YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

add bind_public_ip check

Browse source
This commit is contained in:
OniriCorpe 2024-01-17 23:23:06 +01:00
parent 958bbe61e8
commit 90ad5247a9
1 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
package_linter.py
View file

@ -1531,6 +1531,31 @@ class Configurations(TestSuite):
% location % location
) )
@test()
def bind_public_ip(self):
app = self.app
for filename in (
os.listdir(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
):
try:
content = open(app.path + "/conf/" + filename).read()
except Exception as e:
yield Warning("Can't open/read %s: %s" % (filename, e))
return
for line in content.split("\n"):
comment = ["#", "//", ";"]
if (
"0.0.0.0" in line
or "::" in line
and not line.strip().startswith(comment)
):
yield Info(
"%s: Binding to '0.0.0.0' or '::' can result in a security issue as "
"the SSO can be bypassed by knowing a public IP (typically an IPv6) "
"and the app port. Please be sure that this behavior is intentional.\n"
"Maybe use '127.0.0.1' or '::1' instead." % filename
)
############################################# #############################################
# __ __ _ __ _ # # __ __ _ __ _ #