Skip to content

Use -bor to preserve existing TLS protocols in Test-ListPath.ps1#1141

Merged
Romanitho merged 2 commits into
release/2.11.0from
copilot/sub-pr-1140
Mar 24, 2026
Merged

Use -bor to preserve existing TLS protocols in Test-ListPath.ps1#1141
Romanitho merged 2 commits into
release/2.11.0from
copilot/sub-pr-1140

Conversation

Copilot AI commented Mar 24, 2026

Copy link
Copy Markdown
Contributor

The TLS 1.2 assignment in Test-ListPath.ps1 was overwriting the process-wide SecurityProtocol value, potentially disabling already-enabled protocols (e.g. TLS 1.3 / SystemDefault).

Change

Replace the overwrite assignment with a bitwise OR, matching the pattern used in Test-ModsPath.ps1:

# Before — overwrites all existing protocol flags
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# After — adds TLS 1.2 without removing anything
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 #DevSkim: ignore DS440020,DS440020 Hard-coded SSL/TLS Protocol

Also adds the #DevSkim: ignore DS440020 suppression comment consistent with the rest of the codebase.


⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.

Copilot AI changed the title [WIP] [WIP] Address feedback from PR #1140 on release 2.11.0 Use -bor to preserve existing TLS protocols in Test-ListPath.ps1 Mar 24, 2026
Copilot AI requested a review from Romanitho March 24, 2026 09:45
@github-actions

Copy link
Copy Markdown
Contributor

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ COPYPASTE jscpd yes no no 2.79s
⚠️ MARKDOWN markdownlint 1 0 3 0 1.19s
✅ MARKDOWN markdown-table-formatter 1 0 0 0 0.34s
✅ POWERSHELL powershell 2 0 0 4.98s
✅ POWERSHELL powershell_formatter 2 0 0 4.32s
⚠️ REPOSITORY checkov yes 3 no 21.44s
⚠️ REPOSITORY devskim yes 1 8 2.95s
✅ REPOSITORY dustilock yes no no 0.01s
✅ REPOSITORY gitleaks yes no no 0.78s
✅ REPOSITORY git_diff yes no no 0.03s
✅ REPOSITORY grype yes no no 40.92s
✅ REPOSITORY kics yes no no 2.35s
✅ REPOSITORY kingfisher yes no no 5.24s
✅ REPOSITORY secretlint yes no no 0.93s
✅ REPOSITORY syft yes no no 1.62s
✅ REPOSITORY trivy yes no no 13.67s
✅ REPOSITORY trivy-sbom yes no no 0.18s
✅ REPOSITORY trufflehog yes no no 3.5s
⚠️ SPELL cspell 5 11 0 5.25s
✅ SPELL lychee 2 0 0 1.78s

Detailed Issues

⚠️ REPOSITORY / checkov - 3 errors

Linter output file not found

⚠️ SPELL / cspell - 11 errors

Linter output file not found

⚠️ REPOSITORY / devskim - 1 error

Linter output file not found

⚠️ MARKDOWN / markdownlint - 3 errors

Linter output file not found

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@Romanitho
Romanitho marked this pull request as ready for review March 24, 2026 13:11
Copilot AI review requested due to automatic review settings March 24, 2026 13:11
@Romanitho
Romanitho merged commit ab86f37 into release/2.11.0 Mar 24, 2026
5 checks passed
@Romanitho
Romanitho deleted the copilot/sub-pr-1140 branch March 24, 2026 13:12

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates WAU’s Test-ListPath helper to enable TLS 1.2 without clobbering the process-wide ServicePointManager.SecurityProtocol flags, aligning behavior with existing networking code in the functions layer.

Changes:

  • Switches TLS 1.2 enabling from overwrite assignment to bitwise OR (-bor) to preserve existing protocol flags.
  • Adds a DevSkim suppression comment on the TLS protocol line to match established suppression usage.

Comment on lines 20 to +22
function Test-ListPath ($ListPath, $UseWhiteList, $WingetUpdatePath) {
# Enable TLS 1.2 for secure connections
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 #DevSkim: ignore DS440020,DS440020 Hard-coded SSL/TLS Protocol

Copilot AI Mar 24, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Net.ServicePointManager]::SecurityProtocol is process-wide state. In this function it’s set unconditionally, even when $ListPath is UNC/local and no HTTP request will be made. Consider moving the TLS flag update into the if ($ListPath -like "http*") branch (as in Test-ModsPath.ps1) to minimize unintended side effects on callers.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants