diff options
| author | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-18 11:18:51 +0200 |
|---|---|---|
| committer | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-18 11:18:51 +0200 |
| commit | df182b373fc49f20188d531494e1bff1a9ad247e (patch) | |
| tree | 5839325dc1c1fa196a87f46ff7c4ffac707bab0b | |
| parent | d5931e623320d0851a19e1001e90c7d8138d7a20 (diff) | |
| download | PeerTube-df182b373fc49f20188d531494e1bff1a9ad247e.tar.gz PeerTube-df182b373fc49f20188d531494e1bff1a9ad247e.tar.zst PeerTube-df182b373fc49f20188d531494e1bff1a9ad247e.zip | |
normalize robot.txt and specify test servers as scope of security audits
| -rw-r--r-- | SECURITY.md | 2 | ||||
| -rw-r--r-- | config/default.yaml | 2 | ||||
| -rw-r--r-- | config/production.yaml.example | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md index 37ed19246..5c668a2a3 100644 --- a/SECURITY.md +++ b/SECURITY.md | |||
| @@ -30,7 +30,7 @@ To encourage vulnerability research and to avoid any confusion between good-fait | |||
| 30 | - Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience. | 30 | - Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience. |
| 31 | - Use only the Official Channels to discuss vulnerability information with us. | 31 | - Use only the Official Channels to discuss vulnerability information with us. |
| 32 | - Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the Disclosure Terms in this policy. | 32 | - Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the Disclosure Terms in this policy. |
| 33 | - Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. | 33 | - Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. Systems currently considered in-scope are the official demonstration/test servers provided by the PeerTube development team. |
| 34 | - If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information. | 34 | - If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information. |
| 35 | - You should only interact with test accounts you own or with explicit permission from the account holder. | 35 | - You should only interact with test accounts you own or with explicit permission from the account holder. |
| 36 | - Do not engage in extortion. | 36 | - Do not engage in extortion. |
diff --git a/config/default.yaml b/config/default.yaml index adac9deeb..ab07bfedd 100644 --- a/config/default.yaml +++ b/config/default.yaml | |||
| @@ -142,7 +142,7 @@ instance: | |||
| 142 | # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' | 142 | # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' |
| 143 | robots: | | 143 | robots: | |
| 144 | User-agent: * | 144 | User-agent: * |
| 145 | Disallow: '' | 145 | Disallow: |
| 146 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. | 146 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. |
| 147 | securitytxt: | 147 | securitytxt: |
| 148 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | 148 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" |
diff --git a/config/production.yaml.example b/config/production.yaml.example index ca7b936c2..f9557b8eb 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example | |||
| @@ -156,7 +156,7 @@ instance: | |||
| 156 | # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' | 156 | # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' |
| 157 | robots: | | 157 | robots: | |
| 158 | User-agent: * | 158 | User-agent: * |
| 159 | Disallow: '' | 159 | Disallow: |
| 160 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. | 160 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. |
| 161 | securitytxt: | 161 | securitytxt: |
| 162 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | 162 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" |