From 3b3cabbad48ba9f2624dd71bea101e1ce6c5ee5c Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 29 Jan 2018 22:44:33 +0100 Subject: [PATCH] fix alias_traversal and change maintainer --- check_process | 20 +++++++++++++++----- conf/nginx.conf | 4 +++- manifest.json | 5 ++--- scripts/install | 3 +++ scripts/upgrade | 10 ++++++++++ 5 files changed, 33 insertions(+), 9 deletions(-) diff --git a/check_process b/check_process index 7a046e7..1b21f7b 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ -;; Test complet - auto_remove=1 +;; Test name ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) @@ -11,21 +10,32 @@ setup_private=0 setup_public=1 upgrade=1 - # test upgrade from latest published version upgrade=1 from_commit=fd6350495d5a1d864ae30e1a61e18939fdb6a428 - # test upgrade from latest git commit before Jibec's rewriting upgrade=1 from_commit=267ccc21f7b52d22bc3d5b9cd6239857b9a82aad backup_restore=1 multi_instance=1 + incorrect_path=1 port_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto Level 3=auto - Level 4=1 + # impossible with Firefox Sync (it uses Firefox Accounts) + Level 4=na Level 5=auto Level 6=auto Level 7=auto Level 8=0 Level 9=0 Level 10=0 +;;; Options +Email=jean-baptiste@holcroft.fr +Notification=fail +;;; Upgrade options + ; commit=fd6350495d5a1d864ae30e1a61e18939fdb6a428 + name=latest published version + manifest_arg=domain=DOMAIN&path=PATH + ; commit=267ccc21f7b52d22bc3d5b9cd6239857b9a82aad + name=latest git commit before Jibec's rewriting + manifest_arg=domain=DOMAIN&path=PATH diff --git a/conf/nginx.conf b/conf/nginx.conf index ba3059b..4053bb9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,6 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; + +location __PATH__/ { # Path to source alias __FINALPATH__/ ; diff --git a/manifest.json b/manifest.json index 20e190d..b160964 100644 --- a/manifest.json +++ b/manifest.json @@ -9,9 +9,8 @@ "fr": "Le serveur de synchronisation de Mozilla, pour héberger vos données Firefox" }, "maintainer": { - "name": "beudbeud", - "email": "beudbeud@beudibox.fr", - "url": "https://github.com/balu-/FSyncMS" + "name": "jibec", + "email": "jean-baptiste@holcroft.fr" }, "requirements": { "yunohost": ">=2.7.0" diff --git a/scripts/install b/scripts/install index 69267bf..3139491 100644 --- a/scripts/install +++ b/scripts/install @@ -100,6 +100,9 @@ then ynh_replace_string "uwsgi_modifier1 " "#uwsgi_modifier1 " "$finalnginxconf" ynh_store_file_checksum "$finalnginxconf" +else + # add rewrite for alias_traversal protection + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1535d70..7a61628 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -47,6 +47,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set "$app" final_path "$final_path" fi +# If path_url doesn't exist, create it +if [ -z "$path_url" ]; then + path_url=$(ynh_app_setting_get "$app" path) + ynh_app_setting_set "$app" path_url "$final_path" + ynh_app_setting_delete "$app" path +fi + # Detect old installation style if [ -e /opt/yunohost/ffsync ]; then service ffsync stop @@ -111,6 +118,9 @@ then ynh_replace_string "uwsgi_modifier1 " "#uwsgi_modifier1 " "$finalnginxconf" ynh_store_file_checksum "$finalnginxconf" +else + # add rewrite for alias_traversal protection + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" fi