json-logic-ruby icon indicating copy to clipboard operation
json-logic-ruby copied to clipboard

Published 20 hours ago verified publisher icon bhgames

Prevent unknown operations from calling arbitrary methods

Open JamesMasonRC opened this issue 2 years ago • 1 comments

This should make it safe(er) to run rules from untrusted sources.

Note: the existing logic enforces that the first argument passed to an operation is always an array, which means exploiting the problem is more difficult than simply passing "eval" as an operation.

JamesMasonRC avatar May 11 '22 00:05 JamesMasonRC

@bhgames is this repo still maintained? :)

JamesMasonRC avatar May 19 '22 22:05 JamesMasonRC