Unfortunately, support for tainting is going away by Ruby 3.2 And in
Ruby 2.7 was scaled back to the point of being unusable[1].
Given this, over time we will need to move from a strategy of relying
exclusively on making checks at the point of entry to complementing
those checks at points where c
Tainting is a way of keeping track whether or not user input has been
validated before being used in a potentially unsafe context like
executing commands. It's the Ruby equivalent of handling SQL injection
but for general injection tracking.
On Fri, 26 Jun 2020 at 12:45, Craig Russell wrote:
>
>
It appears that there are some issues with tainting that I do not understand.
Thanks to sebb for sorting the immediate issues that kept the tool from
working. I still do not understand why the coi.cgi script worked locally with
setupmymac but failed when running in the whimsy server environment.
