Can you test exploits, viruses or dangerous scripts on Travis CI?
Can you test exploits, viruses, or dangerous scripts on Travis CI for testing or security?
In the example:
- security check if exploits are not affected by a specific software version,
- updating / downgrading Travis CI to a specific OS version and testing exploits (if the software does not contain exploits),
- testing if antivirus can uninflect the system after infection,
- testing disaster recovery tools, for example. destroying files or the entire system (e.g. after running a dangerous script) and testing forensic tools to recover data,
- etc.
source to share
I think these sections in Travis CI 's Terms of Service are relevant:
Section 4.2: The client must not interfere or intentionally interfere in any way with the functionality or correct operation of Travis CI.
Section 4.5: Client will indemnify and defend Travis CI, its officers and directors, employees and agents from any claims, damages, expenses and (including reasonable attorney fees) from third parties arising from clients' use of Travis CI in a manner, not authorized by this Agreement and / or applicable law, or customers or its employees, or negligent or willful misconduct.
I would have thought that there is a gray area showing some security flaws that will not harm the underlying host environment and exploit this flaw. For example. demonstrating that the file has the wrong permissions would be harmless and, I think, is consistent with the terms of service. I would have thought that a buffer overflow would be unacceptable, and as CodeGnome says, not for Travis.
source to share