BULL-1172 | T572: Check for symlinks before opening files
Updated the nginx.conf file to disable opening of symlink files.
Prerequisite to follow testing steps:
- Update the Dockerfile (for testing) within Launchboard-FE to use a normal NGINX image from DockerHub instead of using the harden image
- Build the image
- Use the newly built image within the Docker-Compose file
- Update the port mapping and user within the Docker-Compose file of launchboard-local-dev
Tested by doing the following:
-
- Copying the Gitlab status icon from the static directory of the running application in /var/www/static to another temp.png file
-
- Removing the Gitlab status icon
-
- Applying a symbolic link command to the temp.png to the Gitlab status icon original file name
-
- Viewing the webpage and seeing the Gitlab icons are not showing anymore
I also enabled symbolic links for additional testing and managed to see the Gitlab icon.
- Ticket covered: https://jira.il2.dso.mil/browse/BULL-1172
- SD Element: https://sdelements.il2.dso.mil/bunits/platform1/launchboard/launchboard-fe/tasks/phase/development/120-T572/regulations
WIP until branch is caught up to master
Edited by Baban Faraj