clammit icon indicating copy to clipboard operation
clammit copied to clipboard

Published 20 hours ago verified publisher icon ifad

Misleading information in README

Open vasartam opened this issue 2 years ago • 2 comments

Hello!

I'm considering using this tool to perform virus scans in my project. Hope it fits perfectly!

While reading documentation in README file, noticed these lines of code:

https://github.com/ifad/clammit/blob/bb4906098d41fc167f5fa6d39bf63c50a8b8a45b/README.md?plain=1#L167

This seems like a hole in the security. A malicious actor could just change the method to GET, for example, and, if the application doesn't care about the HTTP method used, it could receive a malicious file through GET request.

Found out that you already changed the conditions under which the request would be forwarded to a scanner in this issue: #21.

So maybe you just forgot to update the docs? If so, I could rephrase that and submit a PR, if you will.

vasartam avatar Aug 31 '22 12:08 vasartam

Hi, thanks for reporting this.

So maybe you just forgot to update the docs?

I would say it is most probably the case, let's double check

tagliala avatar Aug 31 '22 12:08 tagliala

Hi @vasartam, feel free to submit a PR to fix the readme

tagliala avatar Sep 01 '22 18:09 tagliala