
# write proxy form
- filename = "proxies-received/#$USER.txt".untaint
+ filename = "proxies-received/#$USER.txt"
File.write(filename, proxyform)
ASF::SVN.svn_('add', filename, _)
ASF::SVN.svn_('propset', ['svn:mime-type', 'text/plain;
charset=utf-8', filename], _)
# get a list of proxies
list = Dir['proxies-received/*.txt'].map do |file|
- form = File.read(file.untaint)
+ form = File.read(file)
id = file[/([-A-Za-z0-9]+)\.\w+$/, 1]
proxy = form[/hereby authorize ([\S].*) to act/, 1].
@@ -254,7 +254,7 @@ _html do
_body? do
# Find latest meeting and check if it's in the future yet
MEETINGS = ASF::SVN['Meetings']
- cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+ cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
meeting = File.basename(cur_mtg_dir)
today = Date.today.strftime('%Y%m%d')
_whimsy_body(
diff --git a/www/members/watch.cgi b/www/members/watch.cgi
index 3012396..d13a826 100755
--- a/www/members/watch.cgi
+++ b/www/members/watch.cgi
@@ -32,7 +32,7 @@ _html do
# start with the Watch List itself
watch_list = ASF::Person.member_watch_list.keys
meeting =
- File.dirname(Dir[File.join(meetings, '*',
'nominated-members.txt')].max).untaint
+ File.dirname(Dir[File.join(meetings, '*', 'nominated-members.txt')].max)
txt = File.read(File.join(meeting, 'nominated-members.txt'))
nominations = txt.scan(/^---+\n\s*\w+.*<(\S+)@apache.org>/).flatten
@@ -251,7 +251,6 @@ _html do
# search published minutes
if minutes
resolution = nil
- minutes.untaint
Nokogiri::HTML(File.read(minutes)).search('pre').each do
|pre|
if pre.text.include? search_string
resolution = pre
@@ -274,7 +273,6 @@ _html do
# search unpublished agendas
board = ASF::SVN['foundation_board']
Dir[File.join(board, 'board_agenda_*')].sort.each do |agenda|
- agenda.untaint
if File.read(agenda).include? search_string
minutes = ASF::SVN.svnpath!('foundation_board',
File.basename(agenda))
date = agenda.gsub('_','-')[/(\d+-\d+-\d+)/,1]
diff --git a/www/officers/acreq.cgi b/www/officers/acreq.cgi
index f07c2a0..6394107 100755
--- a/www/officers/acreq.cgi
+++ b/www/officers/acreq.cgi
@@ -290,19 +290,19 @@ _html do
# determine the requesting party and cc_list
if @project.empty?
cc_list = ["[email protected]"]
- requestor = user.id.untaint
+ requestor = user.id
else
pmc_list = ASF::Committee.find(@pmc).mail_list
- cc_list = ["private@#{pmc_list}.apache.org".untaint]
- requestor = @pmc[/([\w.-]+)/, 1].untaint
+ cc_list = ["private@#{pmc_list}.apache.org"]
+ requestor = @pmc[/([\w.-]+)/, 1]
end
if requestor == 'incubator' and not @podling.to_s.empty?
- cc_list <<
"private@#{@podling}.#{pmc_list}.apache.org".untaint
- requestor = "#{@podling}@incubator".untaint
+ cc_list << "private@#{@podling}.#{pmc_list}.apache.org"
+ requestor = "#{@podling}@incubator"
end
- cc_list << "#{@name} <#{@email}>".untaint
+ cc_list << "#{@name} <#{@email}>"
cc_list << "[email protected]"
# build the mail to be sent
@@ -328,7 +328,7 @@ _html do
--
Submitted by
https://#{ENV['HTTP_HOST']}#{ENV['REQUEST_URI'].split('?').first}
- From #{`/usr/bin/host
#{ENV['REMOTE_ADDR'].dup.untaint}`.chomp}
+ From #{`/usr/bin/host #{ENV['REMOTE_ADDR']}`.chomp}
Using #{ENV['HTTP_USER_AGENT']}
EOF
diff --git a/www/officers/coi.cgi b/www/officers/coi.cgi
index 80bae8b..da79995 100755
--- a/www/officers/coi.cgi
+++ b/www/officers/coi.cgi
@@ -9,15 +9,15 @@ require 'date'
require 'tmpdir'
coi_url = ASF::SVN.svnurl('conflict-of-interest')
-COI_CURRENT_TEMPLATE_URL = File.join(coi_url, 'template.txt').untaint
+COI_CURRENT_TEMPLATE_URL = File.join(coi_url, 'template.txt')
YEAR = DateTime.now.strftime "%Y"
-COI_CURRENT_URL = File.join(coi_url, YEAR).untaint
+COI_CURRENT_URL = File.join(coi_url, YEAR)
user = ASF::Person.find($USER)
USERID = user.id
-USERNAME = user.cn.untaint
-USERMAIL = "#{USERID}@apache.org".untaint
+USERNAME = user.cn
+USERMAIL = "#{USERID}@apache.org"
IDS = Hash.new {|h,k| h[k]=Array.new}
committees = ASF::Committee.officers + ASF::Committee.nonpmcs
chairs = committees.map do |committee|
@@ -30,7 +30,7 @@ ASF::Service['board'].members.each do |member|
end
# Get the list of files in this year's directory
-signerfileslist, err = ASF::SVN.svn('list', COI_CURRENT_URL, {user:
$USER.dup.untaint, password: $PASSWORD.dup.untaint})
+signerfileslist, err = ASF::SVN.svn('list', COI_CURRENT_URL, {user: $USER,
password: $PASSWORD})
# Currently the documents directory has limited access.
# This includes ASF members, but does not include officers who are not members
# Let others down gently
@@ -76,7 +76,7 @@ def get_affirmed_template(name, timestamp)
Date: __
Metadata: _______________Whimsy www/officers/coi.cgi________________'
template, err =
- ASF::SVN.svn('cat', COI_CURRENT_TEMPLATE_URL, {user: $USER.dup.untaint,
password: $PASSWORD.dup.untaint})
+ ASF::SVN.svn('cat', COI_CURRENT_TEMPLATE_URL, {user: $USER, password:
$PASSWORD})
raise RuntimeError.new("Failed to read current template.txt -- %s" % err)
unless template
centered_name = "#{name}".center(60, '_')
centered_date ="#{timestamp}".center(62, '_')
@@ -185,13 +185,13 @@ def emit_post(_)
current_timestamp = DateTime.now.strftime "%Y-%m-%d %H:%M:%S"
affirmed = get_affirmed_template(USERNAME, current_timestamp)
- user_filename = "#{USERID}.txt".untaint
+ user_filename = "#{USERID}.txt"
# report on commit
_div.transcript do
Dir.mktmpdir do |tmpdir|
- ASF::SVN.svn_!('checkout',[COI_CURRENT_URL, tmpdir.untaint], _,
- {quiet: true, user: $USER.dup.untaint, password:
$PASSWORD.dup.untaint})
+ ASF::SVN.svn_!('checkout',[COI_CURRENT_URL, tmpdir], _,
+ {quiet: true, user: $USER, password: $PASSWORD})
Dir.chdir(tmpdir) do
# write affirmation form
File.write(user_filename, affirmed)
@@ -201,7 +201,7 @@ def emit_post(_)
# commit
ASF::SVN.svn_!('commit',[user_filename], _,
{msg: "Affirm Conflict of Interest Policy for #{USERNAME}",
- user: $USER.dup.untaint, password: $PASSWORD.dup.untaint})
+ user: $USER, password: $PASSWORD})
end
end
# Send email to $USER, secretary@
diff --git a/www/roster/models/committer.rb b/www/roster/models/committer.rb
index e211915..3f75264 100644
--- a/www/roster/models/committer.rb
+++ b/www/roster/models/committer.rb
@@ -129,8 +129,7 @@ class Committer
if ASF::Person.find(env.user).asf_member? # i.e. member karma
if person.icla and person.icla.claRef # Not all people have iclas
- claRef = person.icla.claRef.untaint
- file = ASF::ICLAFiles.match_claRef(claRef)
+ file = ASF::ICLAFiles.match_claRef(person.icla.claRef)
if file
url =ASF::SVN.svnurl('iclas')
response[:forms][:icla] = "#{url}/#{file}"
diff --git a/www/secretary/workbench/models/attachment.rb
b/www/secretary/workbench/models/attachment.rb
index 7f274b0..cdc8ab8 100644
--- a/www/secretary/workbench/models/attachment.rb
+++ b/www/secretary/workbench/models/attachment.rb
@@ -41,7 +41,6 @@ class Attachment
name = self.name.dup
name.gsub! /^\W/, ''
name.gsub! /[^\w.]/, '_'
- name.untaint
end
# writes the attachment to the specified pathname, which must not exist
@@ -74,7 +73,7 @@ class Attachment
if IMAGE_TYPES.include? ext or content_type.start_with? 'image/'
pdf = SafeTempFile.new([safe_name, '.pdf'])
- img2pdf = File.expand_path('../img2pdf', __dir__.untaint).untaint
+ img2pdf = File.expand_path('../img2pdf', __dir__)
stdout, stderr, status = Open3.capture3 img2pdf, '--output', pdf.path,
file.path
@@ -117,7 +116,7 @@ class Attachment
File.write filename, body, encoding: Encoding::BINARY
system 'svn', 'add', filename
- system 'svn', 'propset', 'svn:mime-type', content_type.untaint, filename
+ system 'svn', 'propset', 'svn:mime-type', content_type, filename
filename
end
diff --git a/www/secretary/workbench/models/mailbox.rb
b/www/secretary/workbench/models/mailbox.rb
index 07412fe..784f32f 100644
--- a/www/secretary/workbench/models/mailbox.rb
+++ b/www/secretary/workbench/models/mailbox.rb
@@ -40,8 +40,8 @@ class Mailbox
name = File.basename(name, '.yml')
if name =~ /^\d+$/
- @name = name.untaint
- @mbox = Dir["#{ARCHIVE}/#{@name}",
"#{ARCHIVE}/#{@name}.gz"].first.untaint
+ @name = name
+ @mbox = Dir["#{ARCHIVE}/#{@name}", "#{ARCHIVE}/#{@name}.gz"].first
else
@name = name.split('.').first
@mbox = "#{ARCHIVE}/#{name}"
@@ -100,7 +100,7 @@ class Mailbox
#
def self.find(message)
month, hash = message.match(%r{/(\d+)/(\w+)}).captures
- Mailbox.new(month.untaint).find(hash.untaint)
+ Mailbox.new(month).find(hash)
end
#
diff --git a/www/secretary/workbench/views/actions/ccla.json.rb
b/www/secretary/workbench/views/actions/ccla.json.rb
index d7f9d72..35062a1 100644
--- a/www/secretary/workbench/views/actions/ccla.json.rb
+++ b/www/secretary/workbench/views/actions/ccla.json.rb
@@ -15,7 +15,7 @@ ccla = "#@filename#{fileext}"
# verify that a CCLA under that name doesn't already exist
if ccla =~ /\A\w[-\w]*\.?\w*\z/
- if ASF::CCLAFiles.exist?(ccla.untaint)
+ if ASF::CCLAFiles.exist?(ccla)
_warn "documents/cclas/#{ccla} already exists"
end
else
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 20b009c..5bb3c61 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -93,7 +93,6 @@ begin
# pick the latest gpg version
gpg = `which gpg2`.chomp
gpg = `which gpg`.chomp if gpg.empty?
- gpg.untaint
# run gpg verify command
# TODO: may need to drop the keyid-format parameter when gpg is updated as
it might
@@ -108,7 +107,7 @@ begin
err.include? "gpg: Can't check signature: public key not found"
then
# extract and fetch key
- keyid = err[/[RD]SA key (ID )?(\w+)/,2].untaint
+ keyid = err[/[RD]SA key (ID )?(\w+)/,2]
out2 = err2 = '' # needed later
diff --git a/www/secretary/workbench/views/actions/emeritus-request.json.rb
b/www/secretary/workbench/views/actions/emeritus-request.json.rb
index e9ffd22..9e58a4a 100644
--- a/www/secretary/workbench/views/actions/emeritus-request.json.rb
+++ b/www/secretary/workbench/views/actions/emeritus-request.json.rb
@@ -15,9 +15,9 @@ fileext = File.extname(@selected).downcase if
@signature.empty?
emeritus_request = "#{@filename}#{fileext}"
if emeritus_request =~ /\A\w[-\w]*\.?\w*\z/ # check taint requirements
names = ASF::EmeritusRequestFiles.listnames
- if names.include? @filename.untaint
+ if names.include? @filename
_warn "documents/emeritus-requests-received/#{@filename} already exists"
- elsif names.include? emeritus_request.untaint
+ elsif names.include? emeritus_request
_warn "documents/emeritus-requests-received/#{emeritus_request} already
exists"
end
else
diff --git a/www/secretary/workbench/views/actions/icla2.json.rb
b/www/secretary/workbench/views/actions/icla2.json.rb
index 3ee713d..ef656e5 100644
--- a/www/secretary/workbench/views/actions/icla2.json.rb
+++ b/www/secretary/workbench/views/actions/icla2.json.rb
@@ -73,7 +73,7 @@ end
# - calling .max on an empty array returns nil. Treat it as one as there
# is an existing document that will be moved into this directory.
# - If all else fails, set count to "N"
-count = (Array(ASF::SVN.list((ASF::SVN.svnurl('iclas') + '/' +
@filename).untaint)).
+count = (Array(ASF::SVN.list((ASF::SVN.svnurl('iclas') + '/' + @filename))).
first.to_s.split.
map {|name| name[/.*(\d+)\./, 1] || 1}.
map(&:to_i).max || 1) + 1 rescue 'N'
@@ -158,8 +158,8 @@ if person.public_name != @pubname and @id != 'notinavail'
complete do
ldap = ASF.init_ldap(true)
- ldap.bind("uid=#{env.user.untaint},ou=people,dc=apache,dc=org",
- env.password.untaint)
+ ldap.bind("uid=#{env.user},ou=people,dc=apache,dc=org",
+ env.password)
ldap.modify person.dn, [ASF::Base.mod_replace('cn', @pubname.strip)]
@@ -217,8 +217,8 @@ if @id != 'notinavail'
complete do
ldap = ASF.init_ldap(true)
- ldap.bind("uid=#{env.user.untaint},ou=people,dc=apache,dc=org",
- env.password.untaint)
+ ldap.bind("uid=#{env.user},ou=people,dc=apache,dc=org",
+ env.password)
ldap.modify person.dn, [ASF::Base.mod_replace('mail', @email.strip)]
