Static Code Audit

[cpmlreef]

I wanted to share the audit on JQ that I did:

https://codedd.ai/cb8413df-c412-49d9-91d6-c7b910e0286d/summary

Hopefully its helpful!
Some issues where discovered and not sure if you agree on them:

• Path traversal vulnerabilities (e.g., in linker.c).
• Potential shell injection risks in some M4 build scripts.
• Unsafe downloading of external content in the iOS compilation script.

[wader]

I get this when open the link

[cpmlreef]

Really, that is strange... I can open it even in incognito mode... can you try again please?

[wader]

Same in incognito mode 🤔

[cpmlreef]

Ah I see the logs... let me try fix this, will return back :)

[itchyny]

If you find a security issue, please report to Security Advisories with actual test case that exploits the issue.