Code Roulette executes arbitrary Python code by design. When you play, you are agreeing to run code written by other players. Only play with people you trust.
If you discover a security vulnerability in the Code Roulette application itself (not related to the intentional code execution feature), please:
- Do not open a public issue
- Message the maintainer directly or use GitHub's private vulnerability reporting feature
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
Security issues we care about:
- Vulnerabilities in the server that could affect the host machine
- Ways to execute code on machines that didn't consent (e.g., the winner's machine)
- Authentication/authorization bypasses
Out of scope (by design):
- The loser's machine executing the winner's payload (this is the game)
- Malicious payloads (players should only play with trusted parties)