YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix showed path in 'bind_public_ip' message

Browse source
This commit is contained in:
OniriCorpe 2024-03-11 03:40:09 +01:00 committed by Bram
parent f940b415c1
commit 2e4e5cf37e
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
package_linter.py
View file

@ -1584,10 +1584,11 @@ class Configurations(TestSuite):
for ip in re.split("[ \t,='\"(){}\[\]]", line):
if ip == "::" or ip.startswith("0.0.0.0"):
yield Info(
f"{os.path.join(path, filename)}:{number}: Binding to '0.0.0.0' or '::' can result "
"in a security issue as the reverse proxy and the SSO can be "
"bypassed by knowing a public IP (typically an IPv6) and the "
"app port. lease be sure that this behavior is intentional. "
f"{os.path.relpath(path, app.path)}:{number}: "
"Binding to '0.0.0.0' or '::' can result in a security issue "
"as the reverse proxy and the SSO can be bypassed by knowing "
"a public IP (typically an IPv6) and the app port. "
"Please be sure that this behavior is intentional. "
"Maybe use '127.0.0.1' or '::1' instead."
)