capdrupal 3.0.3 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c0b198fb0b3a8dae0c743741c57a47722a29b2677096c290e2da2e381e6d6ed
4
- data.tar.gz: 34da2b54176946f505b3e18426b110597b453db249fd57ee5b8725c7599b45ed
3
+ metadata.gz: 7266984d5cca0bd4f27392796b71cca44f6a5be8017743ec8075c030e87d3c99
4
+ data.tar.gz: 719349f1a190ef5aca2833f9e37a682d3a111d1ec6498c6bf8a4d0a9c945d7cc
5
5
  SHA512:
6
- metadata.gz: 4f21885265080d37aa365fcead9db26d28692e533017fb01b12d480330908bc212de65b8a368beb82482676e2db342421e489b5201082103ecf17cd704527217
7
- data.tar.gz: 3a54f1fea98a00427ecd8d51909d10d24abdd4d174de0370aeb66b80e6c1156b3afbc5574fec72c4cfe1968f6adce25b76e23c5f1dfa3f1547e1b02f6da515c9
6
+ metadata.gz: 2b75fbaa093cc8e3d858f652bba34604ff32534ff8a21e46614c89feae8a77d21115638164cf15a09a65154a87da653da932c623615a3ebec7a3397f168ada72
7
+ data.tar.gz: d4ef047b57d2f1385d50db3305ce5b990e6ef955e62e333ada3bd097a04cc23138a8434c05b5a62e4263072357ce9507aad16d69e4bb7a980bbc96ea6665c1bd
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  # Capdrupal Changelog
2
2
 
3
- ## NEXT RELEASE
3
+ ## NEXT RELEASE
4
+
5
+ ## 3.0.4 (2023-04-25)
6
+ - add command `drupal:security:obscurity:files` to obfuscate Drupal sensitive files by deletion
7
+ - add command `drupal:security:obscurity:htaccess` to obfuscate Drupal sensitive files by htaccess
4
8
 
5
9
  ## 3.0.3 (2023-03-14)
6
10
  - Only files directory must have permissions fixed to be writable, not all shared files.
data/README.md CHANGED
@@ -153,6 +153,10 @@ namespace :deploy do
153
153
 
154
154
  # Clear your Drupal 8 cache.
155
155
  after :updated, "drupal:cache:clear"
156
+
157
+ # Obfuscate Drupal sensitive files by removing or by denying access to them.
158
+ # after :updated, "drupal:security:obscurity:files"
159
+ # after :updated, "drupal:security:obscurity:htaccess"
156
160
 
157
161
  # Disable the maintence on the Drupal project.
158
162
  after :updated, "drupal:maintenance:off"
data/capdrupal.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = 'capdrupal'
6
- spec.version = '3.0.3'
6
+ spec.version = '3.0.4'
7
7
  spec.authors = ['Kevin Wenger', 'Yann Lugrin', 'Gilles Doge', 'Toni Fisler', 'Simon Perdrisat', 'Robert Wohleb', 'Kim Pepper']
8
8
  spec.email = ['hello@antistatique.net']
9
9
 
data/lib/capdrupal.rb CHANGED
@@ -7,6 +7,27 @@ namespace :load do
7
7
  set :keep_backups, 5
8
8
  set :enable_modules, []
9
9
  set :disable_modules, []
10
+ set :security, {
11
+ # Path of files to be removed from the release path.
12
+ obscurity: [
13
+ "#{fetch(:app_path)}/core/install.php",
14
+ "#{fetch(:app_path)}/install.php",
15
+ "#{fetch(:app_path)}/update.php",
16
+ "#{fetch(:app_path)}/core/COPYRIGHT.txt",
17
+ "#{fetch(:app_path)}/core/CHANGELOG.txt",
18
+ "#{fetch(:app_path)}/core/INSTALL.mysql.txt",
19
+ "#{fetch(:app_path)}/core/INSTALL.pgsql.txt",
20
+ "#{fetch(:app_path)}/core/INSTALL.sqlite.txt",
21
+ "#{fetch(:app_path)}/core/MAINTAINERS.txt",
22
+ "#{fetch(:app_path)}/core/LICENSE.txt",
23
+ "#{fetch(:app_path)}/core/INSTALL.txt",
24
+ "#{fetch(:app_path)}/core/UPDATE.txt",
25
+ "#{fetch(:app_path)}/core/USAGE.txt",
26
+ "#{fetch(:app_path)}/CHANGELOG.txt",
27
+ "#{fetch(:app_path)}/INSTALL.txt",
28
+ "#{fetch(:app_path)}/example.gitignore",
29
+ ]
30
+ }
10
31
  end
11
32
  end
12
33
 
@@ -256,6 +277,40 @@ namespace :drupal do
256
277
  end
257
278
  end
258
279
 
280
+ namespace :security do
281
+
282
+ desc 'Security by Obscurity'
283
+ namespace :obscurity do
284
+
285
+ desc 'Obfuscate Drupal sensitive files by deletion'
286
+ task :files do
287
+ on roles(:app) do
288
+ within release_path do
289
+ fetch(:security)[:obscurity].each do |file|
290
+ execute :rm, file, '-f'
291
+ end
292
+ end
293
+ end
294
+ end
295
+
296
+ desc 'Obfuscate Drupal sensitive files by htaccess'
297
+ task :htaccess do
298
+ on roles(:app) do
299
+ htaccessFile = release_path.join(fetch(:app_path)).join('.htaccess')
300
+
301
+ [
302
+ '## added during deploy',
303
+ '## Obfuscate Drupal sensitive files by denying access',
304
+ '<FilesMatch "(^API|CHANGELOG|COPYRIGHT|INSTALL|LICENSE|PATCHES|MAINTAINERS|README|TODO|UPGRADE|UPDATE|CHANGES|install|update|authorize).*\.(md|txt|php)$">',
305
+ ' Order deny,allow',
306
+ ' Deny from all',
307
+ '</FilesMatch>'
308
+ ].each { |line| execute "echo '#{line}' >> #{htaccessFile}" }
309
+ end
310
+ end
311
+ end
312
+ end
313
+
259
314
  namespace :files do
260
315
  desc "Download drupal sites files (from remote to local)"
261
316
  task :download do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capdrupal
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3
4
+ version: 3.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kevin Wenger
@@ -11,10 +11,10 @@ authors:
11
11
  - Simon Perdrisat
12
12
  - Robert Wohleb
13
13
  - Kim Pepper
14
- autorequire:
14
+ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2023-03-14 00:00:00.000000000 Z
17
+ date: 2023-04-25 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: capistrano
@@ -95,7 +95,7 @@ homepage: http://github.com/antistatique/capdrupal/
95
95
  licenses:
96
96
  - MIT
97
97
  metadata: {}
98
- post_install_message:
98
+ post_install_message:
99
99
  rdoc_options: []
100
100
  require_paths:
101
101
  - lib
@@ -110,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  requirements: []
113
- rubygems_version: 3.1.6
114
- signing_key:
113
+ rubygems_version: 3.1.2
114
+ signing_key:
115
115
  specification_version: 4
116
116
  summary: A set of tasks for deploying and managing Drupal projects with Capistrano
117
117
  test_files: []