WingNews logo WingNews
top | item 44959941

(no title)

megamorf | 6 months ago

The security researcher noticed that CodeRabbit runs linters against your code base and noticed that Rubocop was among the provided linters. Rubocop supports extensions that contain custom code, so he crafted an extension that exfiltrated the environment variables of the running Rubocop process when it linted the contents of his PR.

discuss

order

KingOfCoders|6 months ago

But where does the configuration for Rubocop come from? From CodeRabbit (e.g. you configure it on their server for your repo), from the repository or (new) config files in the PR?

rglynn|6 months ago

Both the repo and new config in the PR.