YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Report having a message talking about configuring firewall when it's only about finding an available port ...

Browse source
This commit is contained in:
Alexandre Aubin 2021-01-09 22:11:44 +01:00
parent 8ba4a25b8b
commit d6bfb089c9
1 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
package_linter.py
View file

@ -436,8 +436,6 @@ class App(TestSuite):
% (id_, id_)
)
#######################################
# _ _ _ #
# | | | | | | #
@ -543,13 +541,6 @@ class App(TestSuite):
"but not 'yunohost service remove' in the remove script."
)
@test()
def helper_consistency_firewall(app):
install_script = app.scripts["install"]
if install_script.contains("yunohost firewall allow"):
if not install_script.contains("--needs_exposed_ports"):
yield Warning("The install script expose a port on the outside with 'yunohost firewall allow' but doesn't use 'yunohost service add' with --needs_exposed_ports ... If your are ABSOLUTELY SURE that the service needs to be exposed on THE OUTSIDE, then add --needs_exposed_ports to 'yunohost service add' with the relevant port number. Otherwise, opening the port leads to a significant security risk and you should keep the damn port closed !")
@test()
def references_to_old_php_versions(app):
if any(script.contains("/etc/php5") or script.contains("php5-fpm") for script in app.scripts.values() if script.exists):
@ -1418,6 +1409,14 @@ class Script(TestSuite):
"need to install dependencies from a custom apt repo."
)
@test()
def firewall_consistency(self):
if self.contains("yunohost firewall allow") and not self.contains("--needs_exposed_ports"):
yield Warning("You used 'yunohost firewall allow' to expose a port on the outside but did not use 'yunohost service add' with --needs_exposed_ports ... If your are ABSOLUTELY SURE that the service needs to be exposed on THE OUTSIDE, then add --needs_exposed_ports to 'yunohost service add' with the relevant port number. Otherwise, opening the port leads to a significant security risk and you should keep the damn port closed !")
if self.contains("Configuring firewall") and not self.contains('yunohost firewall allow'):
yield Warning("Some message is talking about 'Configuring firewall' but there's no mention of 'yunohost firewall allow' ... If you're only finding an available port for *internal reverse proxy*, this has nothing to do with 'Configuring the firewall', so the message should be changed to avoid confusion... ")
@test()
def exit_ynhdie(self):