diff options
| author | Jeremy Evans <[email protected]> | 2019-09-24 20:59:12 -0700 |
|---|---|---|
| committer | Jeremy Evans <[email protected]> | 2019-11-18 01:00:25 +0200 |
| commit | ffd0820ab317542f8780aac475da590a4bdbc7a8 () | |
| tree | 6a5d774933c15fd2b9ea948bd3ae2fa587faaf82 /lib | |
| parent | c5c05460ac20abcbc0ed686eb4acf06da7a39a79 (diff) | |
Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby.
Notes: Merged: https://.com/ruby/ruby/pull/2476
| -rw-r--r-- | lib/cgi/core.rb | 4 | ||||
| -rw-r--r-- | lib/cgi/session/pstore.rb | 1 | ||||
| -rw-r--r-- | lib/delegate.rb | 29 | ||||
| -rw-r--r-- | lib/drb/drb.rb | 14 | ||||
| -rw-r--r-- | lib/drb/ssl.rb | 2 | ||||
| -rw-r--r-- | lib/drb/unix.rb | 1 | ||||
| -rw-r--r-- | lib/find.rb | 4 | ||||
| -rw-r--r-- | lib/net/imap.rb | 2 | ||||
| -rw-r--r-- | lib/pp.rb | 6 | ||||
| -rw-r--r-- | lib/resolv.rb | 4 | ||||
| -rw-r--r-- | lib/set.rb | 10 | ||||
| -rw-r--r-- | lib/singleton.rb | 8 |
12 files changed, 15 insertions, 70 deletions
@@ -544,11 +544,11 @@ class CGI /Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head) filename = $1 || $2 || ''.dup filename = CGI.unescape(filename) if unescape_filename?() - body.instance_variable_set(:@original_filename, filename.taint) ## content type /Content-Type: (.*)/i.match(head) (content_type = $1 || ''.dup).chomp! - body.instance_variable_set(:@content_type, content_type.taint) ## query parameter name /Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head) name = $1 || $2 || '' @@ -50,7 +50,6 @@ class CGI require 'digest/md5' md5 = Digest::MD5.hexdigest(id)[0,16] path = dir+"/"+prefix+md5 - path.untaint if File::exist?(path) @hash = nil else @@ -220,35 +220,12 @@ class Delegator < BasicObject private :initialize_clone, :initialize_dup ## - # :method: trust - # Trust both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: untrust - # Untrust both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: taint - # Taint both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: untaint - # Untaint both the object returned by \_\_getobj\_\_ and self. - # - - ## # :method: freeze # Freeze both the object returned by \_\_getobj\_\_ and self. # - - [:trust, :untrust, :taint, :untaint, :freeze].each do |method| - define_method method do - __getobj__.send(method) - super() - end end @delegator_api = self.public_instance_methods @@ -233,7 +233,7 @@ require_relative 'eq' # def get_logger(name) # if [email protected]_key? name # # make the filename safe, then declare it to be so -# fname = name.gsub(/[.\/\\\:]/, "_").untaint # @loggers[name] = Logger.new(name, @basedir + "/" + fname) # end # return @loggers[name] @@ -594,16 +594,9 @@ module DRb raise(DRbConnError, 'premature marshal format(can\'t read)') if str.size < sz DRb.mutex.synchronize do begin - save = Thread.current[:drb_untaint] - Thread.current[:drb_untaint] = [] Marshal::load(str) rescue NameError, ArgumentError DRbUnknown.new($!, str) - ensure - Thread.current[:drb_untaint].each do |x| - x.untaint - end - Thread.current[:drb_untaint] = save end end end @@ -843,8 +836,6 @@ module DRb # URI protocols. def self.open(uri, config) host, port, = parse_uri(uri) - host.untaint - port.untaint soc = TCPSocket.open(host, port) self.new(uri, soc, config) end @@ -1061,9 +1052,6 @@ module DRb if DRb.here?(uri) obj = DRb.to_obj(ref) - if ((! obj.tainted?) && Thread.current[:drb_untaint]) - Thread.current[:drb_untaint].push(obj) - end return obj end @@ -248,8 +248,6 @@ module DRb # configuration. Either a Hash or DRb::DRbSSLSocket::SSLConfig def self.open(uri, config) host, port, = parse_uri(uri) - host.untaint - port.untaint soc = TCPSocket.open(host, port) ssl_conf = SSLConfig::new(config) ssl_conf.setup_ssl_context @@ -27,7 +27,6 @@ module DRb def self.open(uri, config) filename, = parse_uri(uri) - filename.untaint soc = UNIXSocket.open(filename) self.new(uri, soc, config) end @@ -46,7 +46,7 @@ module Find ps = [path] while file = ps.shift catch(:prune) do - yield file.dup.taint begin s = File.lstat(file) rescue Errno::ENOENT, Errno::EACCES, Errno::ENOTDIR, Errno::ELOOP, Errno::ENAMETOOLONG @@ -63,7 +63,7 @@ module Find fs.sort! fs.reverse_each {|f| f = File.join(file, f) - ps.unshift f.untaint } end end @@ -3238,7 +3238,7 @@ module Net if atom atom else - symbol = flag.capitalize.untaint.intern @flag_symbols[symbol] = true if @flag_symbols.length > IMAP.max_flag_count raise FlagCountError, "number of flag symbols exceeded" @@ -106,17 +106,17 @@ class PP < PrettyPrint # and preserves the previous set of objects being printed. def guard_inspect_key if Thread.current[:__recursive_key__] == nil - Thread.current[:__recursive_key__] = {}.compare_by_identity.taint end if Thread.current[:__recursive_key__][:inspect] == nil - Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint end save = Thread.current[:__recursive_key__][:inspect] begin - Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint yield ensure Thread.current[:__recursive_key__][:inspect] = save @@ -194,15 +194,12 @@ class Resolv line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) next unless addr - addr.untaint - hostname.untaint @addr2name[addr] = [] unless @addr2name.include? addr @addr2name[addr] << hostname @addr2name[addr] += aliases @name2addr[hostname] = [] unless @name2addr.include? hostname @name2addr[hostname] << addr aliases.each {|n| - n.untaint @name2addr[n] = [] unless @name2addr.include? n @name2addr[n] << addr } @@ -964,7 +961,6 @@ class Resolv f.each {|line| line.sub!(/[#;].*/, '') keyword, *args = line.split(/\s+/) - args.each(&:untaint) next unless keyword case keyword when 'nameserver' @@ -147,16 +147,6 @@ class Set super end - def taint # :nodoc: - @hash.taint - super - end - - def untaint # :nodoc: - @hash.untaint - super - end - # Returns the number of elements. def size @hash.size @@ -58,10 +58,9 @@ # == Singleton and Marshal # # By default Singleton's #_dump(depth) returns the empty string. Marshalling by -# default will strip state information, e.g. instance variables and taint -# state, from the instance. Classes using Singleton can provide custom -# _load(str) and _dump(depth) methods to retain some of the previous state of -# the instance. # # require 'singleton' # @@ -82,7 +81,6 @@ # a = Example.instance # a.keep = "keep this" # a.strip = "get rid of this" -# a.taint # # stored_state = Marshal.dump(a) # |