UNCLASSIFIED - NO CUI

Skip to content

Avoid following symlinks from the repository

blake.burkhart requested to merge 38-README-symlink into development

By accident (not intentional security design), we already tested with -f and only supported regular files. Document that this code is security relevant with a comment.

The frontend only supports files named README.md and LICENSE, update the pipeline to match this. Only supporting LICENSE will probably break existing repos, but they were really already broken.

Closes #38

Edited by Tim Seagren

Merge request reports