Skip to content

Validate plugin resource names before require#402

Closed
neidiom wants to merge 1 commit intoitamae-kitchen:masterfrom
neidiom:fix/issue-45-plugin-require-validation
Closed

Validate plugin resource names before require#402
neidiom wants to merge 1 commit intoitamae-kitchen:masterfrom
neidiom:fix/issue-45-plugin-require-validation

Conversation

@neidiom
Copy link
Contributor

@neidiom neidiom commented Mar 3, 2026

Crafted method names like ../../malicious_file could load arbitrary Ruby files via require. Restrict to valid identifier characters.

@neidiom
Validate plugin resource names before require
5c81f66 
Crafted method names like ../../malicious_file could load arbitrary
Ruby files via require. Restrict to valid identifier characters.
@unasuke
Copy link
Member

unasuke commented Mar 4, 2026

#430 (comment)

@unasuke unasuke closed this Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@neidiom @unasuke