Merge branch 'master' into OniriCorpe-patch-1

This commit is contained in:
OniriCorpe 2024-03-11 03:54:29 +01:00 committed by GitHub
commit 8876de53ba
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 71 additions and 22 deletions

12
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,12 @@
## Problem
- *Description of why you made this PR, what is its purpose*
## Solution
- *And how do you relevantly fix that problem*
## PR checklist
- [ ] PR finished and ready to be reviewed

35
.github/autoblack.yml vendored Normal file
View file

@ -0,0 +1,35 @@
name: Check / auto apply Black
on:
push:
branches:
- master
jobs:
black:
name: Check / auto apply black
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check files using the black formatter
uses: psf/black@stable
id: black
with:
options: "."
continue-on-error: true
- shell: pwsh
id: check_files_changed
run: |
# Diff HEAD with the previous commit
$diff = git diff
$HasDiff = $diff.Length -gt 0
Write-Host "::set-output name=files_changed::$HasDiff"
- name: Create Pull Request
if: steps.check_files_changed.outputs.files_changed == 'true'
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: "Format Python code with Black"
commit-message: ":art: Format Python code with Black"
body: |
This pull request uses the [psf/black](https://github.com/psf/black) formatter.
base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
branch: actions/black

View file

@ -1447,8 +1447,8 @@ class Configurations(TestSuite):
cmd = 'grep -q -IhEro "location ~ __PATH__" %s' % (app.path + "/conf/" + filename) cmd = 'grep -q -IhEro "location ~ __PATH__" %s' % (app.path + "/conf/" + filename)
if os.system(cmd) != 0: if os.system(cmd) == 0:
yield Info( yield Warning(
"When using regexp in the nginx location field (location ~ __PATH__), start the path with ^ (location ~ ^__PATH__)." "When using regexp in the nginx location field (location ~ __PATH__), start the path with ^ (location ~ ^__PATH__)."
) )
@ -1565,30 +1565,32 @@ class Configurations(TestSuite):
@test() @test()
def bind_public_ip(self): def bind_public_ip(self):
app = self.app app = self.app
for filename in ( for path, subdirs, files in (
os.listdir(app.path + "/conf") if os.path.exists(app.path + "/conf") else [] os.walk(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
): ):
try: for filename in files:
content = open(app.path + "/conf/" + filename).read() try:
except Exception as e: content = open(os.path.join(path, filename)).read()
yield Warning("Can't open/read %s: %s" % (filename, e)) except Exception as e:
return yield Warning("Can't open/read %s: %s" % (os.path.join(path, filename), e))
return
for number, line in enumerate(content.split("\n"), 1): for number, line in enumerate(content.split("\n"), 1):
comment = ("#", "//", ";", "/**", "*") comment = ("#", "//", ";", "/**", "*")
if ( if (
( "0.0.0.0" in line or "::" in line ) ( "0.0.0.0" in line or "::" in line )
and not line.strip().startswith(comment) and not line.strip().startswith(comment)
): ):
for ip in re.split("[ \t,='\"(){}\[\]]", line): for ip in re.split("[ \t,='\"(){}\[\]]", line):
if ip == "::" or ip.startswith("0.0.0.0"): if ip == "::" or ip.startswith("0.0.0.0"):
yield Info( yield Info(
f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result " f"{os.path.relpath(path, app.path)}/{filename}:{number}: "
"in a security issue as the reverse proxy and the SSO can be " "Binding to '0.0.0.0' or '::' can result in a security issue "
"bypassed by knowing a public IP (typically an IPv6) and the " "as the reverse proxy and the SSO can be bypassed by knowing "
"app port. lease be sure that this behavior is intentional. " "a public IP (typically an IPv6) and the app port. "
"Maybe use '127.0.0.1' or '::1' instead." "Please be sure that this behavior is intentional. "
) "Maybe use '127.0.0.1' or '::1' instead."
)
############################################# #############################################
# __ __ _ __ _ # # __ __ _ __ _ #