From 3abf20e4d268697c0790c78b9d3b155ddc5aa077 Mon Sep 17 00:00:00 2001 From: Bobby Earl Date: Tue, 8 Mar 2016 09:28:30 -0500 Subject: Allowing trusted org user to bypass file whitelist check; fixes #30 Closes #31 --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'SECURITY.md') diff --git a/SECURITY.md b/SECURITY.md index aac11dd..4f05753 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -26,7 +26,9 @@ We thank you again for helping ensure the security of Savage by responsibly repo [GitHub] <<<(Request details about the PR using the PR's HEAD commit's SHA)<<< [Savage] [GitHub] >>>(Response with details about the PR)>>> [Savage] * Savage checks list of files modified by the PR against the whitelist - * If any files are outside of the whitelist, stop further processing. + * If any files are outside of the whitelist, stop further processing, + unless the user submitting the PR is trusted (by virtue of being a public member of a GitHub organization + in the list defined by the `savage.trusted-orgs` setting) [GitHub] <<<(Request for Git data for the PR's HEAD commit via its SHA)<<< [Savage] [GitHub] >>>(Response with Git data for the PR's HEAD commit)>>> [Savage] -- cgit v1.2.3