From deafb49e986e251af140cb8f38916f489f202eac Mon Sep 17 00:00:00 2001 From: lubiana Date: Sat, 28 Jun 2025 16:52:26 +0200 Subject: [PATCH] improve security --- Containerfile | 6 ++++++ src/PlaintextResponse.php | 2 ++ 2 files changed, 8 insertions(+) diff --git a/Containerfile b/Containerfile index f0ffe77..4aec81d 100644 --- a/Containerfile +++ b/Containerfile @@ -6,7 +6,12 @@ RUN composer install --no-dev --optimize-autoloader FROM dunglas/frankenphp WORKDIR /app COPY public/ ./public +COPY src/ ./src COPY --from=composer_builder /app/vendor ./vendor + +RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" +RUN sed -i 's/^\s*expose_php\s*=.*/expose_php = Off/' "$PHP_INI_DIR/php.ini" + ARG USER=appuser RUN \ # Use "adduser -D ${USER}" for alpine based distros @@ -17,6 +22,7 @@ RUN \ chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy USER ${USER} + LABEL "org.opencontainers.image.description"="Cool und Lässig uuid" LABEL "org.opencontainers.image.source"="https://git.hannover.ccc.de/lubiana/uuid" LABEL "org.opencontainers.image.title"="UUID Service" diff --git a/src/PlaintextResponse.php b/src/PlaintextResponse.php index 6277ccf..7f37eb2 100644 --- a/src/PlaintextResponse.php +++ b/src/PlaintextResponse.php @@ -12,6 +12,8 @@ final class PlaintextResponse extends Response public function __construct(?string $content, int $status = 200, array $headers = []) { $headers['Content-Type'] ??= 'text/plain'; + $random = fn () => random_int(1,9); + $headers['X-Powered-By'] ??= ["PHP/{$random()}.{$random()}.{$random()}"]; parent::__construct( content: $content, status: $status,