From 4317cbdb6b211c87055326f6e54b7f4f8c04fccf Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 30 Dec 2017 00:10:25 +0100 Subject: [PATCH 1/4] Detect the issue alias_traversal --- sub_scripts/testing_process.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sub_scripts/testing_process.sh b/sub_scripts/testing_process.sh index 01ade8c..a36c3c9 100644 --- a/sub_scripts/testing_process.sh +++ b/sub_scripts/testing_process.sh @@ -357,6 +357,11 @@ CHECK_URL () { fi done + # Detect the issue alias_traversal, https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md + curl --location --insecure --silent $check_domain$check_path../html/index.nginx-debian.html \ + | grep "title" | grep --quiet "Welcome to nginx on Debian" \ + && ECHO_FORMAT "Issue alias_traversal detected ! Please see here [...] to fix that.\n" "red" "bold" + # Remove the entries in /etc/hosts for the test domain sudo sed --in-place '/#package_check/d' /etc/hosts else From d692432d6b8e8ddb1e3b97a8cba70f6491f84fd6 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 30 Dec 2017 00:16:18 +0100 Subject: [PATCH 2/4] Add ref to alias_traversal --- sub_scripts/testing_process.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sub_scripts/testing_process.sh b/sub_scripts/testing_process.sh index a36c3c9..9d9c71c 100644 --- a/sub_scripts/testing_process.sh +++ b/sub_scripts/testing_process.sh @@ -360,7 +360,7 @@ CHECK_URL () { # Detect the issue alias_traversal, https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md curl --location --insecure --silent $check_domain$check_path../html/index.nginx-debian.html \ | grep "title" | grep --quiet "Welcome to nginx on Debian" \ - && ECHO_FORMAT "Issue alias_traversal detected ! Please see here [...] to fix that.\n" "red" "bold" + && ECHO_FORMAT "Issue alias_traversal detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold" # Remove the entries in /etc/hosts for the test domain sudo sed --in-place '/#package_check/d' /etc/hosts From f28185e5ccd07b6d6b64042179ddc681e6b9a6e2 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 5 Jan 2018 18:06:38 +0100 Subject: [PATCH 3/4] Bigger alias_traversal --- package_check.sh | 5 +++++ sub_scripts/testing_process.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/package_check.sh b/package_check.sh index af6701d..f91a40c 100755 --- a/package_check.sh +++ b/package_check.sh @@ -727,6 +727,10 @@ TEST_RESULTS () { global_level=0 fi + if [ $RESULT_alias_traversal -eq 1 ] + then + ECHO_FORMAT "Issue alias_traversal was detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold" + fi # Then, print the levels # Print the global level @@ -789,6 +793,7 @@ LXC_INIT initialize_values() { # Test results RESULT_witness=0 + RESULT_alias_traversal=0 RESULT_linter=0 RESULT_global_setup=0 RESULT_global_remove=0 diff --git a/sub_scripts/testing_process.sh b/sub_scripts/testing_process.sh index 9d9c71c..09da48e 100644 --- a/sub_scripts/testing_process.sh +++ b/sub_scripts/testing_process.sh @@ -360,7 +360,7 @@ CHECK_URL () { # Detect the issue alias_traversal, https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md curl --location --insecure --silent $check_domain$check_path../html/index.nginx-debian.html \ | grep "title" | grep --quiet "Welcome to nginx on Debian" \ - && ECHO_FORMAT "Issue alias_traversal detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold" + && ECHO_FORMAT "Issue alias_traversal detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold"; RESULT_alias_traversal=1 # Remove the entries in /etc/hosts for the test domain sudo sed --in-place '/#package_check/d' /etc/hosts From 553f8e9375fc06cd7d4cb19f08afba50583996eb Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 11 Mar 2018 14:07:04 +0100 Subject: [PATCH 4/4] Minor fixes --- sub_scripts/lxc_upgrade.sh | 20 ++++++++++---------- sub_scripts/testing_process.sh | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/sub_scripts/lxc_upgrade.sh b/sub_scripts/lxc_upgrade.sh index 2b9c822..c7f6577 100755 --- a/sub_scripts/lxc_upgrade.sh +++ b/sub_scripts/lxc_upgrade.sh @@ -35,13 +35,13 @@ if [ "$(whoami)" != "$(cat "$script_dir/setup_user")" ] && test -e "$script_dir/ exit 0 fi -echo "\e[1m> Active le bridge réseau\e[0m" +echo -e "\e[1m> Active le bridge réseau\e[0m" if ! sudo ifquery $LXC_BRIDGE --state > /dev/null then sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE fi -echo "\e[1m> Configure le parefeu\e[0m" +echo -e "\e[1m> Configure le parefeu\e[0m" if ! sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT 2> /dev/null then sudo iptables -A FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT @@ -55,7 +55,7 @@ then sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE fi -echo "\e[1m> Démarrage de la machine\e[0m" +echo -e "\e[1m> Démarrage de la machine\e[0m" if [ $(sudo lxc-info --name $LXC_NAME | grep -c "STOPPED") -eq 0 ]; then # Si la machine n'est pas à l'arrêt. sudo lxc-stop -n $LXC_NAME # Arrête la machine LXC @@ -67,7 +67,7 @@ sudo lxc-start -n $LXC_NAME -d sleep 3 sudo lxc-ls -f -echo "\e[1m> Update\e[0m" +echo -e "\e[1m> Update\e[0m" update_apt=0 sudo lxc-attach -n $LXC_NAME -- apt-get update sudo lxc-attach -n $LXC_NAME -- apt-get dist-upgrade --dry-run | grep -q "^Inst " # Vérifie si il y aura des mises à jour. @@ -75,10 +75,10 @@ sudo lxc-attach -n $LXC_NAME -- apt-get dist-upgrade --dry-run | grep -q "^Inst if [ "$?" -eq 0 ]; then update_apt=1 fi -echo "\e[1m> Upgrade\e[0m" +echo -e "\e[1m> Upgrade\e[0m" sudo lxc-attach -n $LXC_NAME -- apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy -echo "\e[1m> Clean\e[0m" +echo -e "\e[1m> Clean\e[0m" sudo lxc-attach -n $LXC_NAME -- apt-get autoremove -y sudo lxc-attach -n $LXC_NAME -- apt-get autoclean if [ "$update_apt" -eq 1 ] @@ -86,10 +86,10 @@ then # Print les numéros de version de Yunohost, si il y a eu un upgrade (sudo lxc-attach -n $LXC_NAME -- yunohost -v) | sudo tee "$script_dir/ynh_version" fi -echo "\e[1m> Arrêt de la machine virtualisée\e[0m" +echo -e "\e[1m> Arrêt de la machine virtualisée\e[0m" sudo lxc-stop -n $LXC_NAME -echo "\e[1m> Suppression des règles de parefeu\e[0m" +echo -e "\e[1m> Suppression des règles de parefeu\e[0m" sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT sudo iptables -D FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE @@ -98,9 +98,9 @@ sudo ifdown --force $LXC_BRIDGE if [ "$update_apt" -eq 1 ] then - echo "\e[1m> Archivage du snapshot\e[0m" + echo -e "\e[1m> Archivage du snapshot\e[0m" sudo tar -cz --acls --xattrs -f /var/lib/lxcsnaps/$LXC_NAME/snap0.tar.gz /var/lib/lxcsnaps/$LXC_NAME/snap0 - echo "\e[1m> Remplacement du snapshot\e[0m" + echo -e "\e[1m> Remplacement du snapshot\e[0m" sudo lxc-snapshot -n $LXC_NAME -d snap0 sudo lxc-snapshot -n $LXC_NAME fi diff --git a/sub_scripts/testing_process.sh b/sub_scripts/testing_process.sh index 09da48e..e897ddd 100644 --- a/sub_scripts/testing_process.sh +++ b/sub_scripts/testing_process.sh @@ -360,7 +360,7 @@ CHECK_URL () { # Detect the issue alias_traversal, https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md curl --location --insecure --silent $check_domain$check_path../html/index.nginx-debian.html \ | grep "title" | grep --quiet "Welcome to nginx on Debian" \ - && ECHO_FORMAT "Issue alias_traversal detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold"; RESULT_alias_traversal=1 + && (ECHO_FORMAT "Issue alias_traversal detected ! Please see here https://github.com/YunoHost/example_ynh/pull/45 to fix that.\n" "red" "bold" && RESULT_alias_traversal=1) # Remove the entries in /etc/hosts for the test domain sudo sed --in-place '/#package_check/d' /etc/hosts