7cc5c4f330d47060/tiktok-sparo
1
0
Fork 0
mirror of https://github.com/tiktok/sparo.git synced 2024-11-30 10:56:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
tiktok-sparo/assets/js/1fca393f.861e8d99.js

1 line
12 KiB
JavaScript
Raw Permalink Normal View History

deploy: fa688a5253cf1c493b6e43d23a3e266f10cb20ec
2024-08-27 13:43:47 -04:00
"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[545],{6746:(e,s,t)=>{t.r(s),t.d(s,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>n,metadata:()=>a,toc:()=>l});var r=t(678),i=t(4738);const n={title:"Security"},o=void 0,a={id:"pages/reference/security",title:"Security",description:"Because the Sparo tool acts as a wrapper for Git, our goal is to provide comparable security expectations as the git command.",source:"@site/docs/pages/reference/security.md",sourceDirName:"pages/reference",slug:"/pages/reference/security",permalink:"/sparo/pages/reference/security",draft:!1,unlisted:!1,editUrl:"https://github.com/tiktok/sparo/tree/main/apps/website/docs/pages/reference/security.md",tags:[],version:"current",frontMatter:{title:"Security"},sidebar:"docsSidebar",previous:{title:"Skeleton folders",permalink:"/sparo/pages/reference/skeleton_folders"},next:{title:"<profile-name>.json",permalink:"/sparo/pages/configs/profile_json"}},c={},l=[{value:"Security scenarios",id:"security-scenarios",level:2},{value:"SS1: Safely clone an untrusted repo",id:"ss1-safely-clone-an-untrusted-repo",level:3},{value:"SS2: Safely clone an untrusted repository parameter",id:"ss2-safely-clone-an-untrusted-repository-parameter",level:3},{value:"SS3: Git parameters may include special characters",id:"ss3-git-parameters-may-include-special-characters",level:3},{value:"Security assumptions",id:"security-assumptions",level:2},{value:"Assumption: Shell environment variables are trusted",id:"assumption-shell-environment-variables-are-trusted",level:2},{value:"Assumption: Command line is generally trusted",id:"assumption-command-line-is-generally-trusted",level:2},{value:"Assumption: Commands may consume excessive resources",id:"assumption-commands-may-consume-excessive-resources",level:2},{value:"Assumption: STDOUT and STDERR may contain arbitrary characters",id:"assumption-stdout-and-stderr-may-contain-arbitrary-characters",level:2}];function d(e){const s={a:"a",blockquote:"blockquote",code:"code",h2:"h2",h3:"h3",li:"li",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,i.R)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsxs)(s.p,{children:["Because the Sparo tool acts as a wrapper for Git, our goal is to provide comparable security expectations as the ",(0,r.jsx)(s.code,{children:"git"})," command."]}),"\n",(0,r.jsxs)(s.blockquote,{children:["\n",(0,r.jsxs)(s.p,{children:["\u26a0\ufe0f ",(0,r.jsx)(s.strong,{children:"This is a goal not a guarantee."})," \u26a0\ufe0f"]}),"\n",(0,r.jsx)(s.p,{children:"The software is still in its early stages of development, and not all security\nrequirements have been identified or implemented yet. Efforts to improve Sparo\nsecurity should not be interpreted to contradict the terms of the MIT license:"}),"\n",(0,r.jsx)(s.pre,{children:(0,r.jsx)(s.code,{children:'THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n'})}),"\n"]}),"\n",(0,r.jsx)(s.h2,{id:"security-scenarios",children:"Security scenarios"}),"\n",(0,r.jsxs)(s.p,{children:["Git doesn't provide a formal security specification, so to facilitate analysis of Sparo contributions, we've identified usage scenarios that imply security requirements. We welcome your feedback -- please ",(0,r.jsx)(s.a,{href:"/sparo/pages/support/contributing",children:"let us know"})," if we've overlooked an important use case or if Git does not behave as described."]}),"\n",(0,r.jsx)(s.h3,{id:"ss1-safely-clone-an-untrusted-repo",children:"SS1: Safely clone an untrusted repo"}),"\n",(0,r.jsxs)(s.p,{children:["Suppose that an unfamiliar remote Git repository contains malicious files, which includes malicious config files such as "
Reference in a new issue Copy permalink