You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scan_file in version_scanner does not follow symlinks. Should the same restriction occur when extracting a file from an archive? Currently if the destination pointed to by the link does not exist, a warning is issued.
The text was updated successfully, but these errors were encountered:
My gut says that we shouldn't follow symlinks because it'd be too easy to wind up with a loop or have a poorly formed package/directory scanning a much larger part of a system than expected or intended. Potentially this could even be a security issue for folk who later want to do cve-bin-tool as a service type applications?
A warning or info statement saying that the symlink wasn't followed sounds good, though, because I can see how this might not be expected behaviour to some users.
Scan_file in version_scanner does not follow symlinks. Should the same restriction occur when extracting a file from an archive? Currently if the destination pointed to by the link does not exist, a warning is issued.
The text was updated successfully, but these errors were encountered: