Updating the README and Removing an insecure Example #359
Conversation
|
Thanks for pointing out that the README's gotten stale. Rather than merge this, I reformatted things a bit in the README. Does that resolve the issues you saw in it? I want to avoid adding HTML literals in it if I can get away with it. For the example, could you explain why it was identified as a security risk? I'd like to keep it since it shows how to create files. My guess would be that the string interpolation is what the tool highlighted. In this particular case I don't think it's an issue since the interpolated value is a constant. That said, we could rework it to avoid using interpolation in a file path. |
|
Hey Nick, I think the reformat makes it clear - I understand the desire to avoid HTML literals (I was a bit jet laggy when working to fix it). As far as the security risk - it was a one off event. My latest scan doesn't bring anything up, so no need to remove that file. It is a helpful walk through, so by all means, keep it in. It was the interpolation issue, but I think that was EY's scanners being overly sensitive, not a legit issue. |
|
Thanks. Closing. Let me know if you run into any other issues. |
Added some context in the Installation section of the README to make it clearer to people looking to get started with Mirah. Also removed the examples/rosettacode/create-a-file.mirah as EY security software notified users of a security risk in that file.