nixpkgs/nixos
aszlig 6fe989eaed
nixos/tests/acme: Use exact match in TOS location
Since the switch to check the nginx config with gixy in
59fac1a6d7, the ACME test doesn't build
anymore, because gixy reports the following false-positive (reindented):

  >> Problem: [alias_traversal] Path traversal via misconfigured alias.
  Severity: MEDIUM
  Description: Using alias in a prefixed location that doesn't ends with
               directory separator could lead to path traversal
               vulnerability.
  Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
  Pseudo config:

  server {
    server_name letsencrypt.org;

    location /documents/2017.11.15-LE-SA-v1.2.pdf {
      alias /nix/store/y4h5ryvnvxkajkmqxyxsk7qpv7bl3vq7-2017.11.15-LE-SA-v1.2.pdf;
    }
  }

The reason this is a false-positive is because the destination is not a
directory, so something like "/foo.pdf../other.txt" won't work here,
because the resulting path would be ".../destfile.pdf../other.txt".

Nevertheless it's a good idea to use the exact match operator (=), to
not only shut up gixy but also gain a bit of performance in lookup (not
that it would matter in our test).

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-06 12:51:56 +02:00
..
doc Merge pull request #58588 from shazow/fix/vlc 2019-04-01 17:16:42 +02:00
lib nixos: doc: optionally include all modules in manual generation 2019-03-05 09:41:40 +00:00
maintainers amazon-image.nix: Resolve failure to include resize2fs 2019-03-15 17:33:45 +01:00
modules environment.noXlibs: disable gnome3 support for pinentry (#59051) 2019-04-06 10:06:55 +00:00
tests nixos/tests/acme: Use exact match in TOS location 2019-04-06 12:51:56 +02:00
COPYING
default.nix
README
release-combined.nix nixos/release: make ipv6 tests as important as legacy IP tests 2019-03-24 18:09:39 +01:00
release-small.nix nixos/release: make ipv6 tests as important as legacy IP tests 2019-03-24 18:09:39 +01:00
release.nix

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.