User Story

As a developer of Metaschema-based tooling, in order to deploy a more robust service implemented with this library, I want a resolver subsystem that restricts access to an allowlist of certain directories and subdirectories relative to a configuration and/or allowlist for specific remote HTTP services (to prevent access to other local services on the host or local file inclusion attack vectors).

Goals

• Establish a secure-by-default input resolver
• Limit access to local filesystem resources that are not part of the use cases and threat model of this library
• Limit access to HTTP resources that are not part of the use cases and threat model of this library

Dependencies

N/A

Acceptance Criteria

• All website and readme documentation affected by the changes in this issue have been updated.
• A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response