The whole path seems a bit weird to me. I'm not 100% sure why it even detects it as a possibly tainted value since the podling's information should have been read externally rather than from the request.
On Thu, Jun 8, 2017 at 6:38 AM sebb <[email protected]> wrote: > On 8 June 2017 at 11:28, <[email protected]> wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > johndament pushed a commit to branch master > > in repository https://gitbox.apache.org/repos/asf/whimsy.git > > > > > > The following commit(s) were added to refs/heads/master by this push: > > new 61bf3db Check for clean resources. > > 61bf3db is described below > > > > commit 61bf3db86b73122d9e014e98f9624db05104b925 > > Author: John D. Ament <[email protected]> > > AuthorDate: Thu Jun 8 06:28:49 2017 -0400 > > > > Check for clean resources. > > --- > > lib/whimsy/asf/podlings.rb | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/lib/whimsy/asf/podlings.rb b/lib/whimsy/asf/podlings.rb > > index 408d3e2..1a3aae2 100644 > > --- a/lib/whimsy/asf/podlings.rb > > +++ b/lib/whimsy/asf/podlings.rb > > @@ -209,6 +209,7 @@ module ASF > > end > > > > def podlingStatus > > + @resource.untaint if @resource =~ /\A\w+\Z/ > > incubator_content = ASF::SVN['asf/incubator/public/trunk/content'] > > resource_yml = "#{incubator_content}/podlings/#{@resource}.yml" > > Don't you need to handle the case where the resource cannot be untainted? > > > if File.exist?(resource_yml) > > > > -- > > To stop receiving notification emails like this one, please contact > > ['"[email protected]" <[email protected]>']. >
