mirror of
https://github.com/YunoHost/package_linter.git
synced 2024-09-03 20:06:12 +02:00
Merge branch 'master' into OniriCorpe-patch-1
This commit is contained in:
commit
8876de53ba
3 changed files with 71 additions and 22 deletions
12
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
12
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
## Problem
|
||||||
|
|
||||||
|
- *Description of why you made this PR, what is its purpose*
|
||||||
|
|
||||||
|
## Solution
|
||||||
|
|
||||||
|
- *And how do you relevantly fix that problem*
|
||||||
|
|
||||||
|
## PR checklist
|
||||||
|
|
||||||
|
- [ ] PR finished and ready to be reviewed
|
||||||
|
|
35
.github/autoblack.yml
vendored
Normal file
35
.github/autoblack.yml
vendored
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
name: Check / auto apply Black
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
jobs:
|
||||||
|
black:
|
||||||
|
name: Check / auto apply black
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Check files using the black formatter
|
||||||
|
uses: psf/black@stable
|
||||||
|
id: black
|
||||||
|
with:
|
||||||
|
options: "."
|
||||||
|
continue-on-error: true
|
||||||
|
- shell: pwsh
|
||||||
|
id: check_files_changed
|
||||||
|
run: |
|
||||||
|
# Diff HEAD with the previous commit
|
||||||
|
$diff = git diff
|
||||||
|
$HasDiff = $diff.Length -gt 0
|
||||||
|
Write-Host "::set-output name=files_changed::$HasDiff"
|
||||||
|
- name: Create Pull Request
|
||||||
|
if: steps.check_files_changed.outputs.files_changed == 'true'
|
||||||
|
uses: peter-evans/create-pull-request@v6
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
title: "Format Python code with Black"
|
||||||
|
commit-message: ":art: Format Python code with Black"
|
||||||
|
body: |
|
||||||
|
This pull request uses the [psf/black](https://github.com/psf/black) formatter.
|
||||||
|
base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
|
||||||
|
branch: actions/black
|
|
@ -1447,8 +1447,8 @@ class Configurations(TestSuite):
|
||||||
|
|
||||||
cmd = 'grep -q -IhEro "location ~ __PATH__" %s' % (app.path + "/conf/" + filename)
|
cmd = 'grep -q -IhEro "location ~ __PATH__" %s' % (app.path + "/conf/" + filename)
|
||||||
|
|
||||||
if os.system(cmd) != 0:
|
if os.system(cmd) == 0:
|
||||||
yield Info(
|
yield Warning(
|
||||||
"When using regexp in the nginx location field (location ~ __PATH__), start the path with ^ (location ~ ^__PATH__)."
|
"When using regexp in the nginx location field (location ~ __PATH__), start the path with ^ (location ~ ^__PATH__)."
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -1565,30 +1565,32 @@ class Configurations(TestSuite):
|
||||||
@test()
|
@test()
|
||||||
def bind_public_ip(self):
|
def bind_public_ip(self):
|
||||||
app = self.app
|
app = self.app
|
||||||
for filename in (
|
for path, subdirs, files in (
|
||||||
os.listdir(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
|
os.walk(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
|
||||||
):
|
):
|
||||||
try:
|
for filename in files:
|
||||||
content = open(app.path + "/conf/" + filename).read()
|
try:
|
||||||
except Exception as e:
|
content = open(os.path.join(path, filename)).read()
|
||||||
yield Warning("Can't open/read %s: %s" % (filename, e))
|
except Exception as e:
|
||||||
return
|
yield Warning("Can't open/read %s: %s" % (os.path.join(path, filename), e))
|
||||||
|
return
|
||||||
|
|
||||||
for number, line in enumerate(content.split("\n"), 1):
|
for number, line in enumerate(content.split("\n"), 1):
|
||||||
comment = ("#", "//", ";", "/**", "*")
|
comment = ("#", "//", ";", "/**", "*")
|
||||||
if (
|
if (
|
||||||
( "0.0.0.0" in line or "::" in line )
|
( "0.0.0.0" in line or "::" in line )
|
||||||
and not line.strip().startswith(comment)
|
and not line.strip().startswith(comment)
|
||||||
):
|
):
|
||||||
for ip in re.split("[ \t,='\"(){}\[\]]", line):
|
for ip in re.split("[ \t,='\"(){}\[\]]", line):
|
||||||
if ip == "::" or ip.startswith("0.0.0.0"):
|
if ip == "::" or ip.startswith("0.0.0.0"):
|
||||||
yield Info(
|
yield Info(
|
||||||
f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result "
|
f"{os.path.relpath(path, app.path)}/{filename}:{number}: "
|
||||||
"in a security issue as the reverse proxy and the SSO can be "
|
"Binding to '0.0.0.0' or '::' can result in a security issue "
|
||||||
"bypassed by knowing a public IP (typically an IPv6) and the "
|
"as the reverse proxy and the SSO can be bypassed by knowing "
|
||||||
"app port. lease be sure that this behavior is intentional. "
|
"a public IP (typically an IPv6) and the app port. "
|
||||||
"Maybe use '127.0.0.1' or '::1' instead."
|
"Please be sure that this behavior is intentional. "
|
||||||
)
|
"Maybe use '127.0.0.1' or '::1' instead."
|
||||||
|
)
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
# __ __ _ __ _ #
|
# __ __ _ __ _ #
|
||||||
|
|
Loading…
Reference in a new issue