Paul Jolly
Paul Jolly
For reference (linking to a previous answer by @mpvl) please see the section "Structure Sharing" on how this type of attack can be handled by CUE: https://github.com/cue-lang/cue/issues/804
Hi @wonderflow - I think it's worth jumping on a quick call to catch up on this issue, make sure we're clear on the context. I just DM-ed you to...
@wonderflow, @leejanee, @FogDong - ahead of talking this through, we would like to understand more context. Our understanding of your setup is taken mainly from https://github.com/cue-lang/cue/issues/867#issuecomment-975071952. That comment describes how...
Thanks @leejanee. That appears to confirm our understanding of your setup. In the [example I linked to](https://gist.github.com/myitcv/20df782d9a8ff1535ad050df64311a9c), user input is simulated via an `input.cue` file for each user. Ahead of...
@leejanee thanks. My example deliberately does not do that, because I'm trying to better understand why sending the result of `format.Node` (with `ResolveReferences`) is critical to your solution. My example...
> if user1 and user2 use packages with the same path but different contents, will it cause conflicts? for example as follow In my example, every package from user 1...
This now appears to be fixed following the changes to support self-contained in `cue.Value.Syntax()`: ``` go mod tidy go run . cmp stdout stdout.golden -- go.mod -- module mod.com go...
Per our discussions in various other issues, I think we have identified a better approach via the `cue.Value` API so I will mark this as closed. Please comment if this...
Marked as "cycle" so this doesn't get missed.
What's very interesting is that this "works" (by some definition of that word) in the playground: https://cuelang.org/play/?id=ORg4oJRp_2_0#cue@export@cue Marking as comprehension related.