Strictly choose a utility (curl or wget) to synchronize registers via Mason configuration and reduce these register requests
Closed this issue · 0 comments
I've searched open issues for similar requests
- Yes
Is your feature request related to a problem? Please describe.
Good afternoon, dear developer!
I am happy to use your tool in my daily work and would like to continue working!
Unfortunately, curl and wget requests to external sources via direct links are prohibited in my organization. This is why I receive daily notifications about security policy violations.
You have a wonderful parameter in your configuration, github = { download_url_template = ... } with which I solved the problem with synchronizing registers and loading LSP servers.
But after that, I still get notifications about security policy violations. I found out what the problem is from the logs. For some reason, empty curl requests appear during requests, which do not affect the download in any way. They also don't use the download_url_template parameter.
Also, if curl is unavailable, mason automatically selects wget, I would be grateful if you added a specific choice of utility to download.
Potentially dangerous requests according to my cybersecurity staff:
1. curl -H Accept: application/vnd.mason-registry.v1+json; q=1.0, application/json; q=0.8 -H User-Agent: mason.nvim v1.10.0 (+https
2. curl -H Accept: application/vnd.mason-registry.v1+json; q=1.0, application/json; q=0.8 -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET --connect-timeout 30 https://api.mason-registry.dev/api/github/mason-org/mason-registry/releases/latest
3. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET -o /home/user
4. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET --connect-timeout 30 https://t
5. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET --connect-timeout 30 https://raw.githubusercontent.com/rust-analyzer/rust-analyzer/2024-03-25/editors/code/package.json
6. wget --header=User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -nv -o /dev/null -O - --timeout=30 --
Requests that do not violate the policy and work as I expected:
1. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET -o /home/user/.local/share/nvim/mason/registries/github/mason-org/mason-registry/registry.json.zip --connect-timeout 30 https://username:password@DOWNLOAD_URL_TEMPLATE/repo/some/path/mason-org/mason-registry/releases/download/2024-03-29-new-armor/registry.json.zip
2. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET -o /home/user/.local/share/nvim/mason/registries/github/mason-org/mason-registry/registry.json.zip --connect-timeout 30 https://username:password@DOWNLOAD_URL_TEMPLATE/repo/some/path/mason-org/mason-registry/releases/download/2024-03-29-plush-wash/registry.json.zip
3. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET --connect-timeout 30 https://username:password@DOWNLOAD_URL_TEMPLATE/repo/some/path/mason-org/mason-registry/releases/download/2024-03-29-plush-wash/checksums.txt
4. curl -H User-Agent: mason.nvim v1.10.0 (+https://github.com/williamboman/mason.nvim) -fsSL -X GET -o /home/user/.local/share/nvim/mason/staging/rust-analyzer/./rust-analyzer-x86_64-unknown-linux-gnu.gz --connect-timeout 30 https://username:password@DOWNLOAD_URL_TEMPLATE/repo/some/path/rust-lang/rust-analyzer/releases/download/2024-03-25/rust-analyzer-x86_64-unknown-linux-gnu.gz
I have attached a file with logs of requests, one with repeated requests, the other without repetitions.
Thanks!
errors_29.03.24.xlsx
errors_29.03.24_without_dubls.xlsx
Describe the solution you'd like
I would like to be able to choose a utility to download.
I would like you to download LSP, Linters, Formatters, would not like to curl/load queries that you do not use on github = { download_url_template= .. }
Describe potential alternatives you've considered
No response
Additional context
No response