You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I thought a bit about this problem, and right now, I don't think reinda itself can be responsible for letting a PTA through. The get method checks either self.setup.assets or self.assets. In both cases, there are only entries that were manually listed in assets!.
However: I should check this more thoroughly andreinda should help to prevent PTA vulnerabilities in user code. For example, one could disallow .. in in the asset paths. Or we can add more docs to relevant base_paths to tell users to beware of PTAs.
The text was updated successfully, but these errors were encountered:
I thought a bit about this problem, and right now, I don't think
reindaitself can be responsible for letting a PTA through. Thegetmethod checks eitherself.setup.assetsorself.assets. In both cases, there are only entries that were manually listed inassets!.However: I should check this more thoroughly and
reindashould help to prevent PTA vulnerabilities in user code. For example, one could disallow..in in the asset paths. Or we can add more docs to relevantbase_paths to tell users to beware of PTAs.The text was updated successfully, but these errors were encountered: