Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider security implications of variable interpolation on URL requests #3

Open
jimporter opened this issue Nov 22, 2020 · 0 comments
Open

Consider security implications of variable interpolation on URL requests #3

jimporter opened this issue Nov 22, 2020 · 0 comments
Labels
question Further information is requested

Comments

@jimporter
Copy link
Owner

jimporter commented Nov 22, 2020
edited
Loading

Currently, it's possible to send specific environment variables off to a remote server by using variable interpolation. This could conceivably be a security issue. However, since we're also running arbitrary scripts to build, the cat's already out of the bag.

Potentially, we might want to restrict variable interpolation in URLs if we later added the option to fetch deps without building them, and then build them separately. Then a user could enable their internet connection for the fetch and disable it during building to be safer.
@jimporter jimporter added the question Further information is requested label Jun 27, 2021
jimporter added a commit that referenced this issue Nov 1, 2021
@jimporter
Add more test logging #3
a93214e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jimporter