This repository has been archived by the owner on Oct 11, 2021. It is now read-only.
Add detection of URL shortening links #180
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add the ability for the validator to detect URL shortening service URL's and reject a package that uses them.
URL shortened links are a potential security vulnerability as they can be changed outside of the package. While changing the installer download file would be detected by the checksum changing, links inside the .nuspec file do not have that protection.
URL shortening services would be (not exhaustive):
The text was updated successfully, but these errors were encountered: