Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how we safely handle CodeQL alert: Arbitrary file write during tarfile extraction #431

Open
2 tasks done
blakeNaccarato opened this issue Jul 3, 2024 · 0 comments
Open
2 tasks done

Document how we safely handle CodeQL alert: Arbitrary file write during tarfile extraction #431

blakeNaccarato opened this issue Jul 3, 2024 · 0 comments
Labels
documentation Improvements or additions to documentation internal Internal

Comments

@blakeNaccarato
Copy link
Member

Please use this form appropriately

  • I am a maintainer or I have been directed to use this form.

Please check that this internal matter hasn't already been raised

  • I searched here or here and couldn't find a similar issue.

Description

See for instance:

We handle this safely by running the SHA-256 checksum before extracting, this should be documented in the template as it will fire off in repos using this template. Eventually, it may make sense to single-source this automatic Python installation script, or just wait for Charlie Marsh to do it over at uv 😅.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation internal Internal
Projects
copier-pipeline
Status: Do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blakeNaccarato