YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #141 from ewilly/master

Browse source
This commit is contained in:
OniriCorpe 2024-03-10 21:58:01 +01:00 committed by GitHub
commit f940b415c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 23 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
package_linter.py
View file

@ -1565,13 +1565,14 @@ class Configurations(TestSuite):
@test()
def bind_public_ip(self):
app = self.app
for filename in (
os.listdir(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
for path, subdirs, files in (
os.walk(app.path + "/conf") if os.path.exists(app.path + "/conf") else []
):
for filename in files:
try:
content = open(app.path + "/conf/" + filename).read()
content = open(os.path.join(path, filename)).read()
except Exception as e:
yield Warning("Can't open/read %s: %s" % (filename, e))
yield Warning("Can't open/read %s: %s" % (os.path.join(path, filename), e))
return
for number, line in enumerate(content.split("\n"), 1):
@ -1583,7 +1584,7 @@ class Configurations(TestSuite):
for ip in re.split("[ \t,='\"(){}\[\]]", line):
if ip == "::" or ip.startswith("0.0.0.0"):
yield Info(
f"{filename}:{number}: Binding to '0.0.0.0' or '::' can result "
f"{os.path.join(path, filename)}:{number}: Binding to '0.0.0.0' or '::' can result "
"in a security issue as the reverse proxy and the SSO can be "
"bypassed by knowing a public IP (typically an IPv6) and the "
"app port. lease be sure that this behavior is intentional. "