CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'FF7C7-master' into develop

This commit is contained in:
Diego Lendoiro 2018-08-08 11:48:42 +02:00
parent 75524cfe2e ab5001559e
commit b2608c055f
3 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -75,7 +75,9 @@ RUN apt-get update \
&& rm /etc/nginx/sites-enabled/default \ && rm /etc/nginx/sites-enabled/default \
&& apt-get purge -y --auto-remove $PASSBOLT_DEV_PACKAGES \ && apt-get purge -y --auto-remove $PASSBOLT_DEV_PACKAGES \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& rm /usr/local/bin/composer && rm /usr/local/bin/composer \
&& echo 'php_flag[expose_php] = off' > /usr/local/etc/php-fpm.d/expose.conf \
&& sed -i 's/# server_tokens/server_tokens/' /etc/nginx/nginx.conf
COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
COPY conf/supervisord.conf /etc/supervisor/supervisord.conf COPY conf/supervisord.conf /etc/supervisor/supervisord.conf

15
spec/docker_image/image_spec.rb
View File

@ -17,6 +17,7 @@ describe 'Dockerfile' do
end end
let(:nginx_conf) { '/etc/nginx/nginx.conf' } let(:nginx_conf) { '/etc/nginx/nginx.conf' }
let(:php_conf) { '/usr/local/etc/php-fpm.d/expose.conf' }
let(:site_conf) { '/etc/nginx/conf.d/default.conf' } let(:site_conf) { '/etc/nginx/conf.d/default.conf' }
let(:passbolt_home) { '/var/www/passbolt' } let(:passbolt_home) { '/var/www/passbolt' }
let(:passbolt_tmp) { '/var/www/passbolt/tmp' } let(:passbolt_tmp) { '/var/www/passbolt/tmp' }
@ -71,6 +72,16 @@ describe 'Dockerfile' do
end end
end end
describe 'php config' do
it 'exists' do
expect(file(php_conf)).to exist
end
it 'does not expose php version' do
expect(file(php_conf).content).to match(/^php_flag\[expose_php\]\s+=\s+off$/)
end
end
describe 'nginx configuration' do describe 'nginx configuration' do
it 'is installed correctly' do it 'is installed correctly' do
expect(file(nginx_conf)).to exist expect(file(nginx_conf)).to exist
@ -93,6 +104,10 @@ describe 'Dockerfile' do
it 'points to the correct root folder' do it 'points to the correct root folder' do
expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot' expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot'
end end
it 'has server tokens off' do
expect(file(nginx_conf).content).to match(/^\s+server_tokens off;/)
end
end end
describe 'ports exposed' do describe 'ports exposed' do

12
spec/docker_runtime/runtime_spec.rb
View File

@ -49,7 +49,6 @@ describe 'passbolt_api service' do
let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] }
let(:uri) { "/healthcheck/status.json" } let(:uri) { "/healthcheck/status.json" }
let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
let(:conf_app) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/conf/app.php" }
describe 'php service' do describe 'php service' do
it 'is running supervised' do it 'is running supervised' do
@ -114,4 +113,15 @@ describe 'passbolt_api service' do
end end
end end
describe 'hide information' do
let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
it 'hides php version' do
expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
end
it 'hides nginx version' do
expect(command("#{curl} | grep 'Server:'").stdout).to match /^Server: nginx$/
end
end
end end