whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [whimsy] branch master updated: More untaint
Date Fri, 02 Oct 2020 16:36:18 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new d9d5555  More untaint
d9d5555 is described below

commit d9d5555e864ad8cedecd5f2dc8f3d39a77c0f42b
Author: Sebb <sebb@apache.org>
AuthorDate: Fri Oct 2 17:36:09 2020 +0100

    More untaint
---
 tools/wwwdocs.rb                  | 10 +++++-----
 www/board/agenda/models/agenda.rb |  7 ++++---
 www/members/board-attend.cgi      |  2 +-
 www/members/mentors.cgi           |  8 ++++----
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/tools/wwwdocs.rb b/tools/wwwdocs.rb
index 1d0531a..341b7b4 100755
--- a/tools/wwwdocs.rb
+++ b/tools/wwwdocs.rb
@@ -71,8 +71,8 @@ end
 # @return [ [PAGETITLE, [cat,egories] ], ... ]
 def scan_dir(dir)
   links = {}
-  Dir["#{dir}/**/*.cgi".untaint].each do |f|
-    l = scan_file(f.untaint)
+  Dir["#{dir}/**/*.cgi"].each do |f|
+    l = scan_file(f)
     links[f.sub(dir, '')] = l if l
   end
   return links
@@ -90,7 +90,7 @@ def get_auth
   hash = {}
   files = Dir[WHIMSY_CONF]
   return hash unless files.size == 1 # must match just one
-  file = files.first.untaint
+  file = files.first
   loc = nil
   File.read(file).each_line do |l|
     if l =~ %r{<LocationMatch ([^>]+)>}
@@ -172,8 +172,8 @@ end
 def scan_dir_svn(dir, regexs, auth = get_auth())
   links = {}
   auth = get_auth()
-  Dir["#{dir}/**/*.{cgi,rb}".untaint].sort.each do |f|
-    l = scan_file_svn(f.untaint, regexs)
+  Dir["#{dir}/**/*.{cgi,rb}"].sort.each do |f|
+    l = scan_file_svn(f, regexs)
     if (l[0].length + l[1].length) > 0
       fbase = f.sub(dir, '')
       realm = auth.select { |k, v| fbase.sub('/www', '').match(/\A#{k}/) }
diff --git a/www/board/agenda/models/agenda.rb b/www/board/agenda/models/agenda.rb
index 8e7f4bf..959485a 100755
--- a/www/board/agenda/models/agenda.rb
+++ b/www/board/agenda/models/agenda.rb
@@ -87,18 +87,19 @@ class Agenda
   end
 
   def self.uptodate(file)
-    path = File.expand_path(file, FOUNDATION_BOARD).untaint
+    raise ArgumentError, "Invalid file name #{file}" unless file =~ /\Aboard_\w+_[\d_]+\.txt\z/
+    path = File.expand_path(file, FOUNDATION_BOARD)
     return false unless File.exist? path
     return Agenda[file][:mtime] == File.mtime(path)
   end
 
   def self.parse(file, mode)
+    raise ArgumentError, "Invalid file name #{file}" unless file =~ /\Aboard_\w+_[\d_]+\.txt\z/
     # for quick mode, anything will do
     mode = :quick if ENV['RACK_ENV'] == 'test'
     return Agenda[file][:parsed] if mode == :quick and Agenda[file][:mtime] != 0
 
-    file.untaint if file =~ /\Aboard_\w+_[\d_]+\.txt\z/
-    path = File.expand_path(file, FOUNDATION_BOARD).untaint
+    path = File.expand_path(file, FOUNDATION_BOARD)
 
     return Agenda[file][:parsed] unless File.exist? path
 
diff --git a/www/members/board-attend.cgi b/www/members/board-attend.cgi
index 92e0cd5..cb66370 100755
--- a/www/members/board-attend.cgi
+++ b/www/members/board-attend.cgi
@@ -22,7 +22,7 @@ APPROVED = 'approved'
 def summarize(fname, dstats)
   meeting = File.basename(fname, '.*')
   begin
-    agenda = ASF::Board::Agenda.parse(File.read(fname.untaint))
+    agenda = ASF::Board::Agenda.parse(File.read(fname))
   rescue StandardError => e
     return "summarize(#{fname}) Agenda parse error: #{e.message} #{e.backtrace[0]}"
   end
diff --git a/www/members/mentors.cgi b/www/members/mentors.cgi
index d2fb914..ea4f9b5 100755
--- a/www/members/mentors.cgi
+++ b/www/members/mentors.cgi
@@ -30,12 +30,12 @@ end
 
 # Read *.json from directory of mentor files
 # @return hash of mentors by apacheid
-def read_mentors(path)
+def read_mentors
   mentors = {}
-  Dir[File.join(path, '*.json')].sort.each do |file|
+  Dir[File.join(ASF::SVN[MENTORS_SVN], '*.json')].sort.each do |file|
     # Skip files with - dashes, they aren't apacheids
     next if file.include?('-')
-    read_mentor(file.untaint, mentors)
+    read_mentor(file, mentors)
   end
   return mentors
 end
@@ -56,7 +56,7 @@ _html do
       },
       helpblock: -> {
         uimap = MentorFormat::get_uimap(ASF::SVN[MENTORS_SVN])
-        mentors = read_mentors(ASF::SVN[MENTORS_SVN])
+        mentors = read_mentors
         errors, mentors = mentors.partition{ |k,v| v.has_key?(MentorFormat::ERRORS)}.map(&:to_h)
         notavailable, mentors = mentors.partition{ |k,v| v.has_key?(MentorFormat::NOTAVAILABLE)}.map(&:to_h)
         _p do


Mime
View raw message