whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [whimsy] branch master updated: More untaints
Date Fri, 02 Oct 2020 11:13:22 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new d3ef3b2  More untaints
d3ef3b2 is described below

commit d3ef3b2181bcd4333ddd5eb09b6d07fc6d93ba82
Author: Sebb <sebb@apache.org>
AuthorDate: Fri Oct 2 12:13:13 2020 +0100

    More untaints
---
 www/members/meeting.cgi                              |  2 +-
 www/members/proxy.cgi                                | 12 ++++++------
 www/members/watch.cgi                                |  4 +---
 www/officers/acreq.cgi                               | 14 +++++++-------
 www/officers/coi.cgi                                 | 20 ++++++++++----------
 www/roster/models/committer.rb                       |  3 +--
 www/secretary/workbench/models/attachment.rb         |  5 ++---
 www/secretary/workbench/models/mailbox.rb            |  6 +++---
 www/secretary/workbench/views/actions/ccla.json.rb   |  2 +-
 .../workbench/views/actions/check-signature.json.rb  |  3 +--
 .../workbench/views/actions/emeritus-request.json.rb |  4 ++--
 www/secretary/workbench/views/actions/icla2.json.rb  | 10 +++++-----
 12 files changed, 40 insertions(+), 45 deletions(-)

diff --git a/www/members/meeting.cgi b/www/members/meeting.cgi
index abba81f..368e34e 100755
--- a/www/members/meeting.cgi
+++ b/www/members/meeting.cgi
@@ -70,7 +70,7 @@ end
 _html do
   _body? do
     MEETINGS = ASF::SVN['Meetings']
-    cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+    cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
     meeting = File.basename(cur_mtg_dir)
     svn_mtg_dir = File.join(MeetingUtil::RECORDS, meeting)
     mtg_date = Date.parse(meeting)
diff --git a/www/members/proxy.cgi b/www/members/proxy.cgi
index 134c320..b0f5c00 100755
--- a/www/members/proxy.cgi
+++ b/www/members/proxy.cgi
@@ -128,7 +128,7 @@ def emit_form(cur_mtg_dir, _meeting, volunteers)
             end
           end
         end
-        _pre IO.read(File.join(cur_mtg_dir, 'member_proxy.txt').untaint)
+        _pre IO.read(File.join(cur_mtg_dir, 'member_proxy.txt'))
       end
     end
   end
@@ -174,25 +174,25 @@ def emit_post(cur_mtg_dir, meeting, _)
 
   proxy[/Date: _(#{'_' *date.length})/, 1] = date.gsub(' ', '_')
 
-  proxyform = proxy.untaint
+  proxyform = proxy
 
   # report on commit
   _div.transcript do
     Dir.mktmpdir do |tmpdir|
       svn =  ASF::SVN.getInfoItem(File.join(MEETINGS,meeting),'url')
 
-      ASF::SVN.svn_('checkout',[svn.untaint, tmpdir.untaint], _,
+      ASF::SVN.svn_('checkout',[svn, tmpdir], _,
                     {quiet: true, user: $USER, password: $PASSWORD})
       Dir.chdir(tmpdir) do
         # write proxy form
-        filename = "proxies-received/#$USER.txt".untaint
+        filename = "proxies-received/#$USER.txt"
         File.write(filename, proxyform)
         ASF::SVN.svn_('add', filename, _)
         ASF::SVN.svn_('propset', ['svn:mime-type', 'text/plain; charset=utf-8', filename],
_)
 
         # get a list of proxies
         list = Dir['proxies-received/*.txt'].map do |file|
-          form = File.read(file.untaint)
+          form = File.read(file)
 
           id = file[/([-A-Za-z0-9]+)\.\w+$/, 1]
           proxy = form[/hereby authorize ([\S].*) to act/, 1].
@@ -254,7 +254,7 @@ _html do
   _body? do
     # Find latest meeting and check if it's in the future yet
     MEETINGS = ASF::SVN['Meetings']
-    cur_mtg_dir = MeetingUtil.get_latest(MEETINGS).untaint
+    cur_mtg_dir = MeetingUtil.get_latest(MEETINGS)
     meeting = File.basename(cur_mtg_dir)
     today = Date.today.strftime('%Y%m%d')
     _whimsy_body(
diff --git a/www/members/watch.cgi b/www/members/watch.cgi
index 3012396..d13a826 100755
--- a/www/members/watch.cgi
+++ b/www/members/watch.cgi
@@ -32,7 +32,7 @@ _html do
     # start with the Watch List itself
     watch_list = ASF::Person.member_watch_list.keys
     meeting =
-      File.dirname(Dir[File.join(meetings, '*', 'nominated-members.txt')].max).untaint
+      File.dirname(Dir[File.join(meetings, '*', 'nominated-members.txt')].max)
 
     txt = File.read(File.join(meeting, 'nominated-members.txt'))
     nominations = txt.scan(/^---+\n\s*\w+.*<(\S+)@apache.org>/).flatten
@@ -251,7 +251,6 @@ _html do
                 # search published minutes
                 if minutes
                   resolution = nil
-                  minutes.untaint
                   Nokogiri::HTML(File.read(minutes)).search('pre').each do |pre|
                     if pre.text.include? search_string
                       resolution = pre
@@ -274,7 +273,6 @@ _html do
                   # search unpublished agendas
                   board = ASF::SVN['foundation_board']
                   Dir[File.join(board, 'board_agenda_*')].sort.each do |agenda|
-                    agenda.untaint
                     if File.read(agenda).include? search_string
                       minutes = ASF::SVN.svnpath!('foundation_board', File.basename(agenda))
                       date = agenda.gsub('_','-')[/(\d+-\d+-\d+)/,1]
diff --git a/www/officers/acreq.cgi b/www/officers/acreq.cgi
index f07c2a0..6394107 100755
--- a/www/officers/acreq.cgi
+++ b/www/officers/acreq.cgi
@@ -290,19 +290,19 @@ _html do
                   # determine the requesting party and cc_list
                   if @project.empty?
                     cc_list = ["operations@apache.org"]
-                    requestor = user.id.untaint
+                    requestor = user.id
                   else
                     pmc_list = ASF::Committee.find(@pmc).mail_list
-                    cc_list = ["private@#{pmc_list}.apache.org".untaint]
-                    requestor = @pmc[/([\w.-]+)/, 1].untaint
+                    cc_list = ["private@#{pmc_list}.apache.org"]
+                    requestor = @pmc[/([\w.-]+)/, 1]
                   end
 
                   if requestor == 'incubator' and not @podling.to_s.empty?
-                    cc_list << "private@#{@podling}.#{pmc_list}.apache.org".untaint
-                    requestor = "#{@podling}@incubator".untaint
+                    cc_list << "private@#{@podling}.#{pmc_list}.apache.org"
+                    requestor = "#{@podling}@incubator"
                   end
 
-                  cc_list << "#{@name} <#{@email}>".untaint
+                  cc_list << "#{@name} <#{@email}>"
                   cc_list << "secretary@apache.org"
 
                   # build the mail to be sent
@@ -328,7 +328,7 @@ _html do
 
                     --
                     Submitted by https://#{ENV['HTTP_HOST']}#{ENV['REQUEST_URI'].split('?').first}
-                    From #{`/usr/bin/host #{ENV['REMOTE_ADDR'].dup.untaint}`.chomp}
+                    From #{`/usr/bin/host #{ENV['REMOTE_ADDR']}`.chomp}
                     Using #{ENV['HTTP_USER_AGENT']}
                   EOF
 
diff --git a/www/officers/coi.cgi b/www/officers/coi.cgi
index 80bae8b..da79995 100755
--- a/www/officers/coi.cgi
+++ b/www/officers/coi.cgi
@@ -9,15 +9,15 @@ require 'date'
 require 'tmpdir'
 
 coi_url = ASF::SVN.svnurl('conflict-of-interest')
-COI_CURRENT_TEMPLATE_URL = File.join(coi_url, 'template.txt').untaint
+COI_CURRENT_TEMPLATE_URL = File.join(coi_url, 'template.txt')
 
 YEAR = DateTime.now.strftime "%Y"
-COI_CURRENT_URL = File.join(coi_url, YEAR).untaint
+COI_CURRENT_URL = File.join(coi_url, YEAR)
 
 user = ASF::Person.find($USER)
 USERID = user.id
-USERNAME = user.cn.untaint
-USERMAIL = "#{USERID}@apache.org".untaint
+USERNAME = user.cn
+USERMAIL = "#{USERID}@apache.org"
 IDS = Hash.new {|h,k| h[k]=Array.new}
 committees = ASF::Committee.officers + ASF::Committee.nonpmcs
 chairs = committees.map do |committee|
@@ -30,7 +30,7 @@ ASF::Service['board'].members.each do |member|
 end
 
 # Get the list of files in this year's directory
-signerfileslist, err = ASF::SVN.svn('list', COI_CURRENT_URL, {user: $USER.dup.untaint, password:
$PASSWORD.dup.untaint})
+signerfileslist, err = ASF::SVN.svn('list', COI_CURRENT_URL, {user: $USER, password: $PASSWORD})
 # Currently the documents directory has limited access.
 # This includes ASF members, but does not include officers who are not members
 # Let others down gently
@@ -76,7 +76,7 @@ def get_affirmed_template(name, timestamp)
        Date: __
        Metadata: _______________Whimsy www/officers/coi.cgi________________'
   template, err =
-    ASF::SVN.svn('cat', COI_CURRENT_TEMPLATE_URL, {user: $USER.dup.untaint, password: $PASSWORD.dup.untaint})
+    ASF::SVN.svn('cat', COI_CURRENT_TEMPLATE_URL, {user: $USER, password: $PASSWORD})
   raise RuntimeError.new("Failed to read current template.txt -- %s" % err) unless template
   centered_name = "#{name}".center(60, '_')
   centered_date ="#{timestamp}".center(62, '_')
@@ -185,13 +185,13 @@ def emit_post(_)
   current_timestamp = DateTime.now.strftime "%Y-%m-%d %H:%M:%S"
 
   affirmed = get_affirmed_template(USERNAME, current_timestamp)
-  user_filename = "#{USERID}.txt".untaint
+  user_filename = "#{USERID}.txt"
 
   # report on commit
   _div.transcript do
     Dir.mktmpdir do |tmpdir|
-      ASF::SVN.svn_!('checkout',[COI_CURRENT_URL, tmpdir.untaint], _,
-                    {quiet: true, user: $USER.dup.untaint, password: $PASSWORD.dup.untaint})
+      ASF::SVN.svn_!('checkout',[COI_CURRENT_URL, tmpdir], _,
+                    {quiet: true, user: $USER, password: $PASSWORD})
       Dir.chdir(tmpdir) do
         # write affirmation form
         File.write(user_filename, affirmed)
@@ -201,7 +201,7 @@ def emit_post(_)
         # commit
         ASF::SVN.svn_!('commit',[user_filename], _,
          {msg: "Affirm Conflict of Interest Policy for #{USERNAME}",
-           user: $USER.dup.untaint, password: $PASSWORD.dup.untaint})
+           user: $USER, password: $PASSWORD})
       end
     end
     # Send email to $USER, secretary@
diff --git a/www/roster/models/committer.rb b/www/roster/models/committer.rb
index e211915..3f75264 100644
--- a/www/roster/models/committer.rb
+++ b/www/roster/models/committer.rb
@@ -129,8 +129,7 @@ class Committer
     if ASF::Person.find(env.user).asf_member? # i.e. member karma
 
       if person.icla and person.icla.claRef # Not all people have iclas
-        claRef = person.icla.claRef.untaint
-        file = ASF::ICLAFiles.match_claRef(claRef)
+        file = ASF::ICLAFiles.match_claRef(person.icla.claRef)
         if file
           url =ASF::SVN.svnurl('iclas')
           response[:forms][:icla] = "#{url}/#{file}"
diff --git a/www/secretary/workbench/models/attachment.rb b/www/secretary/workbench/models/attachment.rb
index 7f274b0..cdc8ab8 100644
--- a/www/secretary/workbench/models/attachment.rb
+++ b/www/secretary/workbench/models/attachment.rb
@@ -41,7 +41,6 @@ class Attachment
     name = self.name.dup
     name.gsub! /^\W/, ''
     name.gsub! /[^\w.]/, '_'
-    name.untaint
   end
 
   # writes the attachment to the specified pathname, which must not exist
@@ -74,7 +73,7 @@ class Attachment
 
     if IMAGE_TYPES.include? ext or content_type.start_with? 'image/'
       pdf = SafeTempFile.new([safe_name, '.pdf'])
-      img2pdf = File.expand_path('../img2pdf', __dir__.untaint).untaint
+      img2pdf = File.expand_path('../img2pdf', __dir__)
       stdout, stderr, status = Open3.capture3 img2pdf, '--output', pdf.path,
         file.path
 
@@ -117,7 +116,7 @@ class Attachment
     File.write filename, body, encoding: Encoding::BINARY
 
     system 'svn', 'add', filename
-    system 'svn', 'propset', 'svn:mime-type', content_type.untaint, filename
+    system 'svn', 'propset', 'svn:mime-type', content_type, filename
 
     filename
   end
diff --git a/www/secretary/workbench/models/mailbox.rb b/www/secretary/workbench/models/mailbox.rb
index 07412fe..784f32f 100644
--- a/www/secretary/workbench/models/mailbox.rb
+++ b/www/secretary/workbench/models/mailbox.rb
@@ -40,8 +40,8 @@ class Mailbox
     name = File.basename(name, '.yml')
 
     if name =~ /^\d+$/
-      @name = name.untaint
-      @mbox = Dir["#{ARCHIVE}/#{@name}", "#{ARCHIVE}/#{@name}.gz"].first.untaint
+      @name = name
+      @mbox = Dir["#{ARCHIVE}/#{@name}", "#{ARCHIVE}/#{@name}.gz"].first
     else
       @name = name.split('.').first
       @mbox = "#{ARCHIVE}/#{name}"
@@ -100,7 +100,7 @@ class Mailbox
   #
   def self.find(message)
     month, hash = message.match(%r{/(\d+)/(\w+)}).captures
-    Mailbox.new(month.untaint).find(hash.untaint)
+    Mailbox.new(month).find(hash)
   end
 
   #
diff --git a/www/secretary/workbench/views/actions/ccla.json.rb b/www/secretary/workbench/views/actions/ccla.json.rb
index d7f9d72..35062a1 100644
--- a/www/secretary/workbench/views/actions/ccla.json.rb
+++ b/www/secretary/workbench/views/actions/ccla.json.rb
@@ -15,7 +15,7 @@ ccla = "#@filename#{fileext}"
 
 # verify that a CCLA under that name doesn't already exist
 if ccla =~ /\A\w[-\w]*\.?\w*\z/
-  if ASF::CCLAFiles.exist?(ccla.untaint)
+  if ASF::CCLAFiles.exist?(ccla)
     _warn "documents/cclas/#{ccla} already exists"
   end
 else
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb
index 20b009c..5bb3c61 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -93,7 +93,6 @@ begin
   # pick the latest gpg version
   gpg = `which gpg2`.chomp
   gpg = `which gpg`.chomp if gpg.empty?
-  gpg.untaint
 
   # run gpg verify command
   # TODO: may need to drop the keyid-format parameter when gpg is updated as it might
@@ -108,7 +107,7 @@ begin
     err.include? "gpg: Can't check signature: public key not found"
   then
     # extract and fetch key
-    keyid = err[/[RD]SA key (ID )?(\w+)/,2].untaint
+    keyid = err[/[RD]SA key (ID )?(\w+)/,2]
 
     out2 = err2 = '' # needed later
 
diff --git a/www/secretary/workbench/views/actions/emeritus-request.json.rb b/www/secretary/workbench/views/actions/emeritus-request.json.rb
index e9ffd22..9e58a4a 100644
--- a/www/secretary/workbench/views/actions/emeritus-request.json.rb
+++ b/www/secretary/workbench/views/actions/emeritus-request.json.rb
@@ -15,9 +15,9 @@ fileext = File.extname(@selected).downcase if @signature.empty?
 emeritus_request = "#{@filename}#{fileext}"
 if emeritus_request =~ /\A\w[-\w]*\.?\w*\z/ # check taint requirements
   names = ASF::EmeritusRequestFiles.listnames
-  if names.include? @filename.untaint
+  if names.include? @filename
     _warn "documents/emeritus-requests-received/#{@filename} already exists"
-  elsif names.include? emeritus_request.untaint
+  elsif names.include? emeritus_request
     _warn "documents/emeritus-requests-received/#{emeritus_request} already exists"
   end
 else
diff --git a/www/secretary/workbench/views/actions/icla2.json.rb b/www/secretary/workbench/views/actions/icla2.json.rb
index 3ee713d..ef656e5 100644
--- a/www/secretary/workbench/views/actions/icla2.json.rb
+++ b/www/secretary/workbench/views/actions/icla2.json.rb
@@ -73,7 +73,7 @@ end
 #   - calling .max on an empty array returns nil.  Treat it as one as there
 #     is an existing document that will be moved into this directory.
 #   - If all else fails, set count to "N"
-count = (Array(ASF::SVN.list((ASF::SVN.svnurl('iclas') + '/' + @filename).untaint)).
+count = (Array(ASF::SVN.list((ASF::SVN.svnurl('iclas') + '/' + @filename))).
       first.to_s.split.
       map {|name| name[/.*(\d+)\./, 1] || 1}.
       map(&:to_i).max || 1) + 1 rescue 'N'
@@ -158,8 +158,8 @@ if person.public_name != @pubname and @id != 'notinavail'
     complete do
       ldap = ASF.init_ldap(true)
 
-      ldap.bind("uid=#{env.user.untaint},ou=people,dc=apache,dc=org",
-        env.password.untaint)
+      ldap.bind("uid=#{env.user},ou=people,dc=apache,dc=org",
+        env.password)
 
       ldap.modify person.dn, [ASF::Base.mod_replace('cn', @pubname.strip)]
 
@@ -217,8 +217,8 @@ if @id != 'notinavail'
     complete do
       ldap = ASF.init_ldap(true)
 
-      ldap.bind("uid=#{env.user.untaint},ou=people,dc=apache,dc=org",
-                env.password.untaint)
+      ldap.bind("uid=#{env.user},ou=people,dc=apache,dc=org",
+                env.password)
 
       ldap.modify person.dn, [ASF::Base.mod_replace('mail', @email.strip)]
 


Mime
View raw message