why is INTERSECT_INJECTION called in a define? #529
Comments
|
From what I see in the cpp code generated from our php, INTERCEPT_INJECTION is not the replacement of define() so this thread is dead on its tracks |
facebook-github-bot
pushed a commit
that referenced
this issue
Sep 28, 2022
Summary: This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted. It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case. X-link: facebook/fbthrift#529 Reviewed By: ParalaxRus Differential Revision: D39866397 Pulled By: ParalaxRus fbshipit-source-id: 3c921df4845618c2091be45e3702d4e639c7da46
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
I have this rather large codebase I'm trying to "mount" on hiphop. I'm having problems when making calls to php's define(). Is it because parameters are not literal values but variables and calculated values?
The text was updated successfully, but these errors were encountered: