This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new d9d5555 More untaint
d9d5555 is described below
commit d9d5555e864ad8cedecd5f2dc8f3d39a77c0f42b
Author: Sebb <[email protected]>
AuthorDate: Fri Oct 2 17:36:09 2020 +0100
More untaint
---
tools/wwwdocs.rb | 10 +++++-----
www/board/agenda/models/agenda.rb | 7 ++++---
www/members/board-attend.cgi | 2 +-
www/members/mentors.cgi | 8 ++++----
4 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/tools/wwwdocs.rb b/tools/wwwdocs.rb
index 1d0531a..341b7b4 100755
--- a/tools/wwwdocs.rb
+++ b/tools/wwwdocs.rb
@@ -71,8 +71,8 @@ end
# @return [ [PAGETITLE, [cat,egories] ], ... ]
def scan_dir(dir)
links = {}
- Dir["#{dir}/**/*.cgi".untaint].each do |f|
- l = scan_file(f.untaint)
+ Dir["#{dir}/**/*.cgi"].each do |f|
+ l = scan_file(f)
links[f.sub(dir, '')] = l if l
end
return links
@@ -90,7 +90,7 @@ def get_auth
hash = {}
files = Dir[WHIMSY_CONF]
return hash unless files.size == 1 # must match just one
- file = files.first.untaint
+ file = files.first
loc = nil
File.read(file).each_line do |l|
if l =~ %r{<LocationMatch ([^>]+)>}
@@ -172,8 +172,8 @@ end
def scan_dir_svn(dir, regexs, auth = get_auth())
links = {}
auth = get_auth()
- Dir["#{dir}/**/*.{cgi,rb}".untaint].sort.each do |f|
- l = scan_file_svn(f.untaint, regexs)
+ Dir["#{dir}/**/*.{cgi,rb}"].sort.each do |f|
+ l = scan_file_svn(f, regexs)
if (l[0].length + l[1].length) > 0
fbase = f.sub(dir, '')
realm = auth.select { |k, v| fbase.sub('/www', '').match(/\A#{k}/) }
diff --git a/www/board/agenda/models/agenda.rb
b/www/board/agenda/models/agenda.rb
index 8e7f4bf..959485a 100755
--- a/www/board/agenda/models/agenda.rb
+++ b/www/board/agenda/models/agenda.rb
@@ -87,18 +87,19 @@ class Agenda
end
def self.uptodate(file)
- path = File.expand_path(file, FOUNDATION_BOARD).untaint
+ raise ArgumentError, "Invalid file name #{file}" unless file =~
/\Aboard_\w+_[\d_]+\.txt\z/
+ path = File.expand_path(file, FOUNDATION_BOARD)
return false unless File.exist? path
return Agenda[file][:mtime] == File.mtime(path)
end
def self.parse(file, mode)
+ raise ArgumentError, "Invalid file name #{file}" unless file =~
/\Aboard_\w+_[\d_]+\.txt\z/
# for quick mode, anything will do
mode = :quick if ENV['RACK_ENV'] == 'test'
return Agenda[file][:parsed] if mode == :quick and Agenda[file][:mtime] != 0
- file.untaint if file =~ /\Aboard_\w+_[\d_]+\.txt\z/
- path = File.expand_path(file, FOUNDATION_BOARD).untaint
+ path = File.expand_path(file, FOUNDATION_BOARD)
return Agenda[file][:parsed] unless File.exist? path
diff --git a/www/members/board-attend.cgi b/www/members/board-attend.cgi
index 92e0cd5..cb66370 100755
--- a/www/members/board-attend.cgi
+++ b/www/members/board-attend.cgi
@@ -22,7 +22,7 @@ APPROVED = 'approved'
def summarize(fname, dstats)
meeting = File.basename(fname, '.*')
begin
- agenda = ASF::Board::Agenda.parse(File.read(fname.untaint))
+ agenda = ASF::Board::Agenda.parse(File.read(fname))
rescue StandardError => e
return "summarize(#{fname}) Agenda parse error: #{e.message}
#{e.backtrace[0]}"
end
diff --git a/www/members/mentors.cgi b/www/members/mentors.cgi
index d2fb914..ea4f9b5 100755
--- a/www/members/mentors.cgi
+++ b/www/members/mentors.cgi
@@ -30,12 +30,12 @@ end
# Read *.json from directory of mentor files
# @return hash of mentors by apacheid
-def read_mentors(path)
+def read_mentors
mentors = {}
- Dir[File.join(path, '*.json')].sort.each do |file|
+ Dir[File.join(ASF::SVN[MENTORS_SVN], '*.json')].sort.each do |file|
# Skip files with - dashes, they aren't apacheids
next if file.include?('-')
- read_mentor(file.untaint, mentors)
+ read_mentor(file, mentors)
end
return mentors
end
@@ -56,7 +56,7 @@ _html do
},
helpblock: -> {
uimap = MentorFormat::get_uimap(ASF::SVN[MENTORS_SVN])
- mentors = read_mentors(ASF::SVN[MENTORS_SVN])
+ mentors = read_mentors
errors, mentors = mentors.partition{ |k,v|
v.has_key?(MentorFormat::ERRORS)}.map(&:to_h)
notavailable, mentors = mentors.partition{ |k,v|
v.has_key?(MentorFormat::NOTAVAILABLE)}.map(&:to_h)
_p do
