Bookworm + Portal rework #1657
Bookworm + Portal rework #1657
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
alexAubin
force-pushed
the
bookworm
branch
2 times, most recently
from
cd1bb22
to
bed9ecc
Compare
alexAubin
force-pushed
the
bookworm
branch
4 times, most recently
from
945ecdb
to
8ac48ee
Compare
| allowed_cors_origins_file = "/etc/yunohost/.admin-api-allowed-cors-origins" | ||
|
|
||
| if os.path.exists(allowed_cors_origins_file): | ||
| allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",") |
Check warning
Code scanning / CodeQL
File is not always closed Warning
| allowed_cors_origins_file = "/etc/yunohost/.portal-api-allowed-cors-origins" | ||
|
|
||
| if os.path.exists(allowed_cors_origins_file): | ||
| allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",") |
Check warning
Code scanning / CodeQL
File is not always closed Warning
alexAubin
force-pushed
the
bookworm
branch
2 times, most recently
from
5322f83
to
fae3b67
Compare
There was a problem hiding this comment.
CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
| export experimental="$(yunohost settings get 'security.experimental.security_experimental_enabled' | int_to_bool)" | ||
| export redirect_to_https="$(jq -r '.nginx_redirect_to_https' <<< "$YNH_SETTINGS" | int_to_bool)" | ||
| export compatibility="$(jq -r '.nginx_compatibility' <<< "$YNH_SETTINGS" | int_to_bool)" | ||
| export experimental="$(jq -r '.security_experimental_enabled' <<< "$YNH_SETTINGS" | int_to_bool)" |
There was a problem hiding this comment.
Is moving security.experimental.security_experimental_enabled to security.nginx.security_experimental_enabled intentional?
There was a problem hiding this comment.
uuuh not sure what you mean ? The setting "long name" is still security.experimental.security_experimental_enabled but $YNH_SETTINGS contains only the short name for whatever reason
There was a problem hiding this comment.
oh yeah, I misread the python code associated with the commit
| if not option.is_visible(context): | ||
| if isinstance(option, BaseInputOption): | ||
| # FIXME There could be several use case if the question is not displayed: | ||
| # - we doesn't want to give a specific value | ||
| # - we want to keep the previous value | ||
| # - we want the default value | ||
| option.value = context[option.id] = None | ||
| context[option.id] = None |
Check failure
Code scanning / CodeQL
Modification of parameter with default Error
| option.choices if isinstance(option, BaseChoicesOption) else [] | ||
| ) | ||
| # only update the context with the value | ||
| context[option.id] = option.normalize(form[option.id]) |
Check failure
Code scanning / CodeQL
Modification of parameter with default Error
| option = next(opt for opt in options if option.id == option_id) | ||
| if option and isinstance(option, BaseInputOption): | ||
| form[option.id] = option.normalize(value, option) | ||
| context[option.id] = form[option.id] |
Check failure
Code scanning / CodeQL
Modification of parameter with default Error
| # ╰───────────────────────────────────────────────────────╯ | ||
|
|
||
| if TYPE_CHECKING: | ||
| FilterKey = Sequence[Union[str, None]] |
Check notice
Code scanning / CodeQL
Unused global variable Note
|
|
||
| if TYPE_CHECKING: | ||
| FilterKey = Sequence[Union[str, None]] | ||
| RawConfig = OrderedDict[str, Any] |
Check notice
Code scanning / CodeQL
Unused global variable Note
|
|
||
| def print_config_panel_docs(): | ||
| fname = "../src/utils/configpanel.py" | ||
| content = open(fname).read() |
Check warning
Code scanning / CodeQL
File is not always closed Warning documentation
|
|
||
| def print_form_doc(): | ||
| fname = "../src/utils/form.py" | ||
| content = open(fname).read() |
Check warning
Code scanning / CodeQL
File is not always closed Warning documentation
…al are two slightly different thing
…that users can't log in or add mail aliases for a domain they aint allowed to access. The fact that they are able to access a domain is derived from the fact that they have access to at least one app on that domain (actually .. we may want to bypass this check for admins, otherwise this is gonna be hella confusing for fresh intalls).
…stion would be asked two times when postinstalling with a dyndns domain
…e not handled by the config panel
| try: | ||
| # Normalize and validate | ||
| form[option.id] = option.normalize(value, option) | ||
| context[option.id] = form[option.id] |
Check failure
Code scanning / CodeQL
Modification of parameter with default Error
| context[option.id] = form[option.id] | ||
| # In case of boolean option, yes/no may be custom, set a true boolean as context | ||
| if isinstance(option, BooleanOption) and form[option.id] is not None: | ||
| context[option.id] = form[option.id] == option.yes |
Check failure
Code scanning / CodeQL
Modification of parameter with default Error
Enh: add CLI TOS acknowledgement
Enh: Make auto dns feature optional
enh: add option to install a lets encrypt certificate when adding a subdomain of an already added domain
| if can_install_letsencrypt: | ||
| try: | ||
| _certificate_install_letsencrypt([domain], force=True, no_checks=True) | ||
| except: |
Check notice
Code scanning / CodeQL
Except block handles 'BaseException' Note
…e to be recognized
fix: allow secondaries instances of apps_that_need_external_auth_mayb…
cf YunoHost/issues#2050