capdrupal 3.0.3 → 3.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c0b198fb0b3a8dae0c743741c57a47722a29b2677096c290e2da2e381e6d6ed
4
- data.tar.gz: 34da2b54176946f505b3e18426b110597b453db249fd57ee5b8725c7599b45ed
3
+ metadata.gz: 7266984d5cca0bd4f27392796b71cca44f6a5be8017743ec8075c030e87d3c99
4
+ data.tar.gz: 719349f1a190ef5aca2833f9e37a682d3a111d1ec6498c6bf8a4d0a9c945d7cc
5
5
  SHA512:
6
- metadata.gz: 4f21885265080d37aa365fcead9db26d28692e533017fb01b12d480330908bc212de65b8a368beb82482676e2db342421e489b5201082103ecf17cd704527217
7
- data.tar.gz: 3a54f1fea98a00427ecd8d51909d10d24abdd4d174de0370aeb66b80e6c1156b3afbc5574fec72c4cfe1968f6adce25b76e23c5f1dfa3f1547e1b02f6da515c9
6
+ metadata.gz: 2b75fbaa093cc8e3d858f652bba34604ff32534ff8a21e46614c89feae8a77d21115638164cf15a09a65154a87da653da932c623615a3ebec7a3397f168ada72
7
+ data.tar.gz: d4ef047b57d2f1385d50db3305ce5b990e6ef955e62e333ada3bd097a04cc23138a8434c05b5a62e4263072357ce9507aad16d69e4bb7a980bbc96ea6665c1bd
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  # Capdrupal Changelog
2
2
 
3
- ## NEXT RELEASE
3
+ ## NEXT RELEASE
4
+
5
+ ## 3.0.4 (2023-04-25)
6
+ - add command `drupal:security:obscurity:files` to obfuscate Drupal sensitive files by deletion
7
+ - add command `drupal:security:obscurity:htaccess` to obfuscate Drupal sensitive files by htaccess
4
8
 
5
9
  ## 3.0.3 (2023-03-14)
6
10
  - Only files directory must have permissions fixed to be writable, not all shared files.
data/README.md CHANGED
@@ -153,6 +153,10 @@ namespace :deploy do
153
153
 
154
154
  # Clear your Drupal 8 cache.
155
155
  after :updated, "drupal:cache:clear"
156
+
157
+ # Obfuscate Drupal sensitive files by removing or by denying access to them.
158
+ # after :updated, "drupal:security:obscurity:files"
159
+ # after :updated, "drupal:security:obscurity:htaccess"
156
160
 
157
161
  # Disable the maintence on the Drupal project.
158
162
  after :updated, "drupal:maintenance:off"
data/capdrupal.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = 'capdrupal'
6
- spec.version = '3.0.3'
6
+ spec.version = '3.0.4'
7
7
  spec.authors = ['Kevin Wenger', 'Yann Lugrin', 'Gilles Doge', 'Toni Fisler', 'Simon Perdrisat', 'Robert Wohleb', 'Kim Pepper']
8
8
  spec.email = ['hello@antistatique.net']
9
9
 
data/lib/capdrupal.rb CHANGED
@@ -7,6 +7,27 @@ namespace :load do
7
7
  set :keep_backups, 5
8
8
  set :enable_modules, []
9
9
  set :disable_modules, []
10
+ set :security, {
11
+ # Path of files to be removed from the release path.
12
+ obscurity: [
13
+ "#{fetch(:app_path)}/core/install.php",
14
+ "#{fetch(:app_path)}/install.php",
15
+ "#{fetch(:app_path)}/update.php",
16
+ "#{fetch(:app_path)}/core/COPYRIGHT.txt",
17
+ "#{fetch(:app_path)}/core/CHANGELOG.txt",
18
+ "#{fetch(:app_path)}/core/INSTALL.mysql.txt",
19
+ "#{fetch(:app_path)}/core/INSTALL.pgsql.txt",
20
+ "#{fetch(:app_path)}/core/INSTALL.sqlite.txt",
21
+ "#{fetch(:app_path)}/core/MAINTAINERS.txt",
22
+ "#{fetch(:app_path)}/core/LICENSE.txt",
23
+ "#{fetch(:app_path)}/core/INSTALL.txt",
24
+ "#{fetch(:app_path)}/core/UPDATE.txt",
25
+ "#{fetch(:app_path)}/core/USAGE.txt",
26
+ "#{fetch(:app_path)}/CHANGELOG.txt",
27
+ "#{fetch(:app_path)}/INSTALL.txt",
28
+ "#{fetch(:app_path)}/example.gitignore",
29
+ ]
30
+ }
10
31
  end
11
32
  end
12
33
 
@@ -256,6 +277,40 @@ namespace :drupal do
256
277
  end
257
278
  end
258
279
 
280
+ namespace :security do
281
+
282
+ desc 'Security by Obscurity'
283
+ namespace :obscurity do
284
+
285
+ desc 'Obfuscate Drupal sensitive files by deletion'
286
+ task :files do
287
+ on roles(:app) do
288
+ within release_path do
289
+ fetch(:security)[:obscurity].each do |file|
290
+ execute :rm, file, '-f'
291
+ end
292
+ end
293
+ end
294
+ end
295
+
296
+ desc 'Obfuscate Drupal sensitive files by htaccess'
297
+ task :htaccess do
298
+ on roles(:app) do
299
+ htaccessFile = release_path.join(fetch(:app_path)).join('.htaccess')
300
+
301
+ [
302
+ '## added during deploy',
303
+ '## Obfuscate Drupal sensitive files by denying access',
304
+ '<FilesMatch "(^API|CHANGELOG|COPYRIGHT|INSTALL|LICENSE|PATCHES|MAINTAINERS|README|TODO|UPGRADE|UPDATE|CHANGES|install|update|authorize).*\.(md|txt|php)$">',
305
+ ' Order deny,allow',
306
+ ' Deny from all',
307
+ '</FilesMatch>'
308
+ ].each { |line| execute "echo '#{line}' >> #{htaccessFile}" }
309
+ end
310
+ end
311
+ end
312
+ end
313
+
259
314
  namespace :files do
260
315
  desc "Download drupal sites files (from remote to local)"
261
316
  task :download do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capdrupal
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3
4
+ version: 3.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kevin Wenger
@@ -11,10 +11,10 @@ authors:
11
11
  - Simon Perdrisat
12
12
  - Robert Wohleb
13
13
  - Kim Pepper
14
- autorequire:
14
+ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2023-03-14 00:00:00.000000000 Z
17
+ date: 2023-04-25 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: capistrano
@@ -95,7 +95,7 @@ homepage: http://github.com/antistatique/capdrupal/
95
95
  licenses:
96
96
  - MIT
97
97
  metadata: {}
98
- post_install_message:
98
+ post_install_message:
99
99
  rdoc_options: []
100
100
  require_paths:
101
101
  - lib
@@ -110,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  requirements: []
113
- rubygems_version: 3.1.6
114
- signing_key:
113
+ rubygems_version: 3.1.2
114
+ signing_key:
115
115
  specification_version: 4
116
116
  summary: A set of tasks for deploying and managing Drupal projects with Capistrano
117
117
  test_files: []