Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Trust pinned GitHub download URLs #3694

Merged
merged 6 commits into from
Nov 30, 2023
Merged

🐛 Trust pinned GitHub download URLs #3694

merged 6 commits into from
Nov 30, 2023

Commits on Nov 30, 2023

  1. Trust pinned GitHub download URLs 

     Trust files that are downloaded from `raw.githubusercontent.com` where the file's ref is a Git SHA and therefore immutable.
Resolves ossf#3339.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    dfa618e View commit details
    Browse the repository at this point in the history

  2. Move logic to function 

    - Add `hasUnpinnedURLs` function.
- Add test cases for different URLs.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    e6e5e2b View commit details
    Browse the repository at this point in the history

  3. Fix formatting 

    Appease the linter.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    ecf0582 View commit details
    Browse the repository at this point in the history

  4. Suppress lint warnings 

    Suppress warning on three long URLs.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    6d0b106 View commit details
    Browse the repository at this point in the history

  5. Address peer review 

    Address peer review feedback.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    c88c741 View commit details
    Browse the repository at this point in the history

  6. Fix lint warning 

    Fix lint warning.
Signed-off-by: martincostello <martin@martincostello.com>
    @martincostello
    martincostello committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    d493588 View commit details
    Browse the repository at this point in the history