diff options
author | Bobby Earl <bobby.earl@blackbaud.com> | 2016-03-08 17:28:30 +0300 |
---|---|---|
committer | Chris Rebert <code@chrisrebert.com> | 2016-03-14 11:13:44 +0300 |
commit | 3abf20e4d268697c0790c78b9d3b155ddc5aa077 (patch) | |
tree | 0e655b3ff2863b233f47437cf32912fa3347cf4f /SECURITY.md | |
parent | 69a0c532a44b748ddf9aea34b19d98ed6feb275c (diff) |
Allowing trusted org user to bypass file whitelist check; fixes #30
Closes #31
Diffstat (limited to 'SECURITY.md')
-rw-r--r-- | SECURITY.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/SECURITY.md b/SECURITY.md index aac11dd..4f05753 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -26,7 +26,9 @@ We thank you again for helping ensure the security of Savage by responsibly repo [GitHub] <<<(Request details about the PR using the PR's HEAD commit's SHA)<<< [Savage] [GitHub] >>>(Response with details about the PR)>>> [Savage] * Savage checks list of files modified by the PR against the whitelist - * If any files are outside of the whitelist, stop further processing. + * If any files are outside of the whitelist, stop further processing, + unless the user submitting the PR is trusted (by virtue of being a public member of a GitHub organization + in the list defined by the `savage.trusted-orgs` setting) [GitHub] <<<(Request for Git data for the PR's HEAD commit via its SHA)<<< [Savage] [GitHub] >>>(Response with Git data for the PR's HEAD commit)>>> [Savage] |