Upgrading STF for security reasons (#813)

* Upgrading STF for security reasons Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update semaphore files Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * upgrading STF for security reasons v2 Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update yarn.lock file Signed-off-by: Denis barbaron <denis.barbaron@orange.com> --------- Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2026-04-18 12:53:21 +02:00 · 2024-11-22 11:41:20 +01:00
parent e204b03661
commit 2f54e40206
48 changed files with 2443 additions and 1167 deletions
--- a/lib/units/storage/plugins/apk/index.js
+++ b/lib/units/storage/plugins/apk/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var url = require('url')
 var util = require('util')
@@ -18,6 +22,8 @@ module.exports = function(options) {
  app.set('case sensitive routing', true)
  app.set('trust proxy', true)

+  app.disable('x-powered-by')
+
  app.get('/s/apk/:id/:name/manifest', function(req, res) {
    var orig = util.format(
      '/s/blob/%s/%s'
--- a/lib/units/storage/plugins/image/index.js
+++ b/lib/units/storage/plugins/image/index.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')

@@ -20,6 +24,8 @@ module.exports = function(options) {
  app.set('case sensitive routing', true)
  app.set('trust proxy', true)

+  app.disable('x-powered-by')
+
  app.get(
    '/s/image/:id/:name'
  , requtil.limit(options.concurrency, function(req, res) {
--- a/lib/units/storage/s3.js
+++ b/lib/units/storage/s3.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')
 var path = require('path')
@@ -32,6 +36,8 @@ module.exports = function(options) {
  app.use(bodyParser.json())
  app.use(validator())

+  app.disable('x-powered-by')
+
  function putObject(plugin, file) {
    return new Promise(function(resolve, reject) {
      var id = uuid.v4()
--- a/lib/units/storage/temp.js
+++ b/lib/units/storage/temp.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var http = require('http')
 var util = require('util')
 var path = require('path')
@@ -28,6 +32,8 @@ module.exports = function(options) {
  app.use(bodyParser.json())
  app.use(validator())

+  app.disable('x-powered-by')
+
  storage.on('timeout', function(id) {
    log.info('Cleaning up inactive resource "%s"', id)
  })