docs: Rename "unsecure" to insecure (#270)

docs/audits.md

@@ -629,7 +629,7 @@ A before/after example is shown below.
 Detects opt-in for executing insecure workflow commands.
 
 Workflow commands (like `::set-env` and `::add-path`)
-[were deprecated by Github] in 2020 due to their inherent weaknesses
+[were deprecated by GitHub] in 2020 due to their inherent weaknesses
 (e.g., allowing any command with the ability to emit to `stdout`
 to inject environment variables and therefore obtain code execution).
 
@@ -643,7 +643,7 @@ Other resources:
 
 ### Remediation
 
-In general, users should use for [Github Actions environment files]
+In general, users should use for [GitHub Actions environment files]
 (like `GITHUB_PATH` and `GITHUB_OUTPUT`) instead of using workflow commands.
 
 === "Before"
@@ -703,8 +703,8 @@ If you need to pass state between steps, consider using `GITHUB_OUTPUT` instead.
 [Trusted Publishing - RubyGems Guides]: https://guides.rubygems.org/trusted-publishing/
 [Trusted publishing: a new benchmark for packaging security]: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/
 [Trusted Publishers for All Package Repositories]: https://repos.openssf.org/trusted-publishers-for-all-package-repositories.html
-[were deprecated by Github]: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
-[Github Actions environment files]: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#environment-files
+[were deprecated by GitHub]: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
+[GitHub Actions environment files]: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#environment-files
 [Semgrep audit]: https://semgrep.dev/r?q=yaml.github-actions.security.allowed-unsecure-commands.allowed-unsecure-commands
 [GitHub Actions exploitation: environment manipulation]: https://www.synacktiv.com/en/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation
 [GHSL-2024-177: Environment Variable injection in an Actions workflow of Litestar]: https://securitylab.github.com/advisories/GHSL-2024-177_Litestar/

docs/development.md

@@ -180,7 +180,7 @@ Some things that can be useful to discuss beforehand:
 - Which criticality should we assign for this new finding?
 - Which confidence should we assign for this new finding?
 - Should this new audit be pedantic at all?
-- Does this new audit require using the Github API, or is it entirely offline?
+- Does this new audit require using the GitHub API, or is it entirely offline?
 
 When developing a new `zizmor` audit, there are a couple of implementation details to be aware of:
 

tests/acceptance.rs

@@ -6,7 +6,7 @@ use serde_json_path::JsonPath;
 mod common;
 
 // Acceptance tests for zizmor, on top of Json output
-// For now we don't cover tests that depends on Github API under the hood
+// For now we don't cover tests that depends on GitHub API under the hood
 
 fn zizmor() -> Command {
     let mut cmd = Command::cargo_bin("zizmor").expect("Cannot create executable command");
@@ -210,7 +210,7 @@ fn audit_unpinned_uses() -> anyhow::Result<()> {
 }
 
 #[test]
-fn audit_unsecure_commands_allowed() -> anyhow::Result<()> {
+fn audit_insecure_commands_allowed() -> anyhow::Result<()> {
     let auditable = workflow_under_test("insecure-commands.yml");
 
     let cli_args = [&auditable];