Upgrading STF for security reasons (#813)

* Upgrading STF for security reasons Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update semaphore files Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * upgrading STF for security reasons v2 Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update yarn.lock file Signed-off-by: Denis barbaron <denis.barbaron@orange.com> --------- Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2026-04-19 08:33:24 +02:00 · 2024-11-22 11:41:20 +01:00
parent e204b03661
commit 2f54e40206
48 changed files with 2443 additions and 1167 deletions
--- a/lib/units/api/controllers/user.js
+++ b/lib/units/api/controllers/user.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019,2023 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var util = require('util')
@@ -7,7 +7,7 @@ var util = require('util')
 var _ = require('lodash')
 var Promise = require('bluebird')
 var uuid = require('uuid')
-var adbkit = require('@devicefarmer/adbkit')
+var adb = require('../../../util/adbutil')()
 var dbapi = require('../../../db/api')
 var logger = require('../../../util/logger')
 var datautil = require('../../../util/datautil')
@@ -434,7 +434,7 @@ function getUserAccessTokens(req, res) {

 function addAdbPublicKey(req, res) {
  var data = req.swagger.params.adb.value
-  adbkit.util.parsePublicKey(data.publickey)
+  adb.util.parsePublicKey(data.publickey)
    .then(function(key) {
      return dbapi.lookupUsersByAdbKey(key.fingerprint)
        .then(function(cursor) {
--- a/lib/units/api/index.js
+++ b/lib/units/api/index.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019,2022 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var http = require('http')
@@ -136,6 +136,8 @@ module.exports = function(options) {
  , keys: [options.secret]
  }))

+  app.disable('x-powered-by')
+
  lifecycle.observe(function() {
    [push, sub, pushdev, subdev].forEach(function(sock) {
      try {
--- a/lib/units/app/index.js
+++ b/lib/units/app/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var url = require('url')
 var fs = require('fs')
@@ -96,6 +100,8 @@ module.exports = function(options) {
    next()
  })

+  app.disable('x-powered-by')
+
  app.get('/', function(req, res) {
    res.render('index')
  })
--- a/lib/units/auth/ldap.js
+++ b/lib/units/auth/ldap.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var http = require('http')
@@ -56,6 +56,8 @@ module.exports = function(options) {
    next()
  })

+  app.disable('x-powered-by')
+
  app.get('/', function(req, res) {
    res.redirect('/auth/ldap/')
  })
--- a/lib/units/auth/mock.js
+++ b/lib/units/auth/mock.js
@@ -82,6 +82,8 @@ module.exports = function(options) {
    app.use(basicAuthMiddleware)
  }

+  app.disable('x-powered-by')
+
  app.get('/', function(req, res) {
    res.redirect('/auth/mock/')
  })
--- a/lib/units/auth/oauth2/index.js
+++ b/lib/units/auth/oauth2/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')

 var express = require('express')
@@ -48,6 +52,8 @@ module.exports = function(options) {
  , session: false
  }))

+  app.disable('x-powered-by')
+
  function isEmailAllowed(email) {
    if (email) {
      if (options.domain) {
--- a/lib/units/auth/openid.js
+++ b/lib/units/auth/openid.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')

 var openid = require('openid')
@@ -27,6 +31,8 @@ module.exports = function(options) {
  app.set('strict routing', true)
  app.set('case sensitive routing', true)

+  app.disable('x-powered-by')
+
  app.get('/', function(req, res) {
    res.redirect('/auth/openid/')
  })
--- a/lib/units/auth/saml2.js
+++ b/lib/units/auth/saml2.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var fs = require('fs')
 var http = require('http')

@@ -88,6 +92,8 @@ module.exports = function(options) {
  , session: false
  }))

+  app.disable('x-powered-by')
+
  app.post(
    '/auth/saml/callback'
  , function(req, res) {
--- a/lib/units/device/plugins/cleanup.js
+++ b/lib/units/device/plugins/cleanup.js
@@ -1,10 +1,13 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var syrup = require('@devicefarmer/stf-syrup')
 var Promise = require('bluebird')
 var _ = require('lodash')

 var logger = require('../../../util/logger')
 const util = require('util')
-const adbkit = require('@devicefarmer/adbkit')

 module.exports = syrup.serial()
  .dependency(require('../support/adb'))
@@ -38,7 +41,7 @@ module.exports = syrup.serial()
        throw new Error(util.format('Cleanup %s is not allowed!', folder))
      }
    })
-    log.debug('Cleanup folders: %j', options.cleanupFolder)
+    log.info('Cleanup folders: %j', options.cleanupFolder)

    function listPackages() {
      return adb.getPackages(options.serial)
@@ -56,14 +59,14 @@ module.exports = syrup.serial()
      return adb
        // get file size
        .shell(options.serial, util.format('du -h "%s"', filename))
-        .then(adbkit.util.readAll)
+        .then(adb.util.readAll)
        .then(function(output) {
          // output is in format: size filename. extract size;
          var size = output.toString().split('\t')[0]
          log.info('Removing %s (%s)', filename, size)
          return adb
            .shell(options.serial, util.format('rm -rf "%s"', filename))
-            .then(adbkit.util.readAll)
+            .then(adb.util.readAll)
        })
        .catch(function(err) {
          log.warn(util.format('Unable to clean %s folder', filename), err)
@@ -149,7 +152,7 @@ module.exports = syrup.serial()
            , plugin.disableBluetooth
            , plugin.cleanFolders
            , function() {
-              log.debug('Cleanup done')
+              log.info('Cleanup done')
            }
          ], function(fn) {
            return fn()
--- a/lib/units/device/plugins/screen/capture.js
+++ b/lib/units/device/plugins/screen/capture.js
@@ -1,7 +1,10 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var util = require('util')

 var syrup = require('@devicefarmer/stf-syrup')
-var adbkit = require('@devicefarmer/adbkit')

 var logger = require('../../../../util/logger')
 var wire = require('../../../../wire')
@@ -35,7 +38,7 @@ module.exports = syrup.serial()
      var file = util.format('/data/local/tmp/minicap_%d.jpg', Date.now())
      return minicap.run('minicap-apk', util.format(
          '-P %s -s >%s', projectionFormat(), file))
-        .then(adbkit.util.readAll)
+        .then(adb.util.readAll)
        .then(function() {
          return adb.stat(options.serial, file)
        })
@@ -55,7 +58,7 @@ module.exports = syrup.serial()
        })
        .finally(function() {
          return adb.shell(options.serial, ['rm', '-f', file])
-            .then(adbkit.util.readAll)
+            .then(adb.util.readAll)
        })
    }

--- a/lib/units/device/plugins/screen/stream.js
+++ b/lib/units/device/plugins/screen/stream.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2022 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2022-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var util = require('util')
@@ -10,7 +10,6 @@ var WebSocket = require('ws')
 var uuid = require('uuid')
 var EventEmitter = require('eventemitter3')
 var split = require('split')
-var adbkit = require('@devicefarmer/adbkit')

 var logger = require('../../../../util/logger')
 var lifecycle = require('../../../../util/lifecycle')
@@ -386,7 +385,7 @@ module.exports = syrup.serial()
        return Promise.all([
            output.waitForEnd()
          , adb.shell(options.serial, ['kill', signum, pid])
-              .then(adbkit.util.readAll)
+              .then(adb.util.readAll)
              .return(true)
          ])
          .timeout(2000)
--- a/lib/units/device/plugins/touch/index.js
+++ b/lib/units/device/plugins/touch/index.js
@@ -1,11 +1,13 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var util = require('util')

 var Promise = require('bluebird')
 var syrup = require('@devicefarmer/stf-syrup')
 var split = require('split')
 var EventEmitter = require('eventemitter3')
-var adbkit = require('@devicefarmer/adbkit')
-var Parser = require('@devicefarmer/adbkit/lib/adb/parser')

 var wire = require('../../../../wire')
 var logger = require('../../../../util/logger')
@@ -351,7 +353,7 @@ module.exports = syrup.serial()
        return Promise.all([
            output.waitForEnd()
          , adb.shell(options.serial, ['kill', signum, pid])
-              .then(adbkit.util.readAll)
+              .then(adb.util.readAll)
              .return(true)
          ])
          .timeout(2000)
@@ -379,7 +381,7 @@ module.exports = syrup.serial()
    TouchConsumer.prototype._readBanner = function(socket) {
      log.info('Reading minitouch banner')

-      var parser = new Parser(socket)
+      var parser = new adb.Parser(socket)
      var banner = {
        pid: -1 // @todo
      , version: 0
--- a/lib/units/device/resources/service.js
+++ b/lib/units/device/resources/service.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var util = require('util')

 var syrup = require('@devicefarmer/stf-syrup')
@@ -9,7 +13,6 @@ var pathutil = require('../../../util/pathutil')
 var streamutil = require('../../../util/streamutil')
 var promiseutil = require('../../../util/promiseutil')
 var logger = require('../../../util/logger')
-const adbkit = require('@devicefarmer/adbkit')

 module.exports = syrup.serial()
  .dependency(require('../support/adb'))
@@ -101,16 +104,16 @@ module.exports = syrup.serial()

    function grantPermission(permission, minSdk) {
      if (minSdk && sdk.level < minSdk) {
-        log.debug('SDK version (%d) is lower than %d, permission %s not supported',
+        log.warn('SDK version (%d) is lower than %d, permission %s not supported',
          sdk.level, minSdk, permission)
        return Promise.resolve()
      }
-      log.debug('Granting permission to STFService: ' + permission)
+      log.info('Granting permission to STFService: ' + permission)
      return adb.shell(options.serial, [
        'pm', 'grant', resource.pkg, permission])
-        .then(adbkit.util.readAll)
+        .then(adb.util.readAll)
        .then(function() {
-          log.debug('Permission granted %s', permission)
+          log.info('Permission granted %s', permission)
        })
        .catch(function(err) {
          log.error('Failed to grant permission %s: %s', permission, err)
--- a/lib/units/device/support/adb.js
+++ b/lib/units/device/support/adb.js
@@ -1,18 +1,15 @@
+/**
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var syrup = require('@devicefarmer/stf-syrup')
-
-var adbkit = require('@devicefarmer/adbkit')
-
 var logger = require('../../../util/logger')
 var promiseutil = require('../../../util/promiseutil')

 module.exports = syrup.serial()
  .define(function(options) {
    var log = logger.createLogger('device:support:adb')
-    var adb = adbkit.createClient({
-      host: options.adbHost
-    , port: options.adbPort
-    })
-    adb.Keycode = adbkit.Keycode
+    var adb = require('../../../util/adbutil')(options)

    function ensureBootComplete() {
      return promiseutil.periodicNotify(
--- a/lib/units/poorxy/index.js
+++ b/lib/units/poorxy/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')

 var express = require('express')
@@ -19,6 +23,8 @@ module.exports = function(options) {
  app.set('case sensitive routing', true)
  app.set('trust proxy', true)

+  app.disable('x-powered-by')
+
  ;['/static/auth/*', '/auth/*'].forEach(function(route) {
    app.all(route, function(req, res) {
      proxy.web(req, res, {
--- a/lib/units/processor/index.js
+++ b/lib/units/processor/index.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var Promise = require('bluebird')
@@ -135,8 +135,12 @@ module.exports = db.ensureConnectivity(function(options) {
      appDealer.send([channel, data])
    })
    .on(wire.DeviceStatusMessage, function(channel, message, data) {
-      dbapi.saveDeviceStatus(message.serial, message.status)
-      appDealer.send([channel, data])
+      dbapi.saveDeviceStatus(message.serial, message.status, message.statusTimeStamp)
+        .then(function(stats) {
+          if (stats.replaced) {
+            appDealer.send([channel, data])
+          }
+        })
    })
    .on(wire.DeviceHeartbeatMessage, function(channel, message, data) {
      appDealer.send([channel, data])
--- a/lib/units/provider/index.js
+++ b/lib/units/provider/index.js
@@ -1,4 +1,7 @@
-var adb = require('@devicefarmer/adbkit')
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var Promise = require('bluebird')
 var _ = require('lodash')
 var EventEmitter = require('eventemitter3')
@@ -12,12 +15,11 @@ var lifecycle = require('../../util/lifecycle')
 var srv = require('../../util/srv')
 var zmqutil = require('../../util/zmqutil')

+const timeutil = require('../../util/timeutil')
+
 module.exports = function(options) {
  var log = logger.createLogger('provider')
-  var client = adb.createClient({
-    host: options.adbHost
-  , port: options.adbPort
-  })
+  var client = require('../../util/adbutil')(options)
  var workers = {}
  var solo = wireutil.makePrivateChannel()
  var lists = {
@@ -370,6 +372,7 @@ module.exports = function(options) {
          , wireutil.envelope(new wire.DeviceStatusMessage(
              device.id
            , wireutil.toDeviceStatus(device.type)
+            , timeutil.now('nano')
            ))
          ])

--- a/lib/units/storage/plugins/apk/index.js
+++ b/lib/units/storage/plugins/apk/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var url = require('url')
 var util = require('util')
@@ -18,6 +22,8 @@ module.exports = function(options) {
  app.set('case sensitive routing', true)
  app.set('trust proxy', true)

+  app.disable('x-powered-by')
+
  app.get('/s/apk/:id/:name/manifest', function(req, res) {
    var orig = util.format(
      '/s/blob/%s/%s'
--- a/lib/units/storage/plugins/image/index.js
+++ b/lib/units/storage/plugins/image/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')

@@ -20,6 +24,8 @@ module.exports = function(options) {
  app.set('case sensitive routing', true)
  app.set('trust proxy', true)

+  app.disable('x-powered-by')
+
  app.get(
    '/s/image/:id/:name'
  , requtil.limit(options.concurrency, function(req, res) {
--- a/lib/units/storage/s3.js
+++ b/lib/units/storage/s3.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')
 var path = require('path')
@@ -32,6 +36,8 @@ module.exports = function(options) {
  app.use(bodyParser.json())
  app.use(validator())

+  app.disable('x-powered-by')
+
  function putObject(plugin, file) {
    return new Promise(function(resolve, reject) {
      var id = uuid.v4()
--- a/lib/units/storage/temp.js
+++ b/lib/units/storage/temp.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')
 var path = require('path')
@@ -28,6 +32,8 @@ module.exports = function(options) {
  app.use(bodyParser.json())
  app.use(validator())

+  app.disable('x-powered-by')
+
  storage.on('timeout', function(id) {
    log.info('Cleaning up inactive resource "%s"', id)
  })
--- a/lib/units/triproxy/index.js
+++ b/lib/units/triproxy/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var logger = require('../../util/logger')
 var lifecycle = require('../../util/lifecycle')
 var zmqutil = require('../../util/zmqutil')
@@ -17,18 +21,18 @@ module.exports = function(options) {

  // App/device output
  var pub = zmqutil.socket('pub')
-  pub.bindSync(options.endpoints.pub)
+  pub.bind(options.endpoints.pub)
  log.info('PUB socket bound on', options.endpoints.pub)

  // Coordinator input/output
  var dealer = zmqutil.socket('dealer')
-  dealer.bindSync(options.endpoints.dealer)
+  dealer.bind(options.endpoints.dealer)
  dealer.on('message', proxy(pub))
  log.info('DEALER socket bound on', options.endpoints.dealer)

  // App/device input
  var pull = zmqutil.socket('pull')
-  pull.bindSync(options.endpoints.pull)
+  pull.bind(options.endpoints.pull)
  pull.on('message', proxy(dealer))
  log.info('PULL socket bound on', options.endpoints.pull)

--- a/lib/units/websocket/index.js
+++ b/lib/units/websocket/index.js
@@ -10,7 +10,7 @@ var socketio = require('socket.io')
 var Promise = require('bluebird')
 var _ = require('lodash')
 var request = Promise.promisifyAll(require('request'))
-var adbkit = require('@devicefarmer/adbkit')
+var adb = require('../../util/adbutil')()
 var uuid = require('uuid')

 var logger = require('../../util/logger')
@@ -464,7 +464,7 @@ module.exports = function(options) {
            })
        })
        .on('user.keys.adb.add', function(data) {
-          return adbkit.util.parsePublicKey(data.key)
+          return adb.util.parsePublicKey(data.key)
            .then(function(key) {
              return dbapi.lookupUsersByAdbKey(key.fingerprint)
                .then(function(cursor) {