Write a ReleaseFilepath.source_code? class method that will only load files with specific extensions. For now, make that list be a hardcoded array based on the list in #114. Once we fix #104 and our other TBD vulnerabilities, we'll get the final vulnerable filepath list and we can close #114.
For readability I would prefer end_with? than regexes. Be sure to list the most common extensions first for performance reasons.
The ReleaseFilepathLoader should also just load source code files and ignore everything else.
We need a verify task for source_code? and for the loader. The file build/internal/release_impl.vsprops is an example of something that is NOT source code.
Write a
ReleaseFilepath.source_code?class method that will only load files with specific extensions. For now, make that list be a hardcoded array based on the list in #114. Once we fix #104 and our other TBD vulnerabilities, we'll get the final vulnerable filepath list and we can close #114.For readability I would prefer
end_with?than regexes. Be sure to list the most common extensions first for performance reasons.The
ReleaseFilepathLoadershould also just load source code files and ignore everything else.We need a verify task for
source_code?and for the loader. The filebuild/internal/release_impl.vspropsis an example of something that is NOT source code.