You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The compiler could detect suspicious json path strings and throw an error, refusing the execute the job.
If we detect a json path string like $.a.b.c with anything weird in it, like parenthesis, the compiler could throw.
Workflows which do use jsonpath strings should really only be using super simple expressions, and I'd be reasonably happy to throw if anything looks amiss in those strings. I think the pattern is fairly strong.
The text was updated successfully, but these errors were encountered:
Follow up to #781
JSON path strings in old adaptor versions to provide an attack vector to run arbritary code. I do not know if this allows breaking out of the sandbox.
https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
The compiler could detect suspicious json path strings and throw an error, refusing the execute the job.
If we detect a json path string like
$.a.b.cwith anything weird in it, like parenthesis, the compiler could throw.Workflows which do use jsonpath strings should really only be using super simple expressions, and I'd be reasonably happy to throw if anything looks amiss in those strings. I think the pattern is fairly strong.
The text was updated successfully, but these errors were encountered: