Making pglister work with exim 4.96+

Exim introduced variable tainting as a security measure starting from exim 4.93. Starting from exim 4.96, tainting is mandatory for commands. This means that it is no longer possible to pass variables to pglister's inject.py (which requires passing $sender_address, $local_part, $domain and $header_message-id) or pgarchives' load_message.py (which requires passing $local_part).

Exim, while enforcing these strict security policies, only provides the possibility to de-taint variables in very specific situations (explicit matching with a list). Problem is known and discussed here [1]. This is very annoying in our case, as $sender_address or $header_message-id can be pretty much anything (and no, matching against a regexp is not sufficient to de-taint).
I've been scratching my head over this for a while and can't figure out a proper way to fix this issue. A possible workaround would be to blindly de-taint anything using an ugly hack [2] but that defeats the purpose of having variable tainting in the first place, and doesn't seem like a valid, long-term, production-ready solution.

I'm starting to wonder if the only solution would be to have pglister fetch information from exim in some way, instead of the other way around.

Any idea?

[1] : https://lists.exim.org/lurker/message/20201109.222746.24ea3904.fi.html
[2] : https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/

--
Célestin Matte