Hi Jérémy,
On Tue, Nov 9, 2021 at 11:48 AM Jérémy Lal <kapouer@melix.org> wrote:
>
> Ok, but the potential targets are source code files, like *.c *.cpp, *.js, *.py, *.rb etc...
It was only a stopgap measure. We held a release due to the large
number of false positives.
Actually only source code files need to be tested.
Others like
- .po, .pod
- .xml, .html, .xhtml, .svg, .md, .txt,
- copyright, documentation, plain text
can be ignored.
I suppose that also *.ini, *.desktop, *.toml could be ignored, but i'm not sure.
Maybe for a start, testing only high-level scripts should be done (py, js, rb).
Please just let me know what you would like to see, and I will change
it again. Have you heard from the security team?
No, but as far as i can understand this CVE is difficult to evaluate,
It's a potential threat against source code... that's about it...