More possible tainted strings

commit: 8c66840a216d342fe4a4072c56f71ec7e0ec2503 [log] [tgz]
author: Sebb <sebb@apache.org> Fri Jul 17 17:47:12 2020 +0100
committer: Sebb <sebb@apache.org> Fri Jul 17 17:47:12 2020 +0100
tree: 149e9105c3be52096e16dce92865fd2fbfff3f34
parent: 6d68443becf7bf0c50552c277afbdf5f13b7d5ce [diff]
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index a56b55f..d3dfa3e 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb

@@ -21,7 +21,7 @@
     else
       svn_base = 'https://svn.apache.org/repos/'
     end
-    @base = URI.parse(svn_base)
+    @base = URI.parse(svn_base).untaint
     @mock = 'file:///var/tools/svnrep/'
     @semaphore = Mutex.new
     @testdata = {}
@@ -132,7 +132,7 @@
     # Includes aliases
     def self.svnurl(name)
       entry = self._all_repo_entries[name] or return nil
-      url = entry['url']
+      url = entry['url'].untaint
       unless url # bad entry
         raise Exception.new("Unable to find url attribute for SVN entry #{name}")
       end
commit	8c66840a216d342fe4a4072c56f71ec7e0ec2503	[log] [tgz]
author	Sebb <sebb@apache.org>	Fri Jul 17 17:47:12 2020 +0100
committer	Sebb <sebb@apache.org>	Fri Jul 17 17:47:12 2020 +0100
tree	149e9105c3be52096e16dce92865fd2fbfff3f34
parent	6d68443becf7bf0c50552c277afbdf5f13b7d5ce [diff]