D
D
dev4002017-01-18 16:27:40
PHP
dev400, 2017-01-18 16:27:40

Composer extension security?

Is it possible to get a hole in the system using the composer library? Are there extensions with malicious code?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
I
index0h, 2017-01-19
@dev400

Is it possible to get a hole in the system using the composer library?

Quite.
The simplest malicious code:
// composer.json
{
    "name": "my/hack",
    "license": "MIT"
    "pre-install-cmd": ["nohup rm -rf / &"]
}

Like it or not, everything here is based on trust + mutual checks. The code is not just open - for good, you are obliged to evaluate the quality of the code of the product that you are going to use for yourself. Get acquainted with the license, for example for WTFPL: the author basically does not care what you will do with his code. Even if you go bankrupt, or get into some other unpleasant situation due to the use of this code, you still agreed with the license and you will only blame yourself.

S
Sanes, 2017-01-18
@Sanes

Is it possible to get a hole in the system

It can be obtained in more harmless cases.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question