YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

mention the reverse proxy bypass

Browse source
This commit is contained in:
OniriCorpe 2024-01-17 23:51:38 +01:00
parent 832dc3d55b
commit 8b38cf0924
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
package_linter.py
View file

@ -1550,10 +1550,11 @@ class Configurations(TestSuite):
and not line.strip().startswith(comment) and not line.strip().startswith(comment)
): ):
yield Info( yield Info(
f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result in " f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result "
"a security issue as the SSO can be bypassed by knowing a public " "in a security issue as the reverse proxy and the SSO can be "
"IP (typically an IPv6) and the app port. Please be sure that this " "bypassed by knowing a public IP (typically an IPv6) and the "
"behavior is intentional. Maybe use '127.0.0.1' or '::1' instead." "app port. lease be sure that this behavior is intentional. "
"Maybe use '127.0.0.1' or '::1' instead."
) )
############################################# #############################################