After getting feedback on stackernews, addressed the following security concerns in the latest pull request
Updates installer to resolve the issues raised in #11
Addressed the following:
- Shell injection vulnerability
os.system()calls have been replaced bysubprocess.run()and checks the output before proceeding with the script- Reads though list of arguments
- Environmental variables are loaded from
.envfile, overwriting any existing env var
- Insecure file permissions
- Only file permission that is changed is the
.envfile to limit access (600) - Otherwise access is granted to file through an
ACLby addingrelay_servicegroup read permissions
- Only file permission that is changed is the
- Sensitive data exposure
- No longer echo
script_userin setup script - No longer need to learn the script user, took a different approach to granting file access
- No longer echo
- Arbitrary File Deletion
- Just use simple
rmto delete the existingdefaultNGINX config
- Just use simple
- Unchecked return values
- All
subprocess.run()calls check return values- If not explicitly checked, nested withing
try/exceptblocks
- If not explicitly checked, nested withing
- All
- Insecure Temporary File
- Better error handling for checking if file exists before overwriting
Enhancements
- Added encryption to
.envfile when at rest- Gathers user supplied password, uses key stretching with a
Fernetkey to encrypt file - Programmaticlly re-encrypts
.envfile after starting docker compose stack - Includes main menu option to
decrypt/encrypt.envfile for editing
- Gathers user supplied password, uses key stretching with a
Bug fixes
- Mounts Postgres data to host file system for persistent storage
- Was left previously unmounted for testing purposes