git: 0372c6063e - main - Add new security configuration to Hugo configuration.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 27 Dec 2021 08:31:31 UTC
The branch main has been updated by carlavilla:
URL: https://cgit.FreeBSD.org/doc/commit/?id=0372c6063ec1e3903957ae5a4382ae62ff8bb90a
commit 0372c6063ec1e3903957ae5a4382ae62ff8bb90a
Author: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org>
AuthorDate: 2021-12-27 08:24:10 +0000
Commit: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org>
CommitDate: 2021-12-27 08:24:10 +0000
Add new security configuration to Hugo configuration.
Hugo added a security policy in 0.91 version to restric access to
os/exec, remote communication and similar as can be readed here[1]
* Allow the use of AsciiDoctor to 'exec'
* Add 'LOAD_PATH' and 'RUBYLIB' to 'osEnv' variables to allow the
use of custom AsciiDoctor extensions
Reported by: Li-Wen Hsu
[1] https://gohugo.io/about/security-model/
---
documentation/config/_default/config.toml | 11 +++++++++++
documentation/config/offline/config.toml | 11 +++++++++++
website/config/_default/config.toml | 11 +++++++++++
3 files changed, 33 insertions(+)
diff --git a/documentation/config/_default/config.toml b/documentation/config/_default/config.toml
index 4ed0f325b4..3ba167405b 100644
--- a/documentation/config/_default/config.toml
+++ b/documentation/config/_default/config.toml
@@ -18,6 +18,17 @@ googleAnalytics = 'UA-22767463-1'
description = "FreeBSD Documentation Portal"
isOnline = true
+[security]
+ enableInlineShortcodes = false
+ [security.exec]
+ allow = ["^dart-sass-embedded$", "^go$", "^npx$", "^postcss$", "^asciidoctor$"]
+ osEnv = ["(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM|LOAD_PATH|RUBYLIB)$"]
+ [security.funcs]
+ getenv = ["^HUGO_"]
+ [security.http]
+ methods = ["(?i)GET|POST"]
+ urls = [".*"]
+
[markup.asciidocExt]
extensions = ["man-macro", "inter-document-references-macro", "cross-document-references-macro", "sectnumoffset-treeprocessor", "packages-macro", "git-macro"]
[markup.asciidocExt.attributes]
diff --git a/documentation/config/offline/config.toml b/documentation/config/offline/config.toml
index b34b7e4ae8..f359e2ad7e 100644
--- a/documentation/config/offline/config.toml
+++ b/documentation/config/offline/config.toml
@@ -17,6 +17,17 @@ enableRobotsTXT = true
description = "FreeBSD Documentation Portal"
isOnline = false
+[security]
+ enableInlineShortcodes = false
+ [security.exec]
+ allow = ["^dart-sass-embedded$", "^go$", "^npx$", "^postcss$", "^asciidoctor$"]
+ osEnv = ["(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM|LOAD_PATH|RUBYLIB)$"]
+ [security.funcs]
+ getenv = ["^HUGO_"]
+ [security.http]
+ methods = ["(?i)GET|POST"]
+ urls = [".*"]
+
[markup.asciidocExt]
extensions = ["man-macro", "inter-document-references-macro", "cross-document-references-macro", "sectnumoffset-treeprocessor", "packages-macro", "git-macro"]
[markup.asciidocExt.attributes]
diff --git a/website/config/_default/config.toml b/website/config/_default/config.toml
index 272afe11ed..0cc3cf6b4a 100644
--- a/website/config/_default/config.toml
+++ b/website/config/_default/config.toml
@@ -19,6 +19,17 @@ preserveTOC = true
preserveTOC = true
extensions = ["man-macro", "inter-document-references-macro", "sectnumoffset-treeprocessor", "packages-macro", "git-macro"]
+[security]
+ enableInlineShortcodes = false
+ [security.exec]
+ allow = ["^dart-sass-embedded$", "^go$", "^npx$", "^postcss$", "^asciidoctor$"]
+ osEnv = ["(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM|LOAD_PATH|RUBYLIB)$"]
+ [security.funcs]
+ getenv = ["^HUGO_"]
+ [security.http]
+ methods = ["(?i)GET|POST"]
+ urls = [".*"]
+
staticDir = ["static", "shared"]
[outputs]