e522f47986
The pedantic level is experimental. If it causes issues, we may just
disable it alongside the ignore comments.
Also:
- silence error:
```
INFO audit: zizmor: completed label.yml
error[dangerous-triggers]: use of fundamentally insecure workflow trigger
--> label.yml:13:1
|
13 | 'on': [pull_request_target]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pull_request_target is almost always used insecurely
|
= note: audit confidence -> Medium
```
- fix pedantic warning:
```
INFO audit: zizmor: completed label.yml
warning[excessive-permissions]: overly broad permissions
--> label.yml:1:1
... |
24 | | with:
25 | | repo-token: '${{ secrets.GITHUB_TOKEN }}'
| |____________________________________________________- default permissions used due to no permissions: block
|
= note: audit confidence -> Medium
```
- silence `template-injection` false positives like:
```
- note: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} may expand into attacker-controllable code
- note: ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} may expand into attacker-controllable code
```
It doesn't seem like these could be controlled by an attacker.
Let me know if I'm missing something.
Closes #17278
|
||
|---|---|---|
| .circleci | ||
| .github | ||
| CMake | ||
| docs | ||
| include | ||
| lib | ||
| LICENSES | ||
| m4 | ||
| packages | ||
| plan9 | ||
| projects | ||
| scripts | ||
| src | ||
| tests | ||
| winbuild | ||
| .dir-locals.el | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| acinclude.m4 | ||
| appveyor.sh | ||
| appveyor.yml | ||
| buildconf | ||
| CHANGES.md | ||
| CMakeLists.txt | ||
| configure.ac | ||
| COPYING | ||
| curl-config.in | ||
| Dockerfile | ||
| GIT-INFO.md | ||
| libcurl.pc.in | ||
| Makefile.am | ||
| README | ||
| README.md | ||
| RELEASE-NOTES | ||
| renovate.json | ||
| REUSE.toml | ||
| SECURITY.md | ||
curl is a command-line tool for transferring data specified with URL syntax. Learn how to use curl by reading the manpage or everything curl.
Find out how to install curl by reading the INSTALL document.
libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl manpage to learn how.
Open Source
curl is Open Source and is distributed under an MIT-like license.
Contact
Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.
All contributors to the project are listed in the THANKS document.
Commercial support
For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.
Website
Visit the curl website for the latest news and downloads.
Source code
Download the latest source from the Git server:
git clone https://github.com/curl/curl.git
Security problems
Report suspected security problems via our HackerOne page and not in public.
Notice
curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.
Backers
Thank you to all our backers 🙏 Become a backer.
Sponsors
Support this project by becoming a sponsor.