Re: COI tool permissions issues

2020-06-30 Thread Sam Ruby
Unfortunately, support for tainting is going away by Ruby 3.2 And in Ruby 2.7 was scaled back to the point of being unusable[1]. Given this, over time we will need to move from a strategy of relying exclusively on making checks at the point of entry to complementing those checks at points where c

Re: COI tool permissions issues

2020-06-30 Thread Matt Sicker
Tainting is a way of keeping track whether or not user input has been validated before being used in a potentially unsafe context like executing commands. It's the Ruby equivalent of handling SQL injection but for general injection tracking. On Fri, 26 Jun 2020 at 12:45, Craig Russell wrote: > >