whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [whimsy] branch master updated: Drop .untaint calls
Date Fri, 02 Oct 2020 10:04:00 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 6c8b07e  Drop .untaint calls
6c8b07e is described below

commit 6c8b07e347696a1cf4dc3a8d7027637c11070c2f
Author: Sebb <sebb@apache.org>
AuthorDate: Fri Oct 2 11:03:51 2020 +0100

    Drop .untaint calls
    
    They do nothing now
---
 lib/whimsy/asf/agenda/minutes.rb                         |  2 +-
 lib/whimsy/asf/mlist.rb                                  |  2 +-
 lib/whimsy/asf/nominees.rb                               |  2 +-
 lib/whimsy/asf/podling.rb                                |  2 +-
 lib/whimsy/asf/rack.rb                                   |  2 --
 tools/collate_minutes.rb                                 |  2 +-
 tools/comdevtalks.rb                                     |  4 ++--
 tools/proxyhelper.rb                                     |  2 +-
 www/board/agenda/bin/remind-cronjob.rb                   |  2 +-
 www/board/agenda/daemon/events.rb                        |  4 ++--
 www/board/agenda/daemon/session.rb                       |  8 ++++----
 www/board/agenda/main.rb                                 | 13 +++----------
 www/board/agenda/models/comments.rb                      |  3 +--
 www/board/agenda/models/reporter.rb                      |  3 +--
 www/board/agenda/routes.rb                               | 10 +++++-----
 www/board/agenda/views/actions/posted-reports.json.rb    |  4 ++--
 www/board/agenda/views/actions/potential-actions.json.rb |  2 +-
 www/board/agenda/views/actions/publish.json.rb           |  4 ++--
 www/board/agenda/views/actions/reminder-text.json.rb     |  4 ++--
 www/board/agenda/views/actions/responses.json.rb         |  4 ++--
 www/board/agenda/views/actions/todos.json.rb             |  6 +++---
 www/board/agenda/views/committers_report.text.rb         |  6 +++---
 www/board/missing-reports.cgi                            |  2 +-
 www/board/posted-reports.cgi                             |  2 +-
 www/committers/testauth.cgi                              |  2 +-
 www/fundraising/invoice.cgi                              |  6 +++---
 www/incubator/graduated.cgi                              |  2 +-
 www/members/inactive.cgi                                 |  4 ++--
 www/members/list-traffic.cgi                             |  6 +++---
 www/members/mentor-update.cgi                            |  6 +++---
 www/members/nominations.cgi                              |  6 +++---
 www/officers/list-traffic.cgi                            |  4 ++--
 www/secretary/icla-lint.cgi                              |  2 +-
 www/secretary/workbench/models/safetemp.rb               |  2 +-
 www/secretary/workbench/tasks.rb                         |  8 ++++----
 www/secretary/workbench/views/actions/burst.json.rb      |  3 +--
 www/secretary/workbench/views/actions/grant.json.rb      |  2 +-
 www/secretary/workbench/views/actions/icla.json.rb       |  8 ++++----
 www/secretary/workbench/views/index.json.rb              |  2 +-
 www/secretary/workbench/views/memapp.json.rb             |  2 +-
 www/status/passenger.cgi                                 |  2 +-
 www/status/svn.cgi                                       | 14 +++++++-------
 www/test/example.cgi                                     |  2 +-
 43 files changed, 83 insertions(+), 95 deletions(-)

diff --git a/lib/whimsy/asf/agenda/minutes.rb b/lib/whimsy/asf/agenda/minutes.rb
index cf87986..f4caf9e 100644
--- a/lib/whimsy/asf/agenda/minutes.rb
+++ b/lib/whimsy/asf/agenda/minutes.rb
@@ -25,7 +25,7 @@ class ASF::Board::Agenda
       attrs['approved'] = attrs['approved'].strip.gsub(/\s+/, ' ')
 
       if FOUNDATION_BOARD
-        file = attrs['text'][/board_minutes[_\d]+\.txt/].untaint
+        file = attrs['text'][/board_minutes[_\d]+\.txt/]
 
         if file and File.exist?(File.join(FOUNDATION_BOARD, file))
           # unpublished minutes
diff --git a/lib/whimsy/asf/mlist.rb b/lib/whimsy/asf/mlist.rb
index bdf41ca..792d84b 100644
--- a/lib/whimsy/asf/mlist.rb
+++ b/lib/whimsy/asf/mlist.rb
@@ -388,7 +388,7 @@ module ASF
                  ARCH_MBOX_PUB, ARCH_MBOX_PRV, ARCH_MBOX_RST, ARCH_EXT_MAIL_ARCHIVE]
     # TODO alias archivers: either add list or use RE to filter them
 
-    LIST_BASE = ASF::Config[:subscriptions].untaint # allow overrides for testing etc
+    LIST_BASE = ASF::Config[:subscriptions] # allow overrides for testing etc
 
     LIST_MODS = File.join(LIST_BASE, 'list-mods')
 
diff --git a/lib/whimsy/asf/nominees.rb b/lib/whimsy/asf/nominees.rb
index 2d4514d..702bace 100644
--- a/lib/whimsy/asf/nominees.rb
+++ b/lib/whimsy/asf/nominees.rb
@@ -13,7 +13,7 @@ module ASF
       end
 
       meetings = ASF::SVN['Meetings']
-      nominations = Dir[File.join(meetings, '*', 'nominated-members.txt')].max.untaint
+      nominations = Dir[File.join(meetings, '*', 'nominated-members.txt')].max
 
       nominations = File.read(nominations).split(/^\s*---+--\s*/)
       nominations.shift(2)
diff --git a/lib/whimsy/asf/podling.rb b/lib/whimsy/asf/podling.rb
index b579245..206a11e 100644
--- a/lib/whimsy/asf/podling.rb
+++ b/lib/whimsy/asf/podling.rb
@@ -148,7 +148,7 @@ module ASF
       podlings_xml = File.join(incubator_content, 'podlings.xml')
 
       # see if there is a later version
-      cache = ASF::Config.get(:cache).untaint
+      cache = ASF::Config.get(:cache)
       if File.exist? File.join(cache, 'podlings.xml')
         if File.mtime(File.join(cache, 'podlings.xml')) > File.mtime(podlings_xml)
           podlings_xml = File.join(cache, 'podlings.xml')
diff --git a/lib/whimsy/asf/rack.rb b/lib/whimsy/asf/rack.rb
index 3c13a90..99122b1 100644
--- a/lib/whimsy/asf/rack.rb
+++ b/lib/whimsy/asf/rack.rb
@@ -20,8 +20,6 @@ module ASF
         env.user, env.password = Base64.
           decode64(auth[/^Basic ([A-Za-z0-9+\/=]+)$/,1].to_s).split(':',2)
       end
-      env.user.untaint unless env.user.frozen?
-      env.password.untaint unless env.password.frozen?
 
       env['REMOTE_USER'] ||= env.user
 
diff --git a/tools/collate_minutes.rb b/tools/collate_minutes.rb
index 5a86751..919ac5f 100755
--- a/tools/collate_minutes.rb
+++ b/tools/collate_minutes.rb
@@ -123,7 +123,7 @@ end
 
 # get site information
 DATAURI = 'https://whimsy.apache.org/public/committee-info.json'
-local_copy = File.expand_path('../../www/public/committee-info.json', __FILE__).untaint
+local_copy = File.expand_path('../../www/public/committee-info.json', __FILE__)
 if File.exist? local_copy
   Wunderbar.info "Using #{local_copy}"
   cinfo = JSON.parse(File.read(local_copy))
diff --git a/tools/comdevtalks.rb b/tools/comdevtalks.rb
index 1f7c4a5..ff73afa 100644
--- a/tools/comdevtalks.rb
+++ b/tools/comdevtalks.rb
@@ -18,9 +18,9 @@ def parse_talks(dir = "#{COMDEVDIR}")
   Dir[File.join("#{dir}", "*.yaml")].each do |fname|
     begin
       if fname =~ /_/
-        talks["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname.untaint))
+        talks["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname))
       elsif fname !~ /SKIPFILE/
-        submitters["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname.untaint))
+        submitters["#{File.basename(fname, ".*")}"] = YAML.load(File.read(fname))
       end
     rescue Exception => e
       puts "Bogosity! analyzing #{fname} raised #{e.message[0..255]}"
diff --git a/tools/proxyhelper.rb b/tools/proxyhelper.rb
index be37f5c..d0b353c 100644
--- a/tools/proxyhelper.rb
+++ b/tools/proxyhelper.rb
@@ -14,7 +14,7 @@ MEETINGS = ASF::SVN['Meetings']
 # @return reminders {"proxy@apache.org" => ["IRC line", ...]}
 # @see foundation/Meetings/*.rb for other scripts that deal with
 #   IRC log parsing, attendance marking, and proxy handling
-def reminder_lines(meeting = File.basename(Dir[File.join(MEETINGS, '2*')].max).untaint)
+def reminder_lines(meeting = File.basename(Dir[File.join(MEETINGS, '2*')].max))
   lines = IO.read(File.join(MEETINGS, meeting, 'proxies'))
   proxylist = lines.scan(/\s\s(.{25})(.*?)\((.*?)\)/).map { |l| [l[0].strip, l[1].strip,
l[2]]} # [["Shane Curcuru    ", "David Fisher ", "wave"], ...]
   copyproxy = Hash.new{|h,k| h[k] = [] }
diff --git a/www/board/agenda/bin/remind-cronjob.rb b/www/board/agenda/bin/remind-cronjob.rb
index 1341747..efe4822 100644
--- a/www/board/agenda/bin/remind-cronjob.rb
+++ b/www/board/agenda/bin/remind-cronjob.rb
@@ -15,7 +15,7 @@ require 'mail'
 require 'listen'
 
 FOUNDATION_BOARD = ASF::SVN['foundation_board']
-AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
 
 require './models/agenda'
 
diff --git a/www/board/agenda/daemon/events.rb b/www/board/agenda/daemon/events.rb
index d88139c..1a3ec28 100644
--- a/www/board/agenda/daemon/events.rb
+++ b/www/board/agenda/daemon/events.rb
@@ -15,9 +15,9 @@ require 'whimsy/asf/config'
 
 class Events
   if ENV['RACK_ENV'] == 'test'
-    AGENDA_WORK = File.expand_path('test/work/data').untaint
+    AGENDA_WORK = File.expand_path('test/work/data')
   else
-    AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+    AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
   end
 
   WORKDIR = File.expand_path('events', AGENDA_WORK)
diff --git a/www/board/agenda/daemon/session.rb b/www/board/agenda/daemon/session.rb
index e48faad..ace25fd 100644
--- a/www/board/agenda/daemon/session.rb
+++ b/www/board/agenda/daemon/session.rb
@@ -21,9 +21,9 @@ require 'whimsy/asf/config'
 
 class Session
   if ENV['RACK_ENV'] == 'test'
-    AGENDA_WORK = File.expand_path('test/work/data').untaint
+    AGENDA_WORK = File.expand_path('test/work/data')
   else
-    AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+    AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
   end
 
   WORKDIR = File.expand_path('sessions', AGENDA_WORK)
@@ -75,11 +75,11 @@ class Session
     session
   end
 
-  # load sessions from disk
+  # load sessions from disk 
   def self.load(files=nil)
     @@semaphore.synchronize do
       # default files to all files in the workdir and @@sessions hash
-      files ||= Dir["#{WORKDIR}/*"].map {|file| file.dup.untaint} +
+      files ||= Dir["#{WORKDIR}/*"] +
         @@sessions.keys.map {|secret| File.join(WORKDIR, secret)}
 
       files.uniq.each do |file|
diff --git a/www/board/agenda/main.rb b/www/board/agenda/main.rb
index 9561482..477acff 100755
--- a/www/board/agenda/main.rb
+++ b/www/board/agenda/main.rb
@@ -33,13 +33,13 @@ end
 
 # determine where relevant data can be found
 if ENV['RACK_ENV'] == 'test'
-  FOUNDATION_BOARD = File.expand_path('test/work/board').untaint
-  AGENDA_WORK = File.expand_path('test/work/data').untaint
+  FOUNDATION_BOARD = File.expand_path('test/work/board')
+  AGENDA_WORK = File.expand_path('test/work/data')
   STDERR.puts "* SVN board  : #{FOUNDATION_BOARD}"
   STDERR.puts "* Agenda work: #{AGENDA_WORK}"
 else
   FOUNDATION_BOARD = ASF::SVN['foundation_board']
-  AGENDA_WORK = ASF::Config.get(:agenda_work).untaint || '/srv/agenda'
+  AGENDA_WORK = ASF::Config.get(:agenda_work) || '/srv/agenda'
   STDERR.puts "* SVN board  : #{FOUNDATION_BOARD}"
   STDERR.puts "* Agenda work: #{AGENDA_WORK}"
 end
@@ -69,10 +69,3 @@ end
 def dir(pattern, base=FOUNDATION_BOARD)
   Dir[File.join(base, pattern)].map {|name| File.basename name}
 end
-
-# workaround for https://github.com/rubygems/rubygems/issues/1265
-if Gem::Specification.respond_to? :stubs
-  Gem::Specification.stubs.each do |stub|
-    stub.full_require_paths.each {|path| path.untaint}
-  end
-end
diff --git a/www/board/agenda/models/comments.rb b/www/board/agenda/models/comments.rb
index 0678b70..111f1c7 100644
--- a/www/board/agenda/models/comments.rb
+++ b/www/board/agenda/models/comments.rb
@@ -13,8 +13,7 @@ class HistoricalComments
     # select and sort agendas for meetings past the cutoff
     agendas = Dir[File.join(ASF::SVN['foundation_board'], '**', 'board_agenda_*')].
       select {|file| File.basename(file) > cutoff}.
-      sort_by {|file| File.basename(file)}.
-      map {|file| file.untaint}
+      sort_by {|file| File.basename(file)}
 
     # drop latest agenda
     agendas.pop
diff --git a/www/board/agenda/models/reporter.rb b/www/board/agenda/models/reporter.rb
index 1d08854..4bcd2ad 100644
--- a/www/board/agenda/models/reporter.rb
+++ b/www/board/agenda/models/reporter.rb
@@ -14,8 +14,7 @@ class Reporter
   def self.drafts(env, update=nil)
     changed = false
 
-    agenda_file = File.basename(
-      Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max).untaint
+    agenda_file = File.basename(Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max)
 
     if ENV['RACK_ENV'] == 'test'
       return {agenda: agenda_file, drafts: []}
diff --git a/www/board/agenda/routes.rb b/www/board/agenda/routes.rb
index 243f5fd..4bc7956 100755
--- a/www/board/agenda/routes.rb
+++ b/www/board/agenda/routes.rb
@@ -180,7 +180,7 @@ end
 
 # feedback
 get %r{/(\d\d\d\d-\d\d-\d\d)/feedback.json} do |date|
-  @agenda = "board_agenda_#{date.gsub('-', '_')}.txt".untaint
+  @agenda = "board_agenda_#{date.gsub('-', '_')}.txt"
   @dryrun = true
   _json :'actions/feedback'
 end
@@ -188,7 +188,7 @@ end
 post %r{/(\d\d\d\d-\d\d-\d\d)/feedback.json} do |date|
   return [503, UNAVAILABLE] if UNAVAILABLE
 
-  @agenda = "board_agenda_#{date.gsub('-', '_')}.txt".untaint
+  @agenda = "board_agenda_#{date.gsub('-', '_')}.txt"
   @dryrun = false
   _json :'actions/feedback'
 end
@@ -373,7 +373,7 @@ end
 
 # updates to agenda data
 get %r{/(\d\d\d\d-\d\d-\d\d).json} do |date|
-  file = "board_agenda_#{date.gsub('-','_')}.txt".untaint
+  file = "board_agenda_#{date.gsub('-','_')}.txt"
   pass unless Agenda.parse file, :full
 
   begin
@@ -415,7 +415,7 @@ end
 
 # draft minutes
 get '/text/minutes/:file' do |file|
-  file = "board_minutes_#{file.gsub('-','_')}.txt".untaint
+  file = "board_minutes_#{file.gsub('-','_')}.txt"
   if dir('board_minutes_*.txt').include? file
     path = File.join(FOUNDATION_BOARD, file)
   elsif not Dir[File.join(ASF::SVN['minutes'], file[/\d+/], file)].empty?
@@ -507,7 +507,7 @@ end
 
 # draft minutes
 get '/text/draft/:file' do |file|
-  agenda = "board_agenda_#{file.gsub('-','_')}.txt".untaint
+  agenda = "board_agenda_#{file.gsub('-','_')}.txt"
   minutes = AGENDA_WORK + '/' +
     agenda.sub('_agenda_','_minutes_').sub('.txt','.yml')
 
diff --git a/www/board/agenda/views/actions/posted-reports.json.rb b/www/board/agenda/views/actions/posted-reports.json.rb
index 582f8de..c927805 100755
--- a/www/board/agenda/views/actions/posted-reports.json.rb
+++ b/www/board/agenda/views/actions/posted-reports.json.rb
@@ -50,7 +50,7 @@ archive = Dir[File.join(ARCHIVE, previous, '*'), File.join(ARCHIVE, current
,'*'
 # select messages that have a subject line starting with [REPORT]
 reports = []
 archive.each do |email_path|
-  email_path.untaint
+  email_path
   next if File.mtime(email_path) < cutoff
   next if email_path.end_with? '/index'
   message = IO.read(email_path, mode: 'rb')
@@ -64,7 +64,7 @@ end
 
 # Get a list of missing board reports
 agendas = Dir[File.join(ASF::SVN['foundation_board'], 'board_agenda_*.txt')]
-parsed = ASF::Board::Agenda.parse(IO.read(agendas.max.untaint), true)
+parsed = ASF::Board::Agenda.parse(IO.read(agendas.max), true)
 missing = parsed.select {|item| item['missing']}.
   map {|item| item['title'].downcase}
 
diff --git a/www/board/agenda/views/actions/potential-actions.json.rb b/www/board/agenda/views/actions/potential-actions.json.rb
index fcffa08..6ec0390 100644
--- a/www/board/agenda/views/actions/potential-actions.json.rb
+++ b/www/board/agenda/views/actions/potential-actions.json.rb
@@ -3,7 +3,7 @@
 #
 
 # get posted action items from previous report
-base = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].sort[-2].untaint
+base = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].sort[-2]
 parsed = ASF::Board::Agenda.parse(IO.read(base), true)
 actions = parsed.find {|item| item['title'] == 'Action Items'}['actions']
 
diff --git a/www/board/agenda/views/actions/publish.json.rb b/www/board/agenda/views/actions/publish.json.rb
index 19c7419..4de3acd 100755
--- a/www/board/agenda/views/actions/publish.json.rb
+++ b/www/board/agenda/views/actions/publish.json.rb
@@ -52,7 +52,7 @@ minutes = "board_minutes_#{@date}.txt"
 
 #Commit the Minutes
 ASF::SVN.update MINUTES, @message, env, _ do |tmpdir|
-  yeardir = File.join(tmpdir, year.to_s).untaint
+  yeardir = File.join(tmpdir, year.to_s)
   ASF::SVN.svn_('update', yeardir, _) # TODO does this need auth?
 
   unless Dir.exist? yeardir
@@ -88,7 +88,7 @@ end
 # ...
 
 # Update the Calendar from SVN
-ASF::SVN.update ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ).untaint, @message, env,
_ do |_tmpdir, calendar|
+ASF::SVN.update ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ), @message, env, _ do
|_tmpdir, calendar|
   # add year header
   unless calendar.include? "# #{year} Board meeting minutes"
     calendar[/^()#.*Board meeting minutes #/,1] =
diff --git a/www/board/agenda/views/actions/reminder-text.json.rb b/www/board/agenda/views/actions/reminder-text.json.rb
index 76769ba..7db7ce7 100644
--- a/www/board/agenda/views/actions/reminder-text.json.rb
+++ b/www/board/agenda/views/actions/reminder-text.json.rb
@@ -6,7 +6,7 @@ require 'active_support/time'
 template = File.read("#{FOUNDATION_BOARD}/templates/#@reminder.mustache")
 
 # find the latest agenda
-agenda = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max.untaint
+agenda = Dir["#{FOUNDATION_BOARD}/board_agenda_*.txt"].max
 
 # determine meeting time
 meeting = ASF::Board.nextMeeting
@@ -25,7 +25,7 @@ view = {
 }
 
 # perform the substitution
-template = Mustache.render(template.untaint, view)
+template = Mustache.render(template, view)
 
 # extract subject
 subject = template[/Subject: (.*)/, 1]
diff --git a/www/board/agenda/views/actions/responses.json.rb b/www/board/agenda/views/actions/responses.json.rb
index 72b46a1..ffdb925 100644
--- a/www/board/agenda/views/actions/responses.json.rb
+++ b/www/board/agenda/views/actions/responses.json.rb
@@ -11,8 +11,8 @@ responses = {}
 
 Dir[maildir + '*'].sort.each do |dir|
   next unless dir >= start
-  Dir[dir.untaint + '/*'].each do |msg|
-    text = File.open(msg.untaint, 'rb') {|file| file.read}
+  Dir[dir + '/*'].each do |msg|
+    text = File.open(msg, 'rb') {|file| file.read}
     subject = text[/^Subject: .*/]
     next unless subject and subject =~ /Board feedback on .* report/
     date, pmc = subject.scan(/Board feedback on ([-\d]+) (.*) report/).first
diff --git a/www/board/agenda/views/actions/todos.json.rb b/www/board/agenda/views/actions/todos.json.rb
index 522e0bf..78b0815 100644
--- a/www/board/agenda/views/actions/todos.json.rb
+++ b/www/board/agenda/views/actions/todos.json.rb
@@ -144,7 +144,7 @@ if @establish and env.password
   # create 'victims' file for tlpreq tool
   ASF::SVN.svn('update', TLPREQ)
   establish -= Dir[File.join(TLPREQ, 'victims-#{date}.*.txt')].
-     map {|name| File.read(name.untaint).lines().map(&:chomp)}.flatten
+     map {|name| File.read(name).lines().map(&:chomp)}.flatten
   unless establish.empty?
     count = Dir[File.join(TLPREQ, 'victims-#{date}.*.txt')].length
     message = "record #{date} approved TLP resolutions"
@@ -176,10 +176,10 @@ if (@change || @establish) and env.password
     ASF::Mail.configure
     sender = ASF::Person.new(env.user)
     mail = Mail.new do
-      from "#{sender.public_name.inspect} <#{sender.id}@apache.org>".untaint
+      from "#{sender.public_name.inspect} <#{sender.id}@apache.org>"
 
       to people.map {|person|
-        "#{person.public_name.inspect} <#{person.id}@apache.org>".untaint
+        "#{person.public_name.inspect} <#{person.id}@apache.org>"
       }.to_a
 
       cc 'Apache Board <board@apache.org>'
diff --git a/www/board/agenda/views/committers_report.text.rb b/www/board/agenda/views/committers_report.text.rb
index 921cede..dae80b5 100644
--- a/www/board/agenda/views/committers_report.text.rb
+++ b/www/board/agenda/views/committers_report.text.rb
@@ -4,8 +4,8 @@ require 'chronic'
 
 # load agenda and minutes
 board_svn = ASF::SVN['foundation_board']
-minutes_file = File.join(AGENDA_WORK, "board_minutes_#@date.yml").untaint
-agenda_file = File.join(board_svn, "board_agenda_#@date.txt").untaint
+minutes_file = File.join(AGENDA_WORK, "board_minutes_#@date.yml")
+agenda_file = File.join(board_svn, "board_agenda_#@date.txt")
 minutes = YAML.load_file(minutes_file) rescue {}
 agenda = Agenda.parse(File.basename(agenda_file), :full)
 
@@ -76,5 +76,5 @@ sender = ASF::Person.find(env.user || ENV['USER'])
 @from = "#{sender.public_name.inspect} <#{sender.id}@apache.org>"
 
 ##### Write the report
-template = File.read('templates/committers_report.text.erb').untaint
+template = File.read('templates/committers_report.text.erb')
 Erubis::Eruby.new(template).result(binding)
diff --git a/www/board/missing-reports.cgi b/www/board/missing-reports.cgi
index 97efe39..946c74e 100755
--- a/www/board/missing-reports.cgi
+++ b/www/board/missing-reports.cgi
@@ -42,7 +42,7 @@ _html do
         end
         _tbody do
           agendas.reverse.each do |agenda|
-            parsed = ASF::Board::Agenda.parse(File.read(agenda.untaint), true)
+            parsed = ASF::Board::Agenda.parse(File.read(agenda), true)
             _tr_ do
               _td parsed.count, align: 'right'
               _td parsed.count {|report| report["missing"]}, align: 'right'
diff --git a/www/board/posted-reports.cgi b/www/board/posted-reports.cgi
index 2aa2034..dc908be 100755
--- a/www/board/posted-reports.cgi
+++ b/www/board/posted-reports.cgi
@@ -68,7 +68,7 @@ _html do
       # Get a list of missing board reports from the agenda itself
       Dir.chdir ASF::SVN['foundation_board']
       agenda = Dir['board_agenda_*.txt'].max
-      parsed = ASF::Board::Agenda.parse(IO.read(agenda.untaint), true)
+      parsed = ASF::Board::Agenda.parse(IO.read(agenda), true)
       missing = parsed.select {|item| item['missing']}.
         map {|item| item['title'].downcase}
       # attempt to sort reports by PMC name
diff --git a/www/committers/testauth.cgi b/www/committers/testauth.cgi
index 76af603..4a6168e 100755
--- a/www/committers/testauth.cgi
+++ b/www/committers/testauth.cgi
@@ -23,7 +23,7 @@ _html do
     }
   ) do
     FOUNDATION_BOARD = ASF::SVN['foundation_board']
-    agendafile = Dir[File.join(FOUNDATION_BOARD, 'board_agenda_*.txt')].max.untaint
+    agendafile = Dir[File.join(FOUNDATION_BOARD, 'board_agenda_*.txt')].max
     agenda = ASF::Board::Agenda.parse(File.read(agendafile))
     roll = agenda.find {|item| item['title'] == 'Roll Call'}
 
diff --git a/www/fundraising/invoice.cgi b/www/fundraising/invoice.cgi
index bd89be2..f51b35f 100755
--- a/www/fundraising/invoice.cgi
+++ b/www/fundraising/invoice.cgi
@@ -15,8 +15,8 @@ end
 
 HISTORY = '/var/tools/invoice'
 if %r{/(?<invoice>\d+)(\.\w+)?$} =~ ENV['PATH_INFO']
-  if File.exist? "#{HISTORY}/#{invoice.untaint}"
-    form = YAML.load_file("#{HISTORY}/#{invoice.untaint}")
+  if File.exist? "#{HISTORY}/#{invoice}"
+    form = YAML.load_file("#{HISTORY}/#{invoice}")
     ENV['QUERY_STRING'] =
       form.map {|k,v| "#{k}=#{CGI.escape(v.first)}"}.join("&") if form
   end
@@ -101,7 +101,7 @@ _html do
         _tbody do
           Dir.chdir(HISTORY) do
             Dir['*'].sort.reverse.each do |invoice|
-              form = YAML.load_file("#{HISTORY}/#{invoice.untaint}")
+              form = YAML.load_file("#{HISTORY}/#{invoice}")
               if form
                 _tr_ do
                   _td {_a invoice, href: invoice}
diff --git a/www/incubator/graduated.cgi b/www/incubator/graduated.cgi
index a7bdf8c..dc6657f 100755
--- a/www/incubator/graduated.cgi
+++ b/www/incubator/graduated.cgi
@@ -85,7 +85,7 @@ _html do
           _tbody do
             creports.map do |committee|
               name = committee[/>(.*?)</, 1]
-              href = committee[/href="(.*?)"/, 1].untaint
+              href = committee[/href="(.*?)"/, 1]
               href = 'Polygene.html' if href == 'Zest.html'
               page = File.read("#{source}/#{href}").
                 sub(/<footer.*<\/footer>/m, '')
diff --git a/www/members/inactive.cgi b/www/members/inactive.cgi
index 4a21d61..6420b88 100755
--- a/www/members/inactive.cgi
+++ b/www/members/inactive.cgi
@@ -28,7 +28,7 @@ _html do
   _body? do
     MEETINGS = ASF::SVN['Meetings']
     attendance = MeetingUtil.get_attendance(MEETINGS)
-    latest = MeetingUtil.get_latest(MEETINGS).untaint
+    latest = MeetingUtil.get_latest(MEETINGS)
     # determine user's name as found in members.txt
     name = ASF::Member.find_text_by_id($USER).to_s.split("\n").first
     matrix = attendance['matrix'][name]
@@ -36,7 +36,7 @@ _html do
       tracker = JSON.parse(IO.read(File.join(latest, 'non-participants.json')))
     rescue Errno::ENOENT => err
       # Fallback to reading previous meeting's data, and reset variable
-      latest = MeetingUtil.get_previous(MEETINGS).untaint
+      latest = MeetingUtil.get_previous(MEETINGS)
       tracker = JSON.parse(IO.read(File.join(latest, 'non-participants.json')))
     end
     # defaults for active users
diff --git a/www/members/list-traffic.cgi b/www/members/list-traffic.cgi
index b1407d4..f6679e9 100755
--- a/www/members/list-traffic.cgi
+++ b/www/members/list-traffic.cgi
@@ -178,7 +178,7 @@ _html do
         end
       }
     ) do
-      months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+      months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
       attendance = MeetingUtil.get_attendance(ASF::SVN['Meetings'])
       style_cohorts(attendance) if attendance.has_key?('cohorts') # Allow to fail silently
if data missing
       # if ENV['QUERY_STRING'].include? 'Clear-Cache-No-Really'
@@ -187,7 +187,7 @@ _html do
       #     cache = Dir["#{SRV_MAIL}/??????.json"]
       #     ctr = 0
       #     cache.each do |f|
-      #       File.delete(f.untaint)
+      #       File.delete(f)
       #       ctr += 1
       #     end
       #     _ "Successfully deleted #{ctr} files (will be rebuilt now)."
@@ -204,7 +204,7 @@ end
 
 # Return just sorted data counts as JSON
 _json do
-  months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+  months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
   data = Hash.new {|h, k| h[k] = {} }
   months.sort.reverse.each do |month|
     tmp = MailUtils.get_mails_month(mailroot: SRV_MAIL, yearmonth: month, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
diff --git a/www/members/mentor-update.cgi b/www/members/mentor-update.cgi
index 4174437..ebad281 100755
--- a/www/members/mentor-update.cgi
+++ b/www/members/mentor-update.cgi
@@ -117,7 +117,7 @@ end
 # @return true if we think it succeeded; false in all other cases
 def send_form(formdata: {})
   rc = 999
-  fn = "#{$USER}.json".untaint
+  fn = "#{$USER}.json"
   mentor_update = JSON.pretty_generate(formdata) + "\n"
   _div.well do
     _p.lead "Updating your mentor record #{fn} to be:"
@@ -127,7 +127,7 @@ def send_form(formdata: {})
   Dir.mktmpdir do |tmpdir|
     credentials = {user: $USER, password: $PASSWORD}
     # TODO: investigate if we should to --depth empty and attempt to get only that mentor's
file
-    ASF::SVN.svn_('checkout', [MentorFormat::MENTORS_SVN, tmpdir.untaint], _, credentials)
+    ASF::SVN.svn_('checkout', [MentorFormat::MENTORS_SVN, tmpdir], _, credentials)
     Dir.chdir tmpdir do
       if File.exist? fn
         File.write(fn, mentor_update + "\n")
@@ -164,7 +164,7 @@ end
 # @return user's current mentor data, or {} if none, or sets:
 # myrecord[ERRORS] = "If any error occoured on read/parse"
 def read_myrecord(id)
-  file = File.join(ASF::SVN['foundation_mentors'], "#{id}.json").untaint
+  file = File.join(ASF::SVN['foundation_mentors'], "#{id}.json")
   if File.exist?(file)
     begin
       return JSON.parse(File.read(file))
diff --git a/www/members/nominations.cgi b/www/members/nominations.cgi
index 2956c7e..f8a0d2c 100755
--- a/www/members/nominations.cgi
+++ b/www/members/nominations.cgi
@@ -25,7 +25,7 @@ def setup_data(cur_mtg_dir)
   emails = []
   archive.each do |email|
     next if email.end_with? '/index'
-    message = IO.read(email.untaint, mode: 'rb')
+    message = IO.read(email, mode: 'rb')
     next unless message[/^Date: .*/].to_s.include? year
     subject = message[/^Subject: .*/]
     next if not subject # HACK: allow script to continue if bogus email
@@ -37,7 +37,7 @@ def setup_data(cur_mtg_dir)
   end
 
   # parse nominations for names and ids
-  nominations = IO.read(File.join(cur_mtg_dir, 'nominated-members.txt').untaint).
+  nominations = IO.read(File.join(cur_mtg_dir, 'nominated-members.txt')).
     scan(/^---+--\s+(?:[a-z_0-9-]+)\s+(.*?):?\n/).flatten
 
   nominations.shift if nominations.first == '<empty line>'
@@ -78,7 +78,7 @@ _html do
         _ 'This probably only works in the period shortly before or after a Members meeting!'
       }
     ) do
-      cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+      cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
       nominations, people, emails = setup_data(cur_mtg_dir)
       _div.flexbox do
         _div.flexitem do
diff --git a/www/officers/list-traffic.cgi b/www/officers/list-traffic.cgi
index fde171b..8068b9c 100755
--- a/www/officers/list-traffic.cgi
+++ b/www/officers/list-traffic.cgi
@@ -140,7 +140,7 @@ _html do
 
       }
     ) do
-      months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+      months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
       if ENV['QUERY_STRING'].include? 'week'
         display_weekly(months: months, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
       else
@@ -152,7 +152,7 @@ end
 
 # Return just sorted data counts as JSON
 _json do
-  months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path).untaint}.grep(/^\d+$/)
+  months = Dir["#{SRV_MAIL}/*"].map {|path| File.basename(path)}.grep(/^\d+$/)
   data = Hash.new {|h, k| h[k] = {} }
   months.sort.reverse.each do |month|
     tmp = MailUtils.get_mails_month(yearmonth: month, nondiscuss: MailUtils::NONDISCUSSION_SUBJECTS["<#{LIST_ROOT}.apache.org>"])
diff --git a/www/secretary/icla-lint.cgi b/www/secretary/icla-lint.cgi
index ffeb537..f3450d8 100755
--- a/www/secretary/icla-lint.cgi
+++ b/www/secretary/icla-lint.cgi
@@ -95,7 +95,7 @@ _html do
     end
 
     input = File.join(ASF::SVN['officers'], 'iclas.txt')
-    document = File.read(input).untaint
+    document = File.read(input)
     document.scan(/^((\w.*?):.*?:(.*?):(.*?):(.*))/) do |(line, id, name, email, comment)|
       issue, note = nil, nil
       comment2 = comment.dup
diff --git a/www/secretary/workbench/models/safetemp.rb b/www/secretary/workbench/models/safetemp.rb
index 24bc7e9..b3bf582 100644
--- a/www/secretary/workbench/models/safetemp.rb
+++ b/www/secretary/workbench/models/safetemp.rb
@@ -15,7 +15,7 @@ class SafeTempFile
   end
 
   def path
-    @tempfile.path.untaint
+    @tempfile.path
   end
 
   def unlink
diff --git a/www/secretary/workbench/tasks.rb b/www/secretary/workbench/tasks.rb
index c190db8..13ad57a 100644
--- a/www/secretary/workbench/tasks.rb
+++ b/www/secretary/workbench/tasks.rb
@@ -74,8 +74,8 @@ class Wunderbar::JsonBuilder
     [
       '--non-interactive',
       '--no-auth-cache',
-      '--username', env.user.dup.untaint, # could be frozen
-      '--password', env.password.dup.untaint
+      '--username', env.user,
+      '--password', env.password
     ]
   end
 
@@ -146,7 +146,7 @@ class Wunderbar::JsonBuilder
   end
 
   def template(name)
-    path = File.expand_path("../templates/#{name}", __FILE__.untaint)
-    ERB.new(File.read(path.untaint).untaint).result(binding)
+    path = File.expand_path("../templates/#{name}", __FILE__)
+    ERB.new(File.read(path)).result(binding)
   end
 end
diff --git a/www/secretary/workbench/views/actions/burst.json.rb b/www/secretary/workbench/views/actions/burst.json.rb
index d75fa44..3284ff4 100644
--- a/www/secretary/workbench/views/actions/burst.json.rb
+++ b/www/secretary/workbench/views/actions/burst.json.rb
@@ -12,8 +12,7 @@ begin
   Dir.mktmpdir do |dir|
     Kernel.system 'pdfseparate', source.path, "#{dir}/page_%d.pdf"
 
-    pages = Dir["#{dir}/*.pdf"].map {|name| name.untaint}
-      sort_by {|name| name[/d+/].to_i}
+    pages = Dir["#{dir}/*.pdf"].sort_by {|name| name[/d+/].to_i}
 
     format = @selected.sub(/\.\w+$/, '') +
       "-%0#{pages.length.to_s.length}d.pdf"
diff --git a/www/secretary/workbench/views/actions/grant.json.rb b/www/secretary/workbench/views/actions/grant.json.rb
index 6548677..a4611ed 100644
--- a/www/secretary/workbench/views/actions/grant.json.rb
+++ b/www/secretary/workbench/views/actions/grant.json.rb
@@ -15,7 +15,7 @@ grant = "#@filename#{fileext}"
 
 # verify that a grant under that name doesn't already exist
 if grant =~ /^\w[-\w]*\.?\w*$/
-  if ASF::GrantFiles.exist?(grant.untaint)
+  if ASF::GrantFiles.exist?(grant)
     _warn "documents/grants/#{grant} already exists"
   end
 else
diff --git a/www/secretary/workbench/views/actions/icla.json.rb b/www/secretary/workbench/views/actions/icla.json.rb
index fdf2a19..2558f2d 100644
--- a/www/secretary/workbench/views/actions/icla.json.rb
+++ b/www/secretary/workbench/views/actions/icla.json.rb
@@ -18,7 +18,7 @@ fileext = File.extname(@selected).downcase
 # verify that an ICLA under that name doesn't already exist
 if "#@filename#{fileext}" =~ /\A\w[-\w]*\.?\w*\z/
   # Is there a matching ICLA? (returns first match, if any)
-  file = ASF::ICLAFiles.match_claRef(@filename.untaint)
+  file = ASF::ICLAFiles.match_claRef(@filename)
   if file
     _warn "documents/iclas/#{file} already exists"
   else
@@ -211,11 +211,11 @@ if @valid_user and @pmc and not @votelink.empty?
     cc = ["#{@pubname.inspect} <#{@email}>"]
     cc << "private@#{@pmc.mail_list}.apache.org" if @pmc # copy pmc
     cc << @podling.private_mail_list if @podling # copy podling
-    mail.cc = cc.uniq.map {|email| email.dup.untaint}
+    mail.cc = cc.uniq.map {|email| email}
 
     # untaint from and to email addresses
-    mail.to = mail.to.map {|email| email.dup.untaint}
-    mail.from = @from.untaint
+    mail.to = mail.to.map {|email| email}
+    mail.from = @from
 
     # echo email
     form do
diff --git a/www/secretary/workbench/views/index.json.rb b/www/secretary/workbench/views/index.json.rb
index dc3f24f..42ed3c9 100644
--- a/www/secretary/workbench/views/index.json.rb
+++ b/www/secretary/workbench/views/index.json.rb
@@ -8,7 +8,7 @@ if index
   prevmbox = nil
 
   if index > 0
-    prevmbox = available[index-1].untaint
+    prevmbox = available[index-1]
     prevmbox = nil unless YAML.load_file(prevmbox).any? do |key, mail|
       mail[:status] != :deleted and not Message.attachments(mail).empty?
     end
diff --git a/www/secretary/workbench/views/memapp.json.rb b/www/secretary/workbench/views/memapp.json.rb
index 77f7c98..3de3b63 100644
--- a/www/secretary/workbench/views/memapp.json.rb
+++ b/www/secretary/workbench/views/memapp.json.rb
@@ -2,7 +2,7 @@
 
 # find latest memapp-received.txt file in the foundation/Meetings directory
 meetings = ASF::SVN['Meetings']
-received = Dir["#{meetings}/2*/memapp-received.txt"].max.untaint
+received = Dir["#{meetings}/2*/memapp-received.txt"].max
 
 # extract contents
 pattern = /^\w+\s+(\w+)\s+(\w+)\s+(\w+)\s+(\w+)\s+(.*?)\s*\n/
diff --git a/www/status/passenger.cgi b/www/status/passenger.cgi
index a08a2e5..21bc6b8 100755
--- a/www/status/passenger.cgi
+++ b/www/status/passenger.cgi
@@ -78,7 +78,7 @@ _html do
 
         path = app[/\A(\/.*):/, 1]
         if user.asf_officer_or_member?
-          restart = File.join(path.untaint, "tmp/restart.txt") if path
+          restart = File.join(path, "tmp/restart.txt") if path
           if restart and File.exist? restart
             if _.post? and @restart == restart
               FileUtils.touch restart
diff --git a/www/status/svn.cgi b/www/status/svn.cgi
index 6de40fe..ee6bf2e 100755
--- a/www/status/svn.cgi
+++ b/www/status/svn.cgi
@@ -27,7 +27,7 @@ _html do
   # remains true if all local checkouts are writable
   writable = true
   svnroot = (svnrepos.length == 1 && svnrepos.first =~ /^(\/\w[-.\w]*)+\/\*$/ &&
-    File.writable?(svnrepos.first.chomp('*').untaint))
+    File.writable?(svnrepos.first.chomp('*')))
 
   _h1_ 'SVN Repository Status'
 
@@ -152,11 +152,11 @@ end
 
 # process XMLHttpRequests
 _json do
-  local_path = ASF::SVN.find(@name.untaint)
+  local_path = ASF::SVN.find(@name)
   if local_path
     if @action == 'update'
-      log = `svn cleanup #{local_path.untaint} 2>&1`
-      log = log + `svn update #{local_path.untaint} 2>&1`
+      log = `svn cleanup #{local_path} 2>&1`
+      log = log + `svn update #{local_path} 2>&1`
     end
 
     info, err = ASF::SVN.getInfo(local_path)
@@ -173,13 +173,13 @@ _json do
         repository_url = ASF::SVN.svnpath!(repository_url)
       end
 
-      log = `svn checkout #{repository_url.untaint} #{local_path.untaint} 2>&1`
+      log = `svn checkout #{repository_url} #{local_path} 2>&1`
     end
   end
 
-  localrev, lerr = ASF::SVN.getInfoItem(local_path.untaint,'last-changed-revision')
+  localrev, lerr = ASF::SVN.getInfoItem(local_path,'last-changed-revision')
   if repository_url
-    serverrev, serr = ASF::SVN.getInfoItem(repository_url.untaint,'last-changed-revision')
+    serverrev, serr = ASF::SVN.getInfoItem(repository_url,'last-changed-revision')
     {
       log: log.to_s.split("\n"),
       path: local_path,
diff --git a/www/test/example.cgi b/www/test/example.cgi
index c673473..242a73b 100755
--- a/www/test/example.cgi
+++ b/www/test/example.cgi
@@ -23,7 +23,7 @@ end
 def get_svn_data()
   dir = ASF::SVN['comdevtalks']
   filename = 'README.yaml'
-  data = YAML.load(File.read(File.join(dir, filename).untaint))
+  data = YAML.load(File.read(File.join(dir, filename)))
   return data['title']
 end
 


Mime
View raw message