Merge branch 'master' of https://gogs.blitter.com/Russtopia/bacillus

2024-06-18 23:07:10 +00:00 · 2020-03-30 00:24:50 -07:00 · 2020-03-30 00:24:50 -07:00 · b56996f9fd
commit b56996f9fd
parent 2deb2a5f93 d9392e71c9
2 changed files with 6 additions and 1 deletions
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -55,5 +55,7 @@ to the project. Any intent to deviate the project from its original purpose
 of existence will constitute grounds for remedial action which may include
 expulsion from the project.

-This document is based upon the Code of Merit version 1.0 (Dec 4 2018).
+This document is based upon the original Code of Merit version 1.0 (Dec 4 2018).
 (https://web.archive.org/web/20181204203029/http://code-of-merit.org/)
+
+Updated version (Mar 29 2020): https://codeofmerit.org/code/
--- a/README.md
+++ b/README.md
@ -130,6 +130,9 @@ of the job parameters. Each variable is added to the job's environment variables

 NOTE the ?DEFVALUE? above does not ensure a script sets the required variable to a default; it just specifies the HTML form's default value. The job script must itself check for undefined parameters and give them defaults.

+**SECURITY** String parameters (?s?...) named with a NOPATH\_ prefix or a \_URI suffix **are exempt from path sanitization.** Use caution naming job parameters in this manner, being sure not to interpret such variables as filesystem paths within job scripts to prevent path-traversal security violations (ie., running arbitrary binaries or scripts from outside the ```workdir/${BACILLUS_JOBID}``` dir).
+
+
 ### Calling Parameterized Build with Default or Specific Arguments

 Parameterized builds should check if their parameters are set or not, and substitute defaults if required.