What I'm saying is that we should enable those unsafe features, as this command line tool is "unsafe" anyway. I quoted unsafe, because a command line tool like this is not something that sane developer would expose to untrusted users. (It's like saying rm is unsafe... yeah, it has to be, something needs to be able to delete stuff.)
On Sat, Oct 17, 2020 at 8:32 PM Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > Thanks Daniel, > > Indeed, these possible security issues are not obvious to everyone. > Disabling unsafe features is indeed a convenient way to make them prominent. > > Jacques > > Le 11/10/2020 à 20:42, Daniel Dekany a écrit : > > I noticed that ?api and ?new are by default disabled in > > freemarker-generator. However, freemarker-generator is inherently unsafe, > > as it has tools.freemarker.objectConstructor, and > tools.freemarker.statics. > > For a command-line tool that's probably fine, but then above two > > configuration settings should be left on their convenient defaults as > well. > > > > In general, allowing someone to specify arbitrary command line arguments > > to freemarker-generator CLI means that they can do pretty much anything > (as > > they can provide an arbitrary template with the -i option, then access > the > > tools). Again, I think such risk is expected from a command line tool, > but > > it's better if we are conscious about this. > > > -- Best regards, Daniel Dekany
