Deprecate taint/trust and related methods, and make the methods no-ops

This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.

12 files changed, 15 insertions, 70 deletions

diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb
index ac75e54139..bec76e0749 100644
--- a/lib/cgi/core.rb
+++ b/lib/cgi/core.rb
@@ -544,11 +544,11 @@ class CGI
         /Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
         filename = $1 || $2 || ''.dup
         filename = CGI.unescape(filename) if unescape_filename?()
-        body.instance_variable_set(:@original_filename, filename.taint)
+        body.instance_variable_set(:@original_filename, filename)
         ## content type
         /Content-Type: (.*)/i.match(head)
         (content_type = $1 || ''.dup).chomp!
-        body.instance_variable_set(:@content_type, content_type.taint)
+        body.instance_variable_set(:@content_type, content_type)
         ## query parameter name
         /Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
         name = $1 || $2 || ''
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
index 5a6e25d137..cc3006400f 100644
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@@ -50,7 +50,6 @@ class CGI
         require 'digest/md5'
         md5 = Digest::MD5.hexdigest(id)[0,16]
         path = dir+"/"+prefix+md5
-        path.untaint
         if File::exist?(path)
           @hash = nil
         else
diff --git a/lib/delegate.rb b/lib/delegate.rb
index 7a2ad50ac3..8c176dc82c 100644
--- a/lib/delegate.rb
+++ b/lib/delegate.rb
@@ -220,35 +220,12 @@ class Delegator < BasicObject
   private :initialize_clone, :initialize_dup
 
   ##
-  # :method: trust
-  # Trust both the object returned by \_\_getobj\_\_ and self.
-  #
-
-  ##
-  # :method: untrust
-  # Untrust both the object returned by \_\_getobj\_\_ and self.
-  #
-
-  ##
-  # :method: taint
-  # Taint both the object returned by \_\_getobj\_\_ and self.
-  #
-
-  ##
-  # :method: untaint
-  # Untaint both the object returned by \_\_getobj\_\_ and self.
-  #
-
-  ##
   # :method: freeze
   # Freeze both the object returned by \_\_getobj\_\_ and self.
   #
-
-  [:trust, :untrust, :taint, :untaint, :freeze].each do |method|
-    define_method method do
-      __getobj__.send(method)
-      super()
-    end
+  def freeze
+    __getobj__.freeze
+    super()
   end
 
   @delegator_api = self.public_instance_methods
diff --git a/lib/drb/drb.rb b/lib/drb/drb.rb
index 0063e20144..5673fa3880 100644
--- a/lib/drb/drb.rb
+++ b/lib/drb/drb.rb
@@ -233,7 +233,7 @@ require_relative 'eq'
 #       def get_logger(name)
 #           if [email protected]_key? name
 #               # make the filename safe, then declare it to be so
-#               fname = name.gsub(/[.\/\\\:]/, "_").untaint
+#               fname = name.gsub(/[.\/\\\:]/, "_")
 #               @loggers[name] = Logger.new(name, @basedir + "/" + fname)
 #           end
 #           return @loggers[name]
@@ -594,16 +594,9 @@ module DRb
       raise(DRbConnError, 'premature marshal format(can\'t read)') if str.size < sz
       DRb.mutex.synchronize do
         begin
-          save = Thread.current[:drb_untaint]
-          Thread.current[:drb_untaint] = []
           Marshal::load(str)
         rescue NameError, ArgumentError
           DRbUnknown.new($!, str)
-        ensure
-          Thread.current[:drb_untaint].each do |x|
-            x.untaint
-          end
-          Thread.current[:drb_untaint] = save
         end
       end
     end
@@ -843,8 +836,6 @@ module DRb
     # URI protocols.
     def self.open(uri, config)
       host, port, = parse_uri(uri)
-      host.untaint
-      port.untaint
       soc = TCPSocket.open(host, port)
       self.new(uri, soc, config)
     end
@@ -1061,9 +1052,6 @@ module DRb
 
       if DRb.here?(uri)
         obj = DRb.to_obj(ref)
-        if ((! obj.tainted?) && Thread.current[:drb_untaint])
-          Thread.current[:drb_untaint].push(obj)
-        end
         return obj
       end
 
diff --git a/lib/drb/ssl.rb b/lib/drb/ssl.rb
index 48ba35ace7..3d528c6172 100644
--- a/lib/drb/ssl.rb
+++ b/lib/drb/ssl.rb
@@ -248,8 +248,6 @@ module DRb
     # configuration.  Either a Hash or DRb::DRbSSLSocket::SSLConfig
     def self.open(uri, config)
       host, port, = parse_uri(uri)
-      host.untaint
-      port.untaint
       soc = TCPSocket.open(host, port)
       ssl_conf = SSLConfig::new(config)
       ssl_conf.setup_ssl_context
diff --git a/lib/drb/unix.rb b/lib/drb/unix.rb
index 89957c9e7b..1629ad3bcd 100644
--- a/lib/drb/unix.rb
+++ b/lib/drb/unix.rb
@@ -27,7 +27,6 @@ module DRb
 
     def self.open(uri, config)
       filename, = parse_uri(uri)
-      filename.untaint
       soc = UNIXSocket.open(filename)
       self.new(uri, soc, config)
     end
diff --git a/lib/find.rb b/lib/find.rb
index 458cb84608..3f54cf6b93 100644
--- a/lib/find.rb
+++ b/lib/find.rb
@@ -46,7 +46,7 @@ module Find
       ps = [path]
       while file = ps.shift
         catch(:prune) do
-          yield file.dup.taint
+          yield file.dup
           begin
             s = File.lstat(file)
           rescue Errno::ENOENT, Errno::EACCES, Errno::ENOTDIR, Errno::ELOOP, Errno::ENAMETOOLONG
@@ -63,7 +63,7 @@ module Find
             fs.sort!
             fs.reverse_each {|f|
               f = File.join(file, f)
-              ps.unshift f.untaint
+              ps.unshift f
             }
           end
         end
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index 1c7e89ba14..aa46e47ef1 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -3238,7 +3238,7 @@ module Net
             if atom
               atom
             else
-              symbol = flag.capitalize.untaint.intern
+              symbol = flag.capitalize.intern
               @flag_symbols[symbol] = true
               if @flag_symbols.length > IMAP.max_flag_count
                 raise FlagCountError, "number of flag symbols exceeded"
diff --git a/lib/pp.rb b/lib/pp.rb
index de4b79c4de..2cfc2c4009 100644
--- a/lib/pp.rb
+++ b/lib/pp.rb
@@ -106,17 +106,17 @@ class PP < PrettyPrint
     # and preserves the previous set of objects being printed.
     def guard_inspect_key
       if Thread.current[:__recursive_key__] == nil
-        Thread.current[:__recursive_key__] = {}.compare_by_identity.taint
+        Thread.current[:__recursive_key__] = {}.compare_by_identity
       end
 
       if Thread.current[:__recursive_key__][:inspect] == nil
-        Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint
+        Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity
       end
 
       save = Thread.current[:__recursive_key__][:inspect]
 
       begin
-        Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint
+        Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity
         yield
       ensure
         Thread.current[:__recursive_key__][:inspect] = save
diff --git a/lib/resolv.rb b/lib/resolv.rb
index 3d401cc509..e7b45e785a 100644
--- a/lib/resolv.rb
+++ b/lib/resolv.rb
@@ -194,15 +194,12 @@ class Resolv
               line.sub!(/#.*/, '')
               addr, hostname, *aliases = line.split(/\s+/)
               next unless addr
-              addr.untaint
-              hostname.untaint
               @addr2name[addr] = [] unless @addr2name.include? addr
               @addr2name[addr] << hostname
               @addr2name[addr] += aliases
               @name2addr[hostname] = [] unless @name2addr.include? hostname
               @name2addr[hostname] << addr
               aliases.each {|n|
-                n.untaint
                 @name2addr[n] = [] unless @name2addr.include? n
                 @name2addr[n] << addr
               }
@@ -964,7 +961,6 @@ class Resolv
           f.each {|line|
             line.sub!(/[#;].*/, '')
             keyword, *args = line.split(/\s+/)
-            args.each(&:untaint)
             next unless keyword
             case keyword
             when 'nameserver'
diff --git a/lib/set.rb b/lib/set.rb
index a0e945e0a8..5a96c81832 100644
--- a/lib/set.rb
+++ b/lib/set.rb
@@ -147,16 +147,6 @@ class Set
     super
   end
 
-  def taint     # :nodoc:
-    @hash.taint
-    super
-  end
-
-  def untaint   # :nodoc:
-    @hash.untaint
-    super
-  end
-
   # Returns the number of elements.
   def size
     @hash.size
diff --git a/lib/singleton.rb b/lib/singleton.rb
index d457fa0b0f..8e8a779a2e 100644
--- a/lib/singleton.rb
+++ b/lib/singleton.rb
@@ -58,10 +58,9 @@
 # == Singleton and Marshal
 #
 # By default Singleton's #_dump(depth) returns the empty string. Marshalling by
-# default will strip state information, e.g. instance variables and taint
-# state, from the instance. Classes using Singleton can provide custom
-# _load(str) and _dump(depth) methods to retain some of the previous state of
-# the instance.
+# default will strip state information, e.g. instance variables from the instance.
+# Classes using Singleton can provide custom _load(str) and _dump(depth) methods
+# to retain some of the previous state of the instance.
 #
 #    require 'singleton'
 #
@@ -82,7 +81,6 @@
 #    a = Example.instance
 #    a.keep = "keep this"
 #    a.strip = "get rid of this"
-#    a.taint
 #
 #    stored_state = Marshal.dump(a)
 #