[ruby/psych] Remove taint support

Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. I'm not sure if the untaint calls in deduplicate are still needed after the removal of tainting in the parser. If they are not needed, they should be removed. https://github.com/ruby/psych/commit/73c1a2b4e0
2022-11-09 12:17:21 -05:00 · 2019-10-18 12:34:59 -07:00 · 2019-10-18 12:34:59 -07:00 · 30fdee65d9
commit 30fdee65d9
parent 5ef41c91f0
3 changed files with 2 additions and 151 deletions
--- a/ext/psych/lib/psych/visitors/to_ruby.rb
+++ b/ext/psych/lib/psych/visitors/to_ruby.rb
@ -368,11 +368,9 @@ module Psych
        hash
      end

-      if String.method_defined?(:-@)
+      if RUBY_VERSION < '2.7'
        def deduplicate key
          if key.is_a?(String)
-            # It is important to untaint the string, otherwise it won't
-            # be deduplicated into and fstring, but simply frozen.
            -(key.untaint)
          else
            key
@ -381,9 +379,7 @@ module Psych
      else
        def deduplicate key
          if key.is_a?(String)
-            # Deduplication is not supported by this implementation,
-            # but we emulate it's side effects
-            key.untaint.freeze
+            -key
          else
            key
          end
--- a/ext/psych/psych_parser.c
+++ b/ext/psych/psych_parser.c
@ -256,7 +256,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
    yaml_parser_t * parser;
    yaml_event_t event;
    int done = 0;
-    int tainted = 0;
    int state = 0;
    int parser_encoding = YAML_ANY_ENCODING;
    int encoding = rb_utf8_encindex();
@ -275,13 +274,10 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
    yaml_parser_delete(parser);
    yaml_parser_initialize(parser);

-    if (OBJ_TAINTED(yaml)) tainted = 1;
-
    if (rb_respond_to(yaml, id_read)) {
 	yaml = transcode_io(yaml, &parser_encoding);
 	yaml_parser_set_encoding(parser, parser_encoding);
 	yaml_parser_set_input(parser, io_reader, (void *)yaml);
-	if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1;
    } else {
 	StringValue(yaml);
 	yaml = transcode_string(yaml, &parser_encoding);
@ -352,13 +348,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 			VALUE prefix = Qnil;
 			if(start->handle) {
 			    handle = rb_str_new2((const char *)start->handle);
-			    if (tainted) OBJ_TAINT(handle);
 			    PSYCH_TRANSCODE(handle, encoding, internal_enc);
 			}

 			if(start->prefix) {
 			    prefix = rb_str_new2((const char *)start->prefix);
-			    if (tainted) OBJ_TAINT(prefix);
 			    PSYCH_TRANSCODE(prefix, encoding, internal_enc);
 			}

@ -387,7 +381,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE alias = Qnil;
 		if(event.data.alias.anchor) {
 		    alias = rb_str_new2((const char *)event.data.alias.anchor);
-		    if (tainted) OBJ_TAINT(alias);
 		    PSYCH_TRANSCODE(alias, encoding, internal_enc);
 		}

@ -406,19 +399,16 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		    (const char *)event.data.scalar.value,
 		    (long)event.data.scalar.length
 		    );
-		if (tainted) OBJ_TAINT(val);

 		PSYCH_TRANSCODE(val, encoding, internal_enc);

 		if(event.data.scalar.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.scalar.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}

 		if(event.data.scalar.tag) {
 		    tag = rb_str_new2((const char *)event.data.scalar.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}

@ -448,14 +438,12 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE implicit, style;
 		if(event.data.sequence_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.sequence_start.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}

 		tag = Qnil;
 		if(event.data.sequence_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.sequence_start.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}

@ -484,13 +472,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE implicit, style;
 		if(event.data.mapping_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.mapping_start.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}

 		if(event.data.mapping_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.mapping_start.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}

--- a/test/psych/test_tainted.rb
+++ b/test/psych/test_tainted.rb
@ -1,131 +0,0 @@
-# frozen_string_literal: true
-require_relative 'helper'
-
-module Psych
-  class TestStringTainted < TestCase
-    class Tainted < Handler
-      attr_reader :tc
-
-      def initialize tc
-        @tc = tc
-      end
-
-      def start_document version, tags, implicit
-        tags.flatten.each do |tag|
-          assert_taintedness tag
-        end
-      end
-
-      def alias name
-        assert_taintedness name
-      end
-
-      def scalar value, anchor, tag, plain, quoted, style
-        assert_taintedness value
-        assert_taintedness tag if tag
-        assert_taintedness anchor if anchor
-      end
-
-      def start_sequence anchor, tag, implicit, style
-        assert_taintedness tag if tag
-        assert_taintedness anchor if anchor
-      end
-
-      def start_mapping anchor, tag, implicit, style
-        assert_taintedness tag if tag
-        assert_taintedness anchor if anchor
-      end
-
-      def assert_taintedness thing, message = "'#{thing}' should be tainted"
-        tc.assert thing.tainted?, message
-      end
-    end
-
-    class Untainted < Tainted
-      def assert_taintedness thing, message = "'#{thing}' should not be tainted"
-        tc.assert !thing.tainted?, message
-      end
-    end
-
-
-    def setup
-      handler = Tainted.new self
-      @parser = Psych::Parser.new handler
-    end
-
-    def test_tags_are_tainted
-      assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\""
-    end
-
-    def test_alias
-      assert_taintedness  "--- &ponies\n- foo\n- *ponies"
-    end
-
-    def test_scalar
-      assert_taintedness "--- ponies"
-    end
-
-    def test_anchor
-      assert_taintedness "--- &hi ponies"
-    end
-
-    def test_scalar_tag
-      assert_taintedness "--- !str ponies"
-    end
-
-    def test_seq_start_tag
-      assert_taintedness "--- !!seq [ a ]"
-    end
-
-    def test_seq_start_anchor
-      assert_taintedness "--- &zomg [ a ]"
-    end
-
-    def test_seq_mapping_tag
-      assert_taintedness "--- !!map { a: b }"
-    end
-
-    def test_seq_mapping_anchor
-      assert_taintedness "--- &himom { a: b }"
-    end
-
-    def assert_taintedness string
-      @parser.parse string.dup.taint
-    end
-  end
-
-  class TestStringUntainted < TestStringTainted
-    def setup
-      handler = Untainted.new self
-      @parser = Psych::Parser.new handler
-    end
-
-    def assert_taintedness string
-      @parser.parse string
-    end
-  end
-
-  class TestStringIOUntainted < TestStringTainted
-    def setup
-      handler = Untainted.new self
-      @parser = Psych::Parser.new handler
-    end
-
-    def assert_taintedness string
-      @parser.parse StringIO.new(string)
-    end
-  end
-
-  class TestIOTainted < TestStringTainted
-    def assert_taintedness string
-      Tempfile.create(['something', 'yml']) {|t|
-        t.binmode
-        t.write string
-        t.close
-        File.open(t.path, 'r:bom|utf-8') { |f|
-          @parser.parse f
-        }
-      }
-    end
-  end
-end