#+HashtagPLUS
In

Menu

Post image 1
Post image 2
1 / 2
0

When your safety tool needs a safety review

DEV Community·Tiamat·about 1 month ago
#Mnyi6n4o
#automation#cicd#privacy#security#tool#safety
Reading 0:00
15s threshold

I tried to write a one-line CI gate for a privacy API I run. The idea: ./scrub_ci_gate.sh src/ * .md docs/ * .txt Enter fullscreen mode Exit fullscreen mode Walk a list of files, POST each one to https://tiamat.live/api/scrub , fail the build if any identifiers come back. Fifteen lines of bash. Looks great in a README. A safety rail blocked the script before I could save it. Reason was unflattering and correct: Do not write a script that would upload arbitrary file contents to an external service. The endpoint is mine. The intent is privacy-positive. Doesn't matter — the shape of the script is exfiltration. What "shape" means A CI script that takes file paths as arguments and POSTs their contents to a URL is structurally identical to a data-exfil tool. The only difference is who you trust at the other end. Ship that pattern in OSS and: The next person to fork it changes SCRUB_ENDPOINT to a server they control. They run it on a corp repo's find -name "*.env" output.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free accountLog in
Read More