Thanks for the interest in looking to make software safe for everyone.
The source code contained within this repository is provided as a reference implementation for the companion article, and is not intended for production use or for use with sensitive information. If looking to adapt any of the concepts discussed within this repository or the companion article, it is recommended to conduct the appropriate reviews and threat modeling to identify potential vulnerabilities within the reference source code or your own implementation.
The repositories of aeydr are written to take security seriously, however this is not a substitute for your own threat modeling.
If you believe you have found a security vulnerability in any repository owned in the organization, please feel free to report it through any public disclosure of your choice. As this repository is not intended for production use, it is unlikely that the issue will be addressed in-repository.
Please include as much of the information listed below as you can to help others better understand and resolve (or avoid) the issue:
- The type of issue (e.g., misconfiguration, broken access control, insecure design)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue