Remove taint support

Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. I'm not sure if the untaint calls in deduplicate are still needed after the removal of tainting in the parser. If they are not needed, they should be removed.
ruby · Oct 21, 2019 · 73c1a2b · 73c1a2b
1 parent 0910ae5
commit 73c1a2b
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 151 deletions.
diff --git a/ext/psych/psych_parser.c b/ext/psych/psych_parser.c
@@ -256,7 +256,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
     yaml_parser_t * parser;
     yaml_event_t event;
     int done = 0;
-    int tainted = 0;
     int state = 0;
     int parser_encoding = YAML_ANY_ENCODING;
     int encoding = rb_utf8_encindex();
@@ -275,13 +274,10 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
     yaml_parser_delete(parser);
     yaml_parser_initialize(parser);
 
-    if (OBJ_TAINTED(yaml)) tainted = 1;
-
     if (rb_respond_to(yaml, id_read)) {
 	yaml = transcode_io(yaml, &parser_encoding);
 	yaml_parser_set_encoding(parser, parser_encoding);
 	yaml_parser_set_input(parser, io_reader, (void *)yaml);
-	if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1;
     } else {
 	StringValue(yaml);
 	yaml = transcode_string(yaml, &parser_encoding);
@@ -352,13 +348,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 			VALUE prefix = Qnil;
 			if(start->handle) {
 			    handle = rb_str_new2((const char *)start->handle);
-			    if (tainted) OBJ_TAINT(handle);
 			    PSYCH_TRANSCODE(handle, encoding, internal_enc);
 			}
 
 			if(start->prefix) {
 			    prefix = rb_str_new2((const char *)start->prefix);
-			    if (tainted) OBJ_TAINT(prefix);
 			    PSYCH_TRANSCODE(prefix, encoding, internal_enc);
 			}
 
@@ -387,7 +381,6 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE alias = Qnil;
 		if(event.data.alias.anchor) {
 		    alias = rb_str_new2((const char *)event.data.alias.anchor);
-		    if (tainted) OBJ_TAINT(alias);
 		    PSYCH_TRANSCODE(alias, encoding, internal_enc);
 		}
 
@@ -406,19 +399,16 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		    (const char *)event.data.scalar.value,
 		    (long)event.data.scalar.length
 		    );
-		if (tainted) OBJ_TAINT(val);
 
 		PSYCH_TRANSCODE(val, encoding, internal_enc);
 
 		if(event.data.scalar.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.scalar.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}
 
 		if(event.data.scalar.tag) {
 		    tag = rb_str_new2((const char *)event.data.scalar.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}
 
@@ -448,14 +438,12 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE implicit, style;
 		if(event.data.sequence_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.sequence_start.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}
 
 		tag = Qnil;
 		if(event.data.sequence_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.sequence_start.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}
 
@@ -484,13 +472,11 @@ static VALUE parse(int argc, VALUE *argv, VALUE self)
 		VALUE implicit, style;
 		if(event.data.mapping_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.mapping_start.anchor);
-		    if (tainted) OBJ_TAINT(anchor);
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 		}
 
 		if(event.data.mapping_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.mapping_start.tag);
-		    if (tainted) OBJ_TAINT(tag);
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 		}
 

diff --git a/lib/psych/visitors/to_ruby.rb b/lib/psych/visitors/to_ruby.rb
@@ -368,11 +368,9 @@ def revive_hash hash, o
         hash
       end
 
-      if String.method_defined?(:-@)
+      if RUBY_VERSION < '2.7'
         def deduplicate key
           if key.is_a?(String)
-            # It is important to untaint the string, otherwise it won't
-            # be deduplicated into and fstring, but simply frozen.
             -(key.untaint)
           else
             key
@@ -381,9 +379,7 @@ def deduplicate key
       else
         def deduplicate key
           if key.is_a?(String)
-            # Deduplication is not supported by this implementation,
-            # but we emulate it's side effects
-            key.untaint.freeze
+            -key
           else
             key
           end

diff --git a/test/psych/test_tainted.rb b/test/psych/test_tainted.rb