Skip to content

sec: remove 'go' from safe programs #820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 18, 2025
Merged

sec: remove 'go' from safe programs #820

merged 1 commit into from
Aug 18, 2025

Conversation

caarlos0
Copy link
Member

It could be used to prompt inject commands e.g. go test -exec.

Plus, we don't have other languages there, so I think we remove Go as well.

Ideally, we could ask haiku if the command is read only or not, and ask for perms based on that, but for now I think this will do.

Thanks Will Vandevanter for the report.

@caarlos0
sec: remove 'go' from safe programs
3c70ea8 
It could be used to prompt inject commands e.g. `go test -exec`.

Plus, we don't have other languages there, so I think we remove Go as
well.

Ideally, we could ask haiku if the command is read only or not, and ask
for perms based on that, but for now I think this will do.

Thanks Will Vandevanter for the report.

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
@caarlos0 caarlos0 self-assigned this Aug 18, 2025
@caarlos0 caarlos0 requested a review from a team as a code owner August 18, 2025 18:19
@caarlos0 caarlos0 requested review from tauraamui and andreynering and removed request for a team August 18, 2025 18:19
@andreynering andreynering merged commit 74bcdaf into main Aug 18, 2025
20 checks passed
@andreynering andreynering deleted the safe branch August 18, 2025 20:23
scalabl3 pushed a commit to metaphori-ai/crush that referenced this pull request Aug 19, 2025
@caarlos0
sec: remove 'go' from safe programs (charmbracelet#820)
05b2792 
It could be used to prompt inject commands e.g. `go test -exec`.

Plus, we don't have other languages there, so I think we remove Go as
well.

Ideally, we could ask haiku if the command is read only or not, and ask
for perms based on that, but for now I think this will do.

Thanks Will Vandevanter for the report.

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raphamorim raphamorim raphamorim approved these changes

@andreynering andreynering andreynering approved these changes

@tauraamui tauraamui Awaiting requested review from tauraamui tauraamui is a code owner automatically assigned from charmbracelet/everyone

Assignees

@caarlos0 caarlos0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@caarlos0 @raphamorim @andreynering