diff --git a/.editorconfig b/.editorconfig index abd7688..5e556f4 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,7 +13,3 @@ indent_size = 4 [Makefile] indent_style = tab - -[.travis.yml] -indent_style = space -indent_size = 2 diff --git a/.github/workflows/dockerpublish.yml b/.github/workflows/dockerpublish.yml index c0c981f..90f1ba1 100644 --- a/.github/workflows/dockerpublish.yml +++ b/.github/workflows/dockerpublish.yml @@ -1,4 +1,4 @@ -# This workflow uses actions that are not certified by GitHub. +# This workflow uses actions that GitHub does not certify. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. diff --git a/README.md b/README.md index ae3a05b..9204144 100644 --- a/README.md +++ b/README.md @@ -58,9 +58,10 @@ gixy ``` # Usage -By default, Gixy will try to analyze Nginx configuration placed in `/etc/nginx/nginx.conf`. -But you can always specify needed path: +By default, Gixy will try to analyze NGINX configuration placed in `/etc/nginx/nginx.conf`. + +But you can always specify the needed path: ``` $ gixy /etc/nginx/nginx.conf diff --git a/docs/en/plugins/addheadermultiline.md b/docs/en/plugins/addheadermultiline.md index 0b23937..8a6d4e1 100644 --- a/docs/en/plugins/addheadermultiline.md +++ b/docs/en/plugins/addheadermultiline.md @@ -7,7 +7,7 @@ You should avoid using multiline response headers, because: ## How can I find it? Misconfiguration example: ```nginx -# http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header +# https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header add_header Content-Security-Policy " default-src: 'none'; script-src data: https://yastatic.net; diff --git a/docs/en/plugins/aliastraversal.md b/docs/en/plugins/aliastraversal.md index 4da250f..fc4b280 100644 --- a/docs/en/plugins/aliastraversal.md +++ b/docs/en/plugins/aliastraversal.md @@ -9,17 +9,19 @@ location /i/ { ``` on request of `/i/top.gif`, the file `/data/w3/images/top.gif` will be sent. -But, if the location doesn't ends with directory separator (i.e. `/`): +But if the location doesn't end with directory separator (i.e. `/`): + ```nginx location /i { alias /data/w3/images/; } ``` -on request of `/i../app/config.py`, the file `/data/w3/app/config.py` will be sent. +On request of `/i../app/config.py`, the file `/data/w3/app/config.py` will be sent. In other words, the incorrect configuration of `alias` could allow an attacker to read file stored outside the target folder. ## What can I do? + It's pretty simple: - you must find all the `alias` directives; - make sure that the parent prefixed location ends with directory separator. diff --git a/docs/en/plugins/if_is_evil.md b/docs/en/plugins/if_is_evil.md index 6ae1e15..4515086 100644 --- a/docs/en/plugins/if_is_evil.md +++ b/docs/en/plugins/if_is_evil.md @@ -10,11 +10,11 @@ The only 100% safe things which may be done inside if in a location context are: * [`return ...;`](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return) * [`rewrite ... last;`](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite) -Anything else may cause unpredictable behaviour, including potential SIGSEGV. +Anything else may cause unpredictable behavior, including potential SIGSEGV. -It is important to note that the behaviour of if is not inconsistent, given two identical requests it will not randomly fail on one and work on the other, with proper testing and understanding ifs '''can''' be used. The advice to use other directives where available still very much applies, though. +It is important to note that the behavior of if is not inconsistent, given two identical requests it will not randomly fail on one and work on the other, with proper testing and understanding ifs '''can''' be used. The advice to use other directives where available still very much applies, though. -There are cases where you simply cannot avoid using an if, for example, if you need to test a variable which has no equivalent directive. +There are cases where you cannot avoid using an if, for example, if you need to test a variable which has no equivalent directive. ```nginx if ($request_method = POST ) { @@ -138,7 +138,7 @@ In case you think you found an example which isn't listed here - it's a good ide Directive "if" is part of rewrite module which evaluates instructions imperatively. On the other hand, NGINX configuration in general is declarative. At some point due to users demand an attempt was made to enable some non-rewrite directives inside "if", and this lead to situation we have now. It mostly works, but... see above. -Looks like the only correct fix would be to disable non-rewrite directives inside if completely. It would break many configuration out there though, so wasn't done yet. +It looks like the only correct fix would be to disable non-rewrite directives inside if completely. It would break many configuration out there though, so wasn't done yet. ## If you still want to use if inside location context diff --git a/docs/en/plugins/origins.md b/docs/en/plugins/origins.md index 2d839e1..4e5c9a8 100644 --- a/docs/en/plugins/origins.md +++ b/docs/en/plugins/origins.md @@ -5,9 +5,9 @@ Often it is needed for setting the `X-Frame-Options` header (ClickJacking protec The most common errors with this configuration are: - regex errors; - - allow 3rd-party origins. + - allow third-party origins. - > Notice: by default Gixy doesn't check regexes for 3rd-party origins matching. + > Notice: by default, Gixy doesn't check regexes for third-party origins matching. > You can pass a list of trusted domains by using the option `--origins-domains example.com,foo.bar` ## How can I find it? diff --git a/gixy/cli/argparser.py b/gixy/cli/argparser.py index 16a476a..0a6dc6e 100644 --- a/gixy/cli/argparser.py +++ b/gixy/cli/argparser.py @@ -87,7 +87,7 @@ def format_help(self): class ArgsParser(ArgumentParser): def get_possible_config_keys(self, action): """This method decides which actions can be set in a config file and - what their keys will be. It returns a list of 0 or more config keys that + what their keys will be. It returns a list of zero or more config keys that can be used to set the given action's value in a config file. """ keys = [] diff --git a/gixy/core/regexp.py b/gixy/core/regexp.py index a9f67be..2bc3a7d 100644 --- a/gixy/core/regexp.py +++ b/gixy/core/regexp.py @@ -711,7 +711,7 @@ def __str__(self): return '^' if self.end: return '$' - LOG.warn('unexpected AT token: %s', self.token) + LOG.warning('unexpected AT token: %s', self.token) class NegateToken(Token): diff --git a/gixy/core/variable.py b/gixy/core/variable.py index 2b94d3c..cc56076 100644 --- a/gixy/core/variable.py +++ b/gixy/core/variable.py @@ -42,7 +42,7 @@ def __init__(self, name, value=None, boundary=None, provider=None, have_script=T :param str|None name: variable name. :param str|Regexp value: variable value.. :param Regexp boundary: variable boundary set. - :param Directive provider: directive that provide variable (e.g. if, location, rewrite, etc). + :param Directive provider: directive that provide variable (e.g. if, location, rewrite, etc.). :param bool have_script: may variable have nginx script or not (mostly used to indicate a string literal). """ diff --git a/gixy/formatters/base.py b/gixy/formatters/base.py index e441407..5db000e 100644 --- a/gixy/formatters/base.py +++ b/gixy/formatters/base.py @@ -5,7 +5,7 @@ class BaseFormatter(object): - skip_parents = set([block.Root, block.HttpBlock]) + skip_parents = {block.Root, block.HttpBlock} def __init__(self): self.reports = {} diff --git a/gixy/plugins/add_header_redefinition.py b/gixy/plugins/add_header_redefinition.py index 0342b8b..7d06db3 100644 --- a/gixy/plugins/add_header_redefinition.py +++ b/gixy/plugins/add_header_redefinition.py @@ -15,7 +15,7 @@ class add_header_redefinition(Plugin): summary = 'Nested "add_header" drops parent headers.' severity = gixy.severity.LOW description = ('"add_header" replaces ALL parent headers. ' - 'See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header') + 'See documentation: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header') help_url = 'https://github.com/dvershinin/gixy/blob/master/docs/en/plugins/addheaderredefinition.md' directives = ['server', 'location', 'if'] options = {'headers': set()}