Skip to content

Commit

Permalink
Merge pull request #1021 from ninoseki/remove-safe
Browse files Browse the repository at this point in the history
refactor: remove $SAFE
  • Loading branch information
ninoseki authored Jan 14, 2024
2 parents 56c2a6b + ebbc2a7 commit 88687ea
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
6 changes: 6 additions & 0 deletions docs/analyzers/feed.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ json: ...

`selector` (`string`) is a `jr` selector.

!!! warning

With great power comes great responsibility.

`jr` can execute anything with the same privilege Mihari has. Do not use untrusted selector.

### Headers

`headers` (`hash`) is an HTTP headers. Optional.
Expand Down
5 changes: 1 addition & 4 deletions lib/mihari/services/feed.rb
Original file line number Diff line number Diff line change
Expand Up @@ -93,10 +93,7 @@ class FeedParser < Service
#
# @param [Object] read_data
def call(input_enumerator, selector)
parsed = proc do
$SAFE = 1
input_enumerator.instance_eval(selector)
end.call
parsed = input_enumerator.instance_eval(selector)

raise TypeError unless parsed.is_a?(Array) || parsed.all?(String)

Expand Down

0 comments on commit 88687ea

Please sign in to comment.