web-security

slipset 2021-11-17T09:22:28.013300Z

Have you looked into it yet? I saw this in passing, but haven’t had time to look properly at it.

slipset 2021-11-17T09:25:20.013600Z

Seems to me that it would need some more rules to be super useful

slipset 2021-11-17T09:26:12.014200Z

Also, I guess a security product that encourages you to

sudo curl -L  -o /usr/local/bin/clj-holmes

slipset 2021-11-17T09:26:19.014400Z

makes me a bit uneasy.

đź‘€ 1
robert-stuttaford 2021-11-17T14:20:49.014700Z

i hadn't looked in any detail yet, no!

slipset 2021-11-17T14:37:23.015800Z

I looked at the rules, nothing revolutionary, but it does catch using clojure/read-string and some other stuff. I guess the meat of the work would be in defining the rules, much as with kibitz in that respect.

slipset 2021-11-17T14:37:45.016300Z

Also, the prebuilt binary was only for linux, so I didn’t get to run the thingy.

vemv 2021-11-17T14:47:41.016400Z

as hinted in the #announcements thread, a couple of the rules seemed a good fit for Eastwood :) might give it a shot at some point

robert-stuttaford 2021-11-17T07:20:26.012700Z

https://clojurians.slack.com/archives/C06MAR553/p1637074377385100