Merge pull request #141 from ewilly/master

This commit is contained in:
OniriCorpe 2024-03-10 21:58:01 +01:00 committed by GitHub
commit f940b415c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1565,13 +1565,14 @@ class Configurations(TestSuite):
@test() @test()
def bind_public_ip(self): def bind_public_ip(self):
app = self.app app = self.app
for filename in ( for path, subdirs, files in (
os.listdir(app.path + "/conf") if os.path.exists(app.path + "/conf") else [] os.walk(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
): ):
for filename in files:
try: try:
content = open(app.path + "/conf/" + filename).read() content = open(os.path.join(path, filename)).read()
except Exception as e: except Exception as e:
yield Warning("Can't open/read %s: %s" % (filename, e)) yield Warning("Can't open/read %s: %s" % (os.path.join(path, filename), e))
return return
for number, line in enumerate(content.split("\n"), 1): for number, line in enumerate(content.split("\n"), 1):
@ -1583,7 +1584,7 @@ class Configurations(TestSuite):
for ip in re.split("[ \t,='\"(){}\[\]]", line): for ip in re.split("[ \t,='\"(){}\[\]]", line):
if ip == "::" or ip.startswith("0.0.0.0"): if ip == "::" or ip.startswith("0.0.0.0"):
yield Info( yield Info(
f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result " f"{os.path.join(path, filename)}:{number}: Binding to '0.0.0.0' or '::' can result "
"in a security issue as the reverse proxy and the SSO can be " "in a security issue as the reverse proxy and the SSO can be "
"bypassed by knowing a public IP (typically an IPv6) and the " "bypassed by knowing a public IP (typically an IPv6) and the "
"app port. lease be sure that this behavior is intentional. " "app port. lease be sure that this behavior is intentional. "