From f630a1dd690d5bc86dc263fc15301f918530b7d6 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Fri, 18 Oct 2019 14:56:22 -0700
Subject: [PATCH] Only untaint strings on Ruby <2.7

Ruby 2.7 deprecates taint and it no longer has an effect.
This attempts to leave the behavior the same on older
Ruby versions, but avoid the use of untaint on Ruby 2.7+.

See https://bugs.ruby-lang.org/issues/16131 for details.
---
 lib/bundler/dsl.rb                            |  2 +-
 lib/bundler/rubygems_ext.rb                   |  2 +-
 lib/bundler/shared_helpers.rb                 | 10 +++++-----
 lib/bundler/source/git.rb                     |  2 +-
 lib/bundler/vendor/fileutils/lib/fileutils.rb |  2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb
index cc23f9b389a..77ddeb1e7b0 100644
--- a/lib/bundler/dsl.rb
+++ b/lib/bundler/dsl.rb
@@ -44,7 +44,7 @@ def eval_gemfile(gemfile, contents = nil)
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.untaint, gemfile.to_s, 1)
+      instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < '2.7'}, gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
diff --git a/lib/bundler/rubygems_ext.rb b/lib/bundler/rubygems_ext.rb
index 96b93836c7f..10f16456fc2 100644
--- a/lib/bundler/rubygems_ext.rb
+++ b/lib/bundler/rubygems_ext.rb
@@ -29,7 +29,7 @@ def full_gem_path
       # gems at that time, this method could be called inside another require,
       # thus raising with that constant being undefined. Better to check a method
       if source.respond_to?(:path) || (source.respond_to?(:bundler_plugin_api_source?) && source.bundler_plugin_api_source?)
-        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.untaint
+        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap{|x| x.untaint if RUBY_VERSION < '2.7'}
       else
         rg_full_gem_path
       end
diff --git a/lib/bundler/shared_helpers.rb b/lib/bundler/shared_helpers.rb
index dc44f8345c6..40f7ecf6310 100644
--- a/lib/bundler/shared_helpers.rb
+++ b/lib/bundler/shared_helpers.rb
@@ -13,13 +13,13 @@ module SharedHelpers
     def root
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path.parent
+      Pathname.new(gemfile).tap{|x| x.untaint if RUBY_VERSION < '2.7'}.expand_path.parent
     end
 
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path
+      Pathname.new(gemfile).tap{|x| x.untaint if RUBY_VERSION < '2.7'}.expand_path
     end
 
     def default_lockfile
@@ -28,7 +28,7 @@ def default_lockfile
       case gemfile.basename.to_s
       when "gems.rb" then Pathname.new(gemfile.sub(/.rb$/, ".locked"))
       else Pathname.new("#{gemfile}.lock")
-      end.untaint
+      end.tap{|x| x.untaint if RUBY_VERSION < '2.7'}
     end
 
     def default_bundle_dir
@@ -100,7 +100,7 @@ def set_bundle_environment
     #
     # @see {Bundler::PermissionError}
     def filesystem_access(path, action = :write, &block)
-      yield(path.dup.untaint)
+      yield(path.dup.tap{|x| x.untaint if RUBY_VERSION < '2.7'})
     rescue Errno::EACCES
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN
@@ -268,7 +268,7 @@ def find_directory(*names)
 
     def search_up(*names)
       previous = nil
-      current  = File.expand_path(SharedHelpers.pwd).untaint
+      current  = File.expand_path(SharedHelpers.pwd).tap{|x| x.untaint if RUBY_VERSION < '2.7'}
 
       until !File.directory?(current) || current == previous
         if ENV["BUNDLE_SPEC_RUN"]
diff --git a/lib/bundler/source/git.rb b/lib/bundler/source/git.rb
index 73123622d4f..526108dd647 100644
--- a/lib/bundler/source/git.rb
+++ b/lib/bundler/source/git.rb
@@ -316,7 +316,7 @@ def validate_spec(_spec); end
 
       def load_gemspec(file)
         stub = Gem::StubSpecification.gemspec_stub(file, install_path.parent, install_path.parent)
-        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.untaint
+        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.tap{|x| x.untaint if RUBY_VERSION < '2.7'}
         StubSpecification.from_stub(stub)
       end
 
diff --git a/lib/bundler/vendor/fileutils/lib/fileutils.rb b/lib/bundler/vendor/fileutils/lib/fileutils.rb
index e495d01aa5d..babd763749b 100644
--- a/lib/bundler/vendor/fileutils/lib/fileutils.rb
+++ b/lib/bundler/vendor/fileutils/lib/fileutils.rb
@@ -1300,7 +1300,7 @@ def entries
            .reject {|n| n == '.' or n == '..' }
       end
 
-      files.map {|n| Entry_.new(prefix(), join(rel(), n.untaint)) }
+      files.map {|n| Entry_.new(prefix(), join(rel(), n.tap{|x| x.untaint if RUBY_VERSION < '2.7'})) }
     end
 
     def stat