You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is definitely something we should decide/address – I'm glad you opened this issue.
#229 might be a subset of this issue, in that (like the code execution method mentioned above) it's a security issue that arises out of the ecosystem and tooling rather than from a single package.
I would opt for retiring it from the ecosystem. I would say also that periodic static checking for know issues (or simply errors) would help find these issues (and others). Wait, I see what what you're saying is not really a tool that's distributed through the ecosystem, but a tool in the ecosystem. Fixing it would be a good start, I guess. If it's in the ecosystem, it's not that easy to fix, I guess. Static code analysis is not really something we can really do.
How should different groups (ecosystem, tooling, core, etc) handle insecure code that is being distributed through community / default channels?
What if there's a tool in the ecosystem that is subject to shell injection and thus running arbitrary code?
The text was updated successfully, but these errors were encountered: