Only download GHFM spec.txt when specified
What does this MR do and why?
Address security follow-up from !84347 (comment 948380485)
Add UPDATE_GFM_SPEC_TXT env var, and only download latest GFM spec.txt when it is set. Otherwise, use the current version committed to the repo. This will be a guard against potential injection attacks if the canonical GFM spec.txt hosted by GitHub is temporarily compromised. See related threads here and here
Related: Tracking Issue: Implement GLFM scripts per the ... (#361241)
How to set up and validate locally
- Modify
glfm_specification/input/github_flavored_markdown/ghfm_spec_v_0.29.txtto some random text in the beginning of the# Preliminariessection. - Run
scripts/glfm/update-specification.rb, withUPDATE_GHFM_SPEC_TXTundefined or set to false. - See output:
Reading existing .../glfm_specification/input/github_flavored_markdown/ghfm_spec_v_0.29.txt... - See your random text in
glfm_specification/output/spec.txt - Re-run
scripts/glfm/update-specification.rb, withUPDATE_GHFM_SPEC_TXTset totrue. - See output:
Writing .../glfm_specification/input/github_flavored_markdown/ghfm_spec_v_0.29.txt... - See your random text removed from
glfm_specification/input/github_flavored_markdown/ghfm_spec_v_0.29.txtandglfm_specification/output/spec.txt
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Chad Woolley