Ensure JSON Key Path is an Actual File or IO Object#134
Open
cacheflow wants to merge 4 commits intodecision-labs:masterfrom
Open
Ensure JSON Key Path is an Actual File or IO Object#134cacheflow wants to merge 4 commits intodecision-labs:masterfrom
cacheflow wants to merge 4 commits intodecision-labs:masterfrom
Conversation
cacheflow
force-pushed
the
prevent-opening-json-key-path-unless-valid-io-object
branch
2 times, most recently
from
dcc792e to
bb13556
Compare
cacheflow
changed the title
cacheflow
changed the title
Author
|
Hey @sabman or @erimicel, do you all think this would be a good addition to the library? On one project, I worked on we encountered an IO error that caused a credential to leak out unintentionally, so I created this PR to ensure the JSON key path is an IO like object. Any feedback would be greatly appreciated. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, in the json_key method it assumes that json_key_path will be an IO-like object or filename. This can cause an issue where if someone accidentally passes credentials in plaintext or a non-IO object, the Gem will attempt to open the credentials and display the credentials in plain text.
This PR resolves #133.