You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now the makefile blindly downloads and executes the golangci-lint installation script and accepts whatever it downloads as the linter to use. We should store the signatures of both files in the makefile and verify that they match.
Motivation
An attacker could compromise either file so that whoever builds the SDK runs arbitrary code.
Exemplification
N/A
Benefits
One security vulnerability down, N to go.
Possible Drawbacks
None.
The text was updated successfully, but these errors were encountered:
Description
Right now the makefile blindly downloads and executes the golangci-lint installation script and accepts whatever it downloads as the linter to use. We should store the signatures of both files in the makefile and verify that they match.
Motivation
An attacker could compromise either file so that whoever builds the SDK runs arbitrary code.
Exemplification
N/A
Benefits
One security vulnerability down, N to go.
Possible Drawbacks
None.
The text was updated successfully, but these errors were encountered: