Deprecate taint/trust and related methods, and make the methods no-ops

This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.

1 files changed, 21 insertions, 101 deletions

diff --git a/object.c b/object.c
index 65294c3645..4d2d006c79 100644
--- a/object.c
+++ b/object.c
@@ -346,7 +346,7 @@ init_copy(VALUE dest, VALUE obj)
         rb_raise(rb_eTypeError, "[bug] frozen object (%s) allocated", rb_obj_classname(dest));
     }
     RBASIC(dest)->flags &= ~(T_MASK|FL_EXIVAR);
-    RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT);
+    RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR);
     rb_copy_wb_protected_attribute(dest, obj);
     rb_copy_generic_ivar(dest, obj);
     rb_gc_copy_finalizer(dest, obj);
@@ -383,7 +383,7 @@ special_object_p(VALUE obj)
  *  Produces a shallow copy of <i>obj</i>---the instance variables of
  *  <i>obj</i> are copied, but not the objects they reference.
  *  #clone copies the frozen (unless +:freeze+ keyword argument is
- *  given with a false value) and tainted state of <i>obj</i>.  See
+ *  given with a false value) state of <i>obj</i>.  See
  *  also the discussion under Object#dup.
  *
  *     class Klass
@@ -491,7 +491,6 @@ rb_obj_clone(VALUE obj)
  *
  *  Produces a shallow copy of <i>obj</i>---the instance variables of
  *  <i>obj</i> are copied, but not the objects they reference.
- *  #dup copies the tainted state of <i>obj</i>.
  *
  *  This method may have class-specific behavior.  If so, that
  *  behavior will be documented under the #+initialize_copy+ method of
@@ -616,7 +615,6 @@ rb_obj_init_copy(VALUE obj, VALUE orig)
 {
     if (obj == orig) return obj;
     rb_check_frozen(obj);
-    rb_check_trusted(obj);
     if (TYPE(obj) != TYPE(orig) || rb_obj_class(obj) != rb_obj_class(orig)) {
 	rb_raise(rb_eTypeError, "initialize_copy should take same class object");
     }
@@ -659,7 +657,6 @@ rb_any_to_s(VALUE obj)
     VALUE cname = rb_class_name(CLASS_OF(obj));
 
     str = rb_sprintf("#<%"PRIsVALUE":%p>", cname, (void*)obj);
-    OBJ_INFECT(str, obj);
 
     return str;
 }
@@ -728,7 +725,6 @@ inspect_obj(VALUE obj, VALUE str, int recur)
     }
     rb_str_cat2(str, ">");
     RSTRING_PTR(str)[0] = '#';
-    OBJ_INFECT(str, obj);
 
     return str;
 }
@@ -1164,26 +1160,15 @@ rb_obj_dummy1(VALUE _x, VALUE _y)
 
 /**
  *  call-seq:
- *     obj.tainted?    -> true or false
+ *     obj.tainted?    -> false
  *
- *  Returns true if the object is tainted.
- *
- *  See #taint for more information.
- *--
- * Determines if \a obj is tainted. Equivalent to \c Object\#tainted? in Ruby.
- * \param[in] obj  the object to be determined
- * \retval Qtrue if the object is tainted
- * \retval Qfalse if the object is not tainted
- * \sa rb_obj_taint
- * \sa rb_obj_untaint
- *++
+ *  Returns false.  This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_tainted(VALUE obj)
 {
-    if (OBJ_TAINTED(obj))
-	return Qtrue;
+    rb_warning("Object#tainted? is deprecated and will be removed in Ruby 3.2.");
     return Qfalse;
 }
 
@@ -1191,33 +1176,13 @@ rb_obj_tainted(VALUE obj)
  *  call-seq:
  *     obj.taint -> obj
  *
- *  Mark the object as tainted.
- *
- *  Objects that are marked as tainted will be restricted from various built-in
- *  methods. This is to prevent insecure data, such as command-line arguments
- *  or strings read from Kernel#gets, from inadvertently compromising the user's
- *  system.
- *
- *  To check whether an object is tainted, use #tainted?.
- *
- *  You should only untaint a tainted object if your code has inspected it and
- *  determined that it is safe. To do so use #untaint.
- *--
- * Marks the object as tainted. Equivalent to \c Object\#taint in Ruby
- * \param[in] obj  the object to be tainted
- * \return the object itself
- * \sa rb_obj_untaint
- * \sa rb_obj_tainted
- *++
+ *  Returns object. This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_taint(VALUE obj)
 {
-    if (!OBJ_TAINTED(obj) && OBJ_TAINTABLE(obj)) {
-	rb_check_frozen(obj);
-	OBJ_TAINT(obj);
-    }
+    rb_warning("Object#taint is deprecated and will be removed in Ruby 3.2.");
     return obj;
 }
 
@@ -1226,74 +1191,42 @@ rb_obj_taint(VALUE obj)
  *  call-seq:
  *     obj.untaint    -> obj
  *
- *  Removes the tainted mark from the object.
- *
- *  See #taint for more information.
- *--
- * Removes the tainted mark from the object.
- * Equivalent to \c Object\#untaint in Ruby.
- *
- * \param[in] obj  the object to be tainted
- * \return the object itself
- * \sa rb_obj_taint
- * \sa rb_obj_tainted
- *++
+ *  Returns object. This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_untaint(VALUE obj)
 {
-    if (OBJ_TAINTED(obj)) {
-	rb_check_frozen(obj);
-	FL_UNSET(obj, FL_TAINT);
-    }
+    rb_warning("Object#untaint is deprecated and will be removed in Ruby 3.2.");
     return obj;
 }
 
 /**
  *  call-seq:
- *     obj.untrusted?    -> true or false
+ *     obj.untrusted?    -> false
  *
- *  Deprecated method that is equivalent to #tainted?.
- *--
- * \deprecated Use rb_obj_tainted.
- *
- * Trustiness used to have independent semantics from taintedness.
- * But now trustiness of objects is obsolete and this function behaves
- * the same as rb_obj_tainted.
- *
- * \sa rb_obj_tainted
- *++
+ *  Returns false.  This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_untrusted(VALUE obj)
 {
-    rb_warning("untrusted? is deprecated and its behavior is same as tainted?");
-    return rb_obj_tainted(obj);
+    rb_warning("Object#untrusted? is deprecated and will be removed in Ruby 3.2.");
+    return Qfalse;
 }
 
 /**
  *  call-seq:
  *     obj.untrust -> obj
  *
- *  Deprecated method that is equivalent to #taint.
- *--
- * \deprecated Use rb_obj_taint(obj)
- *
- * Trustiness used to have independent semantics from taintedness.
- * But now trustiness of objects is obsolete and this function behaves
- * the same as rb_obj_taint.
- *
- * \sa rb_obj_taint
- *++
+ *  Returns object. This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_untrust(VALUE obj)
 {
-    rb_warning("untrust is deprecated and its behavior is same as taint");
-    return rb_obj_taint(obj);
+    rb_warning("Object#untrust is deprecated and will be removed in Ruby 3.2.");
+    return obj;
 }
 
 
@@ -1301,37 +1234,24 @@ rb_obj_untrust(VALUE obj)
  *  call-seq:
  *     obj.trust    -> obj
  *
- *  Deprecated method that is equivalent to #untaint.
- *--
- * \deprecated Use rb_obj_untaint(obj)
- *
- * Trustiness used to have independent semantics from taintedness.
- * But now trustiness of objects is obsolete and this function behaves
- * the same as rb_obj_untaint.
- *
- * \sa rb_obj_untaint
- *++
+ *  Returns object. This method is deprecated and will be removed in Ruby 3.2.
  */
 
 VALUE
 rb_obj_trust(VALUE obj)
 {
-    rb_warning("trust is deprecated and its behavior is same as untaint");
-    return rb_obj_untaint(obj);
+    rb_warning("Object#trust is deprecated and will be removed in Ruby 3.2.");
+    return obj;
 }
 
 /**
- * Convenient function to infect \a victim with the taintedness of \a carrier.
- *
- * It just keeps the taintedness of \a victim if \a carrier is not tainted.
- * \param[in,out] victim the object being infected with the taintness of \a carrier
- * \param[in] carrier a possibly tainted object
+ * Does nothing. This method is deprecated and will be removed in Ruby 3.2.
  */
 
 void
 rb_obj_infect(VALUE victim, VALUE carrier)
 {
-    OBJ_INFECT(victim, carrier);
+    rb_warning("rb_obj_infect is deprecated and will be removed in Ruby 3.2.");
 }
 
 /**