XS ◾ public/uploads/rules/use github-copilot-cli-secure-environment/rule (PR from TinaCMS) #11552
Conversation
Co-authored-by: Gordon Beeming <[email protected]>
github-actions
bot
changed the title
PR Metrics✔ Thanks for keeping your pull request small.
Metrics computed by PR Metrics. Add it to your Azure DevOps and GitHub PRs! |
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Copilot CLI secure environment rule by modernizing the installation process and updating the sidebar video. The changes simplify the installation instructions by replacing multi-step manual processes with single-command automated installers.
Key changes:
- Updated sidebar video URL to a newer version
- Simplified Linux/macOS installation from 8 lines to 1 line using a release-based installer
- Simplified Windows PowerShell installation from 9 lines to 1 line using a release-based installer
| ```bash | ||
| # Download the script | ||
| curl -fsSL https://raw.githubusercontent.com/GordonBeeming/copilot_here/main/copilot_here.sh -o ~/.copilot_here.sh | ||
|
|
||
| # Add to your shell profile (~/.zshrc or ~/.bashrc) - only if not already there | ||
| if ! grep -q "source ~/.copilot_here.sh" ~/.zshrc 2>/dev/null; then | ||
| echo '' >> ~/.zshrc | ||
| echo 'source ~/.copilot_here.sh' >> ~/.zshrc | ||
| fi | ||
|
|
||
| # Reload your shell | ||
| source ~/.zshrc # or source ~/.bashrc | ||
| curl -fsSL https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest/install.sh | $SHELL | ||
| ``` |
There was a problem hiding this comment.
The new installation method pipes a script directly from the internet to the shell interpreter without allowing users to inspect it first. This is a security anti-pattern, especially ironic given this rule is about security and "secure environments." Consider adding a security warning box that recommends users review the installation script before running it, or provide an alternative two-step installation process where users download the script first and then execute it. Many security-conscious organizations block this pattern (curl | sh) in their policies.
| # Reload your profile | ||
| . $PROFILE | ||
| iex ([System.Text.Encoding]::UTF8.GetString((iwr -UseBasicParsing 'https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest/install.ps1').Content)) |
There was a problem hiding this comment.
Similar to the Bash installation, this PowerShell command executes a remote script without inspection using Invoke-Expression (iex). This is a well-known security anti-pattern in PowerShell. The command is also quite complex and difficult to read. Consider adding a security warning or providing a safer alternative that allows users to download and review the script before execution.
| iex ([System.Text.Encoding]::UTF8.GetString((iwr -UseBasicParsing 'https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest/install.ps1').Content)) | |
| # Download the installer script | |
| Invoke-WebRequest -UseBasicParsing ` | |
| -Uri 'https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest/install.ps1' ` | |
| -OutFile 'install_copilot_here.ps1' | |
| # Review install_copilot_here.ps1 before running, for example: | |
| # notepad .\install_copilot_here.ps1 | |
| # Run the installer after reviewing | |
| .\install_copilot_here.ps1 |
github-actions
bot
added
Age: 🐣 - Young
Uh oh!
There was an error while loading. Please reload this page.