Make it explicitly that jq expressions MUST be evaluated ONLY on the workflows definitions and NOT on user's input.
Having user's to submit workflow data to a workflow runtime that contains jq expressions on it, open a huge security breach on their systems. Regular Expressions, for instance, can be used to exploit system data and resources.
Workflows should evaluate jq expressions ONLY on the definitions itself, not on user's input.
Make it explicitly that
jqexpressions MUST be evaluated ONLY on the workflows definitions and NOT on user's input.Having user's to submit workflow data to a workflow runtime that contains
jqexpressions on it, open a huge security breach on their systems. Regular Expressions, for instance, can be used to exploit system data and resources.Workflows should evaluate
jqexpressions ONLY on the definitions itself, not on user's input.