ruby-changes:58734
From: Jeremy <ko1@a...>
Date: Tue, 12 Nov 2019 10:58:42 +0900 (JST)
Subject: [ruby-changes:58734] 30fdee65d9 (master): [ruby/psych] Remove taint support
https://git.ruby-lang.org/ruby.git/commit/?id=30fdee65d9 From 30fdee65d96924e0793ec702fcda909a2cac71ea Mon Sep 17 00:00:00 2001 From: Jeremy Evans <code@j...> Date: Fri, 18 Oct 2019 12:34:59 -0700 Subject: [ruby/psych] Remove taint support Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. I'm not sure if the untaint calls in deduplicate are still needed after the removal of tainting in the parser. If they are not needed, they should be removed. https://github.com/ruby/psych/commit/73c1a2b4e0 diff --git a/ext/psych/lib/psych/visitors/to_ruby.rb b/ext/psych/lib/psych/visitors/to_ruby.rb index 49447e1..b72fb4a 100644 --- a/ext/psych/lib/psych/visitors/to_ruby.rb +++ b/ext/psych/lib/psych/visitors/to_ruby.rb @@ -368,11 +368,9 @@ module Psych https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych/visitors/to_ruby.rb#L368 hash end - if String.method_defined?(:-@) + if RUBY_VERSION < '2.7' def deduplicate key if key.is_a?(String) - # It is important to untaint the string, otherwise it won't - # be deduplicated into and fstring, but simply frozen. -(key.untaint) else key @@ -381,9 +379,7 @@ module Psych https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych/visitors/to_ruby.rb#L379 else def deduplicate key if key.is_a?(String) - # Deduplication is not supported by this implementation, - # but we emulate it's side effects - key.untaint.freeze + -key else key end diff --git a/ext/psych/psych_parser.c b/ext/psych/psych_parser.c index 0fef173..fb1a917 100644 --- a/ext/psych/psych_parser.c +++ b/ext/psych/psych_parser.c @@ -256,7 +256,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L256 yaml_parser_t * parser; yaml_event_t event; int done = 0; - int tainted = 0; int state = 0; int parser_encoding = YAML_ANY_ENCODING; int encoding = rb_utf8_encindex(); @@ -275,13 +274,10 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L274 yaml_parser_delete(parser); yaml_parser_initialize(parser); - if (OBJ_TAINTED(yaml)) tainted = 1; - if (rb_respond_to(yaml, id_read)) { yaml = transcode_io(yaml, &parser_encoding); yaml_parser_set_encoding(parser, parser_encoding); yaml_parser_set_input(parser, io_reader, (void *)yaml); - if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1; } else { StringValue(yaml); yaml = transcode_string(yaml, &parser_encoding); @@ -352,13 +348,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L348 VALUE prefix = Qnil; if(start->handle) { handle = rb_str_new2((const char *)start->handle); - if (tainted) OBJ_TAINT(handle); PSYCH_TRANSCODE(handle, encoding, internal_enc); } if(start->prefix) { prefix = rb_str_new2((const char *)start->prefix); - if (tainted) OBJ_TAINT(prefix); PSYCH_TRANSCODE(prefix, encoding, internal_enc); } @@ -387,7 +381,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L381 VALUE alias = Qnil; if(event.data.alias.anchor) { alias = rb_str_new2((const char *)event.data.alias.anchor); - if (tainted) OBJ_TAINT(alias); PSYCH_TRANSCODE(alias, encoding, internal_enc); } @@ -406,19 +399,16 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L399 (const char *)event.data.scalar.value, (long)event.data.scalar.length ); - if (tainted) OBJ_TAINT(val); PSYCH_TRANSCODE(val, encoding, internal_enc); if(event.data.scalar.anchor) { anchor = rb_str_new2((const char *)event.data.scalar.anchor); - if (tainted) OBJ_TAINT(anchor); PSYCH_TRANSCODE(anchor, encoding, internal_enc); } if(event.data.scalar.tag) { tag = rb_str_new2((const char *)event.data.scalar.tag); - if (tainted) OBJ_TAINT(tag); PSYCH_TRANSCODE(tag, encoding, internal_enc); } @@ -448,14 +438,12 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L438 VALUE implicit, style; if(event.data.sequence_start.anchor) { anchor = rb_str_new2((const char *)event.data.sequence_start.anchor); - if (tainted) OBJ_TAINT(anchor); PSYCH_TRANSCODE(anchor, encoding, internal_enc); } tag = Qnil; if(event.data.sequence_start.tag) { tag = rb_str_new2((const char *)event.data.sequence_start.tag); - if (tainted) OBJ_TAINT(tag); PSYCH_TRANSCODE(tag, encoding, internal_enc); } @@ -484,13 +472,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L472 VALUE implicit, style; if(event.data.mapping_start.anchor) { anchor = rb_str_new2((const char *)event.data.mapping_start.anchor); - if (tainted) OBJ_TAINT(anchor); PSYCH_TRANSCODE(anchor, encoding, internal_enc); } if(event.data.mapping_start.tag) { tag = rb_str_new2((const char *)event.data.mapping_start.tag); - if (tainted) OBJ_TAINT(tag); PSYCH_TRANSCODE(tag, encoding, internal_enc); } diff --git a/test/psych/test_tainted.rb b/test/psych/test_tainted.rb deleted file mode 100644 index dcf150b..0000000 --- a/test/psych/test_tainted.rb +++ /dev/null @@ -1,131 +0,0 @@ https://github.com/ruby/ruby/blob/trunk/ext/psych/psych_parser.c#L0 -# frozen_string_literal: true -require_relative 'helper' - -module Psych - class TestStringTainted < TestCase - class Tainted < Handler - attr_reader :tc - - def initialize tc - @tc = tc - end - - def start_document version, tags, implicit - tags.flatten.each do |tag| - assert_taintedness tag - end - end - - def alias name - assert_taintedness name - end - - def scalar value, anchor, tag, plain, quoted, style - assert_taintedness value - assert_taintedness tag if tag - assert_taintedness anchor if anchor - end - - def start_sequence anchor, tag, implicit, style - assert_taintedness tag if tag - assert_taintedness anchor if anchor - end - - def start_mapping anchor, tag, implicit, style - assert_taintedness tag if tag - assert_taintedness anchor if anchor - end - - def assert_taintedness thing, message = "'#{thing}' should be tainted" - tc.assert thing.tainted?, message - end - end - - class Untainted < Tainted - def assert_taintedness thing, message = "'#{thing}' should not be tainted" - tc.assert !thing.tainted?, message - end - end - - - def setup - handler = Tainted.new self - @parser = Psych::Parser.new handler - end - - def test_tags_are_tainted - assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\"" - end - - def test_alias - assert_taintedness "--- &ponies\n- foo\n- *ponies" - end - - def test_scalar - assert_taintedness "--- ponies" - end - - def test_anchor - assert_taintedness "--- &hi ponies" - end - - def test_scalar_tag - assert_taintedness "--- !str ponies" - end - - def test_seq_start_tag - assert_taintedness "--- !!seq [ a ]" - end - - def test_seq_start_anchor - assert_taintedness "--- &zomg [ a ]" - end - - def test_seq_mapping_tag - assert_taintedness "--- !!map { a: b }" - end - - def test_seq_mapping_anchor - assert_taintedness "--- &himom { a: b }" - end - - def assert_taintedness string - @parser.parse string.dup.taint - end - end - - class TestStringUntainted < TestStringTainted - def setup - handler = Untainted.new self - @parser = Psych::Parser.new handler - end - - def assert_taintedness string - @parser.parse string - end - end - - class TestStringIOUntainted < TestStringTainted - def setup - handler = Untainted.new self - @parser = Psych::Parser.new handler - end - - def assert_taintedness string - @parser.parse StringIO.new(string) - end - end - - class TestIOTainted < TestStringTainted - def assert_taintedness string - Tempfile.create(['something', 'yml']) {|t| - t.binmode - t.write string - t.close - File.open(t.path, 'r:bom|utf-8') { |f| - @parser.parse f - } - } - end - end -end -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/