ruby-changes:58806
From: Jeremy <ko1@a...>
Date: Mon, 18 Nov 2019 08:09:29 +0900 (JST)
Subject: [ruby-changes:58806] ffd0820ab3 (master): Deprecate taint/trust and related methods, and make the methods no-ops
https://git.ruby-lang.org/ruby.git/commit/?id=ffd0820ab3 From ffd0820ab317542f8780aac475da590a4bdbc7a8 Mon Sep 17 00:00:00 2001 From: Jeremy Evans <code@j...> Date: Tue, 24 Sep 2019 20:59:12 -0700 Subject: Deprecate taint/trust and related methods, and make the methods no-ops This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. diff --git a/array.c b/array.c index 3aab2ec..e3bbef6 100644 --- a/array.c +++ b/array.c @@ -2285,7 +2285,6 @@ ary_join_0(VALUE ary, VALUE sep, long max, VALUE result) https://github.com/ruby/ruby/blob/trunk/array.c#L2285 if (i > 0 && !NIL_P(sep)) rb_str_buf_append(result, sep); rb_str_buf_append(result, val); - if (OBJ_TAINTED(val)) OBJ_TAINT(result); } } @@ -2346,11 +2345,9 @@ VALUE https://github.com/ruby/ruby/blob/trunk/array.c#L2345 rb_ary_join(VALUE ary, VALUE sep) { long len = 1, i; - int taint = FALSE; VALUE val, tmp, result; if (RARRAY_LEN(ary) == 0) return rb_usascii_str_new(0, 0); - if (OBJ_TAINTED(ary)) taint = TRUE; if (!NIL_P(sep)) { StringValue(sep); @@ -2364,7 +2361,6 @@ rb_ary_join(VALUE ary, VALUE sep) https://github.com/ruby/ruby/blob/trunk/array.c#L2361 int first; result = rb_str_buf_new(len + (RARRAY_LEN(ary)-i)*10); rb_enc_associate(result, rb_usascii_encoding()); - if (taint) OBJ_TAINT(result); ary_join_0(ary, sep, i, result); first = i == 0; ary_join_1(ary, ary, sep, i, result, &first); @@ -2377,7 +2373,6 @@ rb_ary_join(VALUE ary, VALUE sep) https://github.com/ruby/ruby/blob/trunk/array.c#L2373 result = rb_str_new(0, len); rb_str_set_len(result, 0); - if (taint) OBJ_TAINT(result); ary_join_0(ary, sep, RARRAY_LEN(ary), result); return result; @@ -2419,7 +2414,6 @@ rb_ary_join_m(int argc, VALUE *argv, VALUE ary) https://github.com/ruby/ruby/blob/trunk/array.c#L2414 static VALUE inspect_ary(VALUE ary, VALUE dummy, int recur) { - int tainted = OBJ_TAINTED(ary); long i; VALUE s, str; @@ -2427,13 +2421,11 @@ inspect_ary(VALUE ary, VALUE dummy, int recur) https://github.com/ruby/ruby/blob/trunk/array.c#L2421 str = rb_str_buf_new2("["); for (i=0; i<RARRAY_LEN(ary); i++) { s = rb_inspect(RARRAY_AREF(ary, i)); - if (OBJ_TAINTED(s)) tainted = TRUE; if (i > 0) rb_str_buf_cat2(str, ", "); else rb_enc_copy(str, s); rb_str_buf_append(str, s); } rb_str_buf_cat2(str, "]"); - if (tainted) OBJ_TAINT(str); return str; } @@ -4135,8 +4127,6 @@ rb_ary_times(VALUE ary, VALUE times) https://github.com/ruby/ruby/blob/trunk/array.c#L4127 } } out: - OBJ_INFECT(ary2, ary); - return ary2; } @@ -5315,7 +5305,6 @@ rb_ary_flatten(int argc, VALUE *argv, VALUE ary) https://github.com/ruby/ruby/blob/trunk/array.c#L5305 if (result == ary) { result = ary_make_shared_copy(ary); } - OBJ_INFECT(result, ary); return result; } diff --git a/bin/erb b/bin/erb index d5e51ee..2435224 100755 --- a/bin/erb +++ b/bin/erb @@ -128,10 +128,10 @@ EOU https://github.com/ruby/ruby/blob/trunk/bin/erb#L128 exit 2 unless src trim = trim_mode_opt(trim_mode, disable_percent) if safe_level.nil? - erb = factory.new(src.untaint, trim_mode: trim) + erb = factory.new(src, trim_mode: trim) else # [deprecated] This will be removed at Ruby 2.7. - erb = factory.new(src.untaint, safe_level, trim_mode: trim) + erb = factory.new(src, safe_level, trim_mode: trim) end erb.filename = filename if output @@ -143,7 +143,7 @@ EOU https://github.com/ruby/ruby/blob/trunk/bin/erb#L143 puts erb.src end else - bind = TOPLEVEL_BINDING.taint + bind = TOPLEVEL_BINDING if variables enc = erb.encoding for var, val in variables do diff --git a/class.c b/class.c index 0b2bd2c..c253b4b 100644 --- a/class.c +++ b/class.c @@ -205,7 +205,6 @@ rb_class_boot(VALUE super) https://github.com/ruby/ruby/blob/trunk/class.c#L205 RCLASS_SET_SUPER(klass, super); RCLASS_M_TBL_INIT(klass); - OBJ_INFECT(klass, super); return (VALUE)klass; } @@ -511,8 +510,6 @@ make_metaclass(VALUE klass) https://github.com/ruby/ruby/blob/trunk/class.c#L510 while (RB_TYPE_P(super, T_ICLASS)) super = RCLASS_SUPER(super); RCLASS_SET_SUPER(metaclass, super ? ENSURE_EIGENCLASS(super) : rb_cClass); - OBJ_INFECT(metaclass, RCLASS_SUPER(metaclass)); - return metaclass; } @@ -851,8 +848,6 @@ rb_include_class_new(VALUE module, VALUE super) https://github.com/ruby/ruby/blob/trunk/class.c#L848 else { RBASIC_SET_CLASS(klass, module); } - OBJ_INFECT(klass, module); - OBJ_INFECT(klass, super); return (VALUE)klass; } @@ -867,7 +862,6 @@ ensure_includable(VALUE klass, VALUE module) https://github.com/ruby/ruby/blob/trunk/class.c#L862 if (!NIL_P(rb_refinement_module_get_refined_class(module))) { rb_raise(rb_eArgError, "refinement module is not allowed"); } - OBJ_INFECT(klass, module); } void @@ -1660,12 +1654,6 @@ singleton_class_of(VALUE obj) https://github.com/ruby/ruby/blob/trunk/class.c#L1654 RCLASS_SERIAL(klass) = serial; } - if (OBJ_TAINTED(obj)) { - OBJ_TAINT(klass); - } - else { - FL_UNSET(klass, FL_TAINT); - } RB_FL_SET_RAW(klass, RB_OBJ_FROZEN_RAW(obj)); return klass; diff --git a/dir.c b/dir.c index cefb5e7..93c696b 100644 --- a/dir.c +++ b/dir.c @@ -1129,9 +1129,8 @@ rb_dir_getwd_ospath(void) https://github.com/ruby/ruby/blob/trunk/dir.c#L1129 DATA_PTR(path_guard) = path; #ifdef __APPLE__ cwd = rb_str_normalize_ospath(path, strlen(path)); - OBJ_TAINT(cwd); #else - cwd = rb_tainted_str_new2(path); + cwd = rb_str_new2(path); #endif DATA_PTR(path_guard) = 0; @@ -2564,7 +2563,6 @@ push_pattern(const char *path, VALUE ary, void *enc) https://github.com/ruby/ruby/blob/trunk/dir.c#L2563 #if defined _WIN32 || defined __APPLE__ VALUE name = rb_utf8_str_new_cstr(path); rb_encoding *eenc = rb_default_internal_encoding(); - OBJ_TAINT(name); name = rb_str_conv_enc(name, NULL, eenc ? eenc : enc); #else VALUE name = rb_external_str_new_with_enc(path, strlen(path), enc); diff --git a/encoding.c b/encoding.c index b000e0f..50093df 100644 --- a/encoding.c +++ b/encoding.c @@ -649,7 +649,6 @@ load_encoding(const char *name) https://github.com/ruby/ruby/blob/trunk/encoding.c#L649 else if (ISUPPER(*s)) *s = (char)TOLOWER(*s); ++s; } - FL_UNSET(enclib, FL_TAINT); enclib = rb_fstring(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; diff --git a/enum.c b/enum.c index 829d67a..0653280 100644 --- a/enum.c +++ b/enum.c @@ -647,7 +647,6 @@ enum_to_a(int argc, VALUE *argv, VALUE obj) https://github.com/ruby/ruby/blob/trunk/enum.c#L647 VALUE ary = rb_ary_new(); rb_block_call(obj, id_each, argc, argv, collect_all, ary); - OBJ_INFECT(ary, obj); return ary; } @@ -657,7 +656,6 @@ enum_hashify(VALUE obj, int argc, const VALUE *argv, rb_block_call_func *iter) https://github.com/ruby/ruby/blob/trunk/enum.c#L656 { VALUE hash = rb_hash_new(); rb_block_call(obj, id_each, argc, argv, iter, hash); - OBJ_INFECT(hash, obj); return hash; } @@ -1245,7 +1243,6 @@ enum_sort_by(VALUE obj) https://github.com/ruby/ruby/blob/trunk/enum.c#L1243 buf = rb_ary_tmp_new(SORT_BY_BUFSIZE*2); rb_ary_store(buf, SORT_BY_BUFSIZE*2-1, Qnil); memo = MEMO_NEW(0, 0, 0); - OBJ_INFECT(memo, obj); data = (struct sort_by_data *)&memo->v1; RB_OBJ_WRITE(memo, &data->ary, ary); RB_OBJ_WRITE(memo, &data->buf, buf); @@ -1270,7 +1267,6 @@ enum_sort_by(VALUE obj) https://github.com/ruby/ruby/blob/trunk/enum.c#L1267 } rb_ary_resize(ary, RARRAY_LEN(ary)/2); RBASIC_SET_CLASS_RAW(ary, rb_cArray); - OBJ_INFECT(ary, memo); return ary; } diff --git a/enumerator.c b/enumerator.c index 5f21455..a5d7106 100644 --- a/enumerator.c +++ b/enumerator.c @@ -1077,7 +1077,6 @@ inspect_enumerator(VALUE obj, VALUE dummy, int recur) https://github.com/ruby/ruby/blob/trunk/enumerator.c#L1077 if (recur) { str = rb_sprintf("#<%"PRIsVALUE": ...>", rb_class_path(cname)); - OBJ_TAINT(str); return str; } @@ -1172,7 +1171,6 @@ append_method(VALUE obj, VALUE str, ID default_method, VALUE default_args) https://github.com/ruby/ruby/blob/trunk/enumerator.c#L1171 rb_str_append(str, rb_inspect(arg)); rb_str_buf_cat2(str, ", "); - OBJ_INFECT(str, arg); } if (!NIL_P(kwds)) { rb_hash_foreach(kwds, kwd_append, str); @@ -3609,7 +3607,6 @@ arith_seq_inspect(VALUE self) https://github.com/ruby/ruby/blob/trunk/enumerator.c#L3607 rb_str_append(str, rb_inspect(arg)); rb_str_buf_cat2(str, ", "); - OBJ_INFECT(str, arg); } if (!NIL_P(kwds)) { rb_hash_foreach(kwds, kwd_append, str); diff --git a/error.c b/error.c index 6ce49e0..0859036 100644 --- a/error.c +++ b/error.c @@ -2018,7 +2018,6 @@ syserr_initialize(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/error.c#L2018 if (!NIL_P(func)) rb_str_catf(errmsg, " @ %"PRIsVALUE, func); rb_str_catf(errmsg, " - %"PRIsVALUE, str); - OBJ_INFECT(errmsg, mesg); } mesg = errmsg; @@ -2319,19 +2318,7 @@ syserr_eqq(VALUE self, VALUE exc) https://github.com/ruby/ruby/blob/trunk/error.c#L2318 /* * Document-class: SecurityError * - * Raised when attempting a potential unsafe operation, typically when - * the $SAFE level is raised above 0. - * - * foo = "bar" - * proc = Proc.new do - * $SAFE = 3 - * foo.untaint - * end - * proc.call - * - * <em>raises the exception:</em> - * - * SecurityError: Insecure: Insecure operation `untaint' at level 3 + * No longer used by internal code. */ (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/