If you discover a security vulnerability in Coding Tentacle, please report it via GitHub issue or contact the maintainer directly.
Do NOT open a public issue for security vulnerabilities. Instead, use the "Report a vulnerability" button on the Security tab.
Coding Tentacle's Safety VETO is the primary security mechanism. It:
- Scans all bug reports for dangerous patterns (SQL injection, eval(), shell commands)
- Scans all engine-generated diffs before they reach sandbox
- Decodes Base64 and HTML entities to catch obfuscated patterns
- BLOCKS execution of any dangerous code — no override possible
| Version | Supported |
|---|---|
| v0.9.0 | ✅ Active (shadow release) |
| < v0.9.0 | ❌ No longer supported |
- Safety scanning is keyword-based with Base64/HTML decode
- Semantic analysis of code behavior is not implemented
- See SECURITY.md for full details