joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add security check (#7247)

Browse Source 
* added Parse Server security option

* added SecurityRouter

* added Check class

* added CheckGroup class

* moved parameter validation to Utils

* added CheckRunner class

* added auto-run on server start

* added custom security checks as Parse Server option

* renamed script to check

* reformat log output

* added server config check

* improved contributing guideline

* improved contribution guide

* added check security log

* improved log format

* added checks

* fixed log fomat typo

* added database checks

* fixed database check

* removed database auth check in initial version

* improved contribution guide

* added security check tests

* fixed typo

* improved wording guidelines

* improved wording guidelines
This commit is contained in:
Manuel
2021-03-10 20:19:28 +01:00
committed by GitHub
parent 36c2608400
commit bee889a329
17 changed files with 1096 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/Options/Definitions.js
View File

@@ -373,6 +373,12 @@ module.exports.ParseServerOptions = {
action: parsers.numberParser('schemaCacheTTL'),
default: 5000,
},
security: {
env: 'PARSE_SERVER_SECURITY',
help: 'The security options to identify and report weak security settings.',
action: parsers.objectParser,
default: {},
},
serverCloseComplete: {
env: 'PARSE_SERVER_SERVER_CLOSE_COMPLETE',
help: 'Callback when server has closed',
@@ -424,6 +430,27 @@ module.exports.ParseServerOptions = {
help: 'Key sent with outgoing webhook calls',
},
};
module.exports.SecurityOptions = {
checkGroups: {
env: 'PARSE_SERVER_SECURITY_CHECK_GROUPS',
help:
'The security check groups to run. This allows to add custom security checks or override existing ones. Default are the groups defined in `CheckGroups.js`.',
action: parsers.arrayParser,
},
enableCheck: {
env: 'PARSE_SERVER_SECURITY_ENABLE_CHECK',
help: 'Is true if Parse Server should check for weak security settings.',
action: parsers.booleanParser,
default: false,
},
enableCheckLog: {
env: 'PARSE_SERVER_SECURITY_ENABLE_CHECK_LOG',
help:
'Is true if the security check report should be written to logs. This should only be enabled temporarily to not expose weak security settings in logs.',
action: parsers.booleanParser,
default: false,
},
};
module.exports.PagesOptions = {
customRoutes: {
env: 'PARSE_SERVER_PAGES_CUSTOM_ROUTES',