diff --git a/Securitytxt/Controller/Index/Securitytxt.php b/Securitytxt/Controller/Index/Securitytxt.php new file mode 100644 index 00000000..685384a2 --- /dev/null +++ b/Securitytxt/Controller/Index/Securitytxt.php @@ -0,0 +1,60 @@ +resultPageFactory = $resultPageFactory; + $this->securitytxtModel = $securitytxtModel; + parent::__construct($context); + } + + /** + * Generates security.txt data and returns it as result + * + * @return ResultInterface + */ + public function execute() + { + $result = $this->resultPageFactory->create(ResultFactory::TYPE_RAW); + $result->setHeader('Content-Type', 'text/plain'); + $result->setContents($this->securitytxtModel->getSecuritytxt()); + return $result; + } +} diff --git a/Securitytxt/Controller/Index/Securitytxtsig.php b/Securitytxt/Controller/Index/Securitytxtsig.php new file mode 100644 index 00000000..ddc828f2 --- /dev/null +++ b/Securitytxt/Controller/Index/Securitytxtsig.php @@ -0,0 +1,61 @@ +resultPageFactory = $resultPageFactory; + $this->securitytxtModel = $securitytxtModel; + parent::__construct($context); + } + + /** + * Generates security.txt signature data and returns it as result + * + * @return ResultInterface + */ + public function execute() + { + $securitytxtSignature = $this->securitytxtModel->getSecuritytxtsig(); + $result = $this->resultPageFactory->create(ResultFactory::TYPE_RAW); + $result->setHeader('Content-Type', 'text/plain'); + $result->setContents($securitytxtSignature); + return $result; + } +} diff --git a/Securitytxt/Controller/Router.php b/Securitytxt/Controller/Router.php new file mode 100644 index 00000000..3ed0cb7b --- /dev/null +++ b/Securitytxt/Controller/Router.php @@ -0,0 +1,118 @@ +actionFactory = $actionFactory; + $this->actionList = $actionList; + $this->routeConfig = $routeConfig; + $this->config = $config; + } + + /** + * Checks if security.txt file was requested and returns instance of matched application action class + * + * @param RequestInterface $request + * @return ActionInterface|null + */ + public function match(RequestInterface $request) + { + $identifier = trim($request->getPathInfo(), '/'); + + if ($identifier === '.well-known/security.txt') { + $action = 'securitytxt'; + } elseif ($identifier === '.well-known/security.txt.sig') { + $action = 'securitytxtsig'; + } else { + return null; + } + + $modules = $this->routeConfig->getModulesByFrontName('securitytxt'); + if (empty($modules) || !$this->config->isEnabled()) { + return null; + } + + if ($action === 'securitytxt' && !$this->isContactInformationAvailable()) { + return null; + } + if ($action === 'securitytxtsig' && !$this->isSignatureAvailable()) { + return null; + } + + $actionClassName = $this->actionList->get($modules[0], null, 'index', $action); + $actionInstance = $this->actionFactory->create($actionClassName); + return $actionInstance; + } + + /** + * Check if security.txt.sig file content is available. + * + * @return bool + */ + private function isSignatureAvailable(): bool + { + return !empty($this->config->getSignature()); + } + + /** + * Check if any of required security.txt contact information is configured. + * + * @return bool + */ + private function isContactInformationAvailable(): bool + { + return !empty($this->config->getEmail()) || + !empty($this->config->getPhone()) || + !empty($this->config->getContactPage()); + } +} diff --git a/Securitytxt/LICENSE.txt b/Securitytxt/LICENSE.txt new file mode 100644 index 00000000..2b7359b7 --- /dev/null +++ b/Securitytxt/LICENSE.txt @@ -0,0 +1,48 @@ + +Open Software License ("OSL") v. 3.0 + +This Open Software License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following licensing notice adjacent to the copyright notice for the Original Work: + +Licensed under the Open Software License version 3.0 + + 1. Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following: + + 1. to reproduce the Original Work in copies, either alone or as part of a collective work; + + 2. to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work; + + 3. to distribute or communicate copies of the Original Work and Derivative Works to the public, with the proviso that copies of Original Work or Derivative Works that You distribute or communicate shall be licensed under this Open Software License; + + 4. to perform the Original Work publicly; and + + 5. to display the Original Work publicly. + + 2. Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works. + + 3. Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work. + + 4. Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor's trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license. + + 5. External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). + + 6. Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. + + 7. Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer. + + 8. Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation. + + 9. Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including 'fair use' or 'fair dealing'). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c). + + 10. Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware. + + 11. Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License. + + 12. Attorneys' Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. + + 13. Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. + + 14. Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + + 15. Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. + + 16. Modification of This License. This License is Copyright (C) 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Open Software License" or "OSL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under " or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process. \ No newline at end of file diff --git a/Securitytxt/LICENSE_AFL.txt b/Securitytxt/LICENSE_AFL.txt new file mode 100644 index 00000000..7133011f --- /dev/null +++ b/Securitytxt/LICENSE_AFL.txt @@ -0,0 +1,48 @@ + +Academic Free License ("AFL") v. 3.0 + +This Academic Free License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following licensing notice adjacent to the copyright notice for the Original Work: + +Licensed under the Academic Free License version 3.0 + + 1. Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following: + + 1. to reproduce the Original Work in copies, either alone or as part of a collective work; + + 2. to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work; + + 3. to distribute or communicate copies of the Original Work and Derivative Works to the public, under any license of your choice that does not contradict the terms and conditions, including Licensor's reserved rights and remedies, in this Academic Free License; + + 4. to perform the Original Work publicly; and + + 5. to display the Original Work publicly. + + 2. Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works. + + 3. Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work. + + 4. Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor's trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license. + + 5. External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). + + 6. Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. + + 7. Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer. + + 8. Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation. + + 9. Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including "fair use" or "fair dealing"). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c). + + 10. Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware. + + 11. Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License. + + 12. Attorneys' Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. + + 13. Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. + + 14. Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + + 15. Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. + + 16. Modification of This License. This License is Copyright © 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Academic Free License" or "AFL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under " or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process. \ No newline at end of file diff --git a/Securitytxt/Model/Config.php b/Securitytxt/Model/Config.php new file mode 100644 index 00000000..6af98e08 --- /dev/null +++ b/Securitytxt/Model/Config.php @@ -0,0 +1,148 @@ +scopeConfig = $scopeConfig; + } + + /** + * Check if securitytxt module is enabled in configuration. + * + * @return bool + */ + public function isEnabled(): bool + { + return (bool)$this->scopeConfig->getValue(static::XML_SECURITYTXT_ENABLED, ScopeInterface::SCOPE_WEBSITE); + } + + /** + * Get configuration for securitytxt email field. + * + * @return string + */ + public function getEmail(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_EMAIL, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt phone field. + * + * @return string + */ + public function getPhone(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_PHONE, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt contact page field. + * + * @return string + */ + public function getContactPage(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_CONTACTPAGE, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt encryption url field. + * + * @return string + */ + public function getEncryption(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_ENCRYPTION, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt acknowledgments field. + * + * @return string + */ + public function getAcknowledgements(): string + { + return $this->scopeConfig + ->getValue(static::XML_SECURITYTXT_ACKNOWLEDGEMENTS, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt preferred languages field. + * + * @return string + */ + public function getPreferredLanguages(): string + { + return $this->scopeConfig + ->getValue(static::XML_SECURITYTXT_PREFERREDLANGUAGES, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt hiring url field. + * + * @return string + */ + public function getHiring(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_HIRING, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt policy url field. + * + * @return string + */ + public function getPolicy(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_POLICY, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } + + /** + * Get configuration for securitytxt signature field. + * + * @return string + */ + public function getSignature(): string + { + return $this->scopeConfig->getValue(static::XML_SECURITYTXT_SIGNATURE, ScopeInterface::SCOPE_WEBSITE) ?: ''; + } +} diff --git a/Securitytxt/Model/Config/Backend/Validate.php b/Securitytxt/Model/Config/Backend/Validate.php new file mode 100644 index 00000000..30e78bcf --- /dev/null +++ b/Securitytxt/Model/Config/Backend/Validate.php @@ -0,0 +1,126 @@ +getPath()); + $sectionName = reset($sectionPathString); + + if ($sectionName !== Config::XML_SECURITYTXT_MODULE || $this->getData('group_id') !== 'contact_information') { + return parent::validateBeforeSave(); + } + + $dataGroup = $this->getData()['groups']; + $contactInformationFields = $dataGroup['contact_information']['fields']; + $otherInformationFields = $dataGroup['other_information']['fields']; + $isExtensionEnabled = (bool)$dataGroup['general']['fields']['enabled']['value']; + $contactEmail = $contactInformationFields['email']['value']; + $contactPhone = $contactInformationFields['phone']['value']; + $contactWebPage = $contactInformationFields['contact_page']['value']; + + if ($isExtensionEnabled) { + if ($contactEmail === '' && $contactPhone === '' && $contactWebPage === '') { + throw new ValidatorException(__('At least one contact information is required.')); + } + } else { + return parent::validateBeforeSave(); + } + + $this->validateContactEmail($contactEmail); + $this->validateContactWebpageUrl($contactWebPage); + $this->validateUrlField("Contact Page URL", $contactWebPage); + $this->validateUrlField("Encryption URL", $otherInformationFields['encryption']['value']); + $this->validateUrlField("Acknowledgements URL", $otherInformationFields['acknowledgements']['value']); + $this->validateUrlField("Hiring URL", $otherInformationFields['hiring']['value']); + $this->validateUrlField("Policy URL", $otherInformationFields['policy']['value']); + + return parent::validateBeforeSave(); + } + + /** + * Validate url value to be secure. + * + * @param string $url + * @return bool + */ + private function validateSecureUrl(string $url): bool + { + $url = filter_var($url, FILTER_SANITIZE_STRING); + // phpcs:ignore Magento2.Functions.DiscouragedFunction + if (parse_url($url, PHP_URL_SCHEME) === 'https' && filter_var($url, FILTER_VALIDATE_URL)) { + return true; + } + + return false; + } + + /** + * Validate contact email configuration field. + * + * @param string $contactEmail + * @return void + * @throws ValidatorException + */ + private function validateContactEmail(string $contactEmail): void + { + if ($contactEmail !== '' && !filter_var($contactEmail, FILTER_VALIDATE_EMAIL)) { + throw new ValidatorException( + __('Contact Information: Email validation failed. Please enter in correct format.') + ); + } + } + + /** + * Validate contact web page configuration field. + * + * @param string $contactWebpage + * @return void + * @throws ValidatorException + */ + private function validateContactWebpageUrl(string $contactWebpage): void + { + if ($contactWebpage !== '' && !$this->validateSecureUrl($contactWebpage)) { + throw new ValidatorException( + __('Contact Information: Contact Page URL should be in correct format and must start with HTTPS.') + ); + } + } + + /** + * Validate Security.txt configuration field containing url. + * + * @param string $fieldName + * @param string $fieldValue + * @throws ValidatorException + */ + private function validateUrlField(string $fieldName, string $fieldValue): void + { + if ($fieldValue !== '' && !$this->validateSecureUrl($fieldValue)) { + throw new ValidatorException( + __('Other Information: %1 should be in correct format and must start with HTTPS.', $fieldName) + ); + } + } +} diff --git a/Securitytxt/Model/Config/Signature.php b/Securitytxt/Model/Config/Signature.php new file mode 100644 index 00000000..4b604ae3 --- /dev/null +++ b/Securitytxt/Model/Config/Signature.php @@ -0,0 +1,31 @@ + + Read instructions on how to generate signature + "; + } +} diff --git a/Securitytxt/Model/Securitytxt.php b/Securitytxt/Model/Securitytxt.php new file mode 100644 index 00000000..e23329bf --- /dev/null +++ b/Securitytxt/Model/Securitytxt.php @@ -0,0 +1,95 @@ +scopeConfig = $scopeConfig; + $this->escaper = $escaper; + $this->config = $config; + } + + /** + * Get the configuration data for security.txt file + * + * @return string + */ + public function getSecuritytxt(): string + { + $contents = ""; + + $this->addSecurityTxtLine("Contact: mailto:", $this->config->getEmail(), $contents); + $this->addSecurityTxtLine("Contact: tel:", $this->config->getPhone(), $contents); + $this->addSecurityTxtLine("Contact: ", $this->config->getContactPage(), $contents); + $this->addSecurityTxtLine("Encryption: ", $this->config->getEncryption(), $contents); + $this->addSecurityTxtLine("Acknowledgements: ", $this->config->getAcknowledgements(), $contents); + $this->addSecurityTxtLine("Policy: ", $this->config->getPolicy(), $contents); + $this->addSecurityTxtLine("Hiring: ", $this->config->getHiring(), $contents); + $this->addSecurityTxtLine("Preferred-Languages: ", $this->config->getPreferredLanguages(), $contents); + + return $contents; + } + + /** + * Add content line to security.txt + * + * @param string $title + * @param string $content + * @param string $subject + */ + private function addSecurityTxtLine(string $title, string $content, string &$subject): void + { + if (empty($content)) { + return; + } + + $subject .= sprintf("%s%s\n", $title, $this->escaper->escapeHtml($content)); + } + + /** + * Get the signature for the security.txt.sig file + * + * @return string + */ + public function getSecuritytxtsig(): string + { + return $this->escaper->escapeHtml($this->config->getSignature()) ?: ''; + } +} diff --git a/Securitytxt/README.md b/Securitytxt/README.md new file mode 100644 index 00000000..4c4d9ebd --- /dev/null +++ b/Securitytxt/README.md @@ -0,0 +1,31 @@ +# Security.txt + +### Summary +> When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities. + +Source: https://tools.ietf.org/html/draft-foudil-securitytxt-01 + +The Magento_Securitytxt module provides the following functionality: +* allows to save the security configurations in the admin panel +* contains a router to match application action class for requests to the `.well-known/security.txt` and `.well-known/security.txt.sig` files. +* serves the content of the `.well-known/security.txt` and `.well-known/security.txt.sig` files. + +A valid security.txt file could look like the following example: + +``` +Contact: security@example.com +Encryption: https://example.com/pgp.asc +Acknowledgement: https://example.com/security/hall-of-fame +Policy: https://example.com/security-policy.html +Signature: https://example.com/.well-known/security.txt.sig +``` +Security.txt can be accessed at below location: +`https://example.com/.well-known/security.txt` + +To create security.txt signature (security.txt.sig) file: + +`gpg -u KEYID --output security.txt.sig --armor --detach-sig security.txt` + +To verify the security.txt file's signature: + +`gpg --verify security.txt.sig security.txt` \ No newline at end of file diff --git a/Securitytxt/Test/Mftf/ActionGroup/AssertFullSecurityTxtConfigurationActionGroup.xml b/Securitytxt/Test/Mftf/ActionGroup/AssertFullSecurityTxtConfigurationActionGroup.xml new file mode 100644 index 00000000..12fb8218 --- /dev/null +++ b/Securitytxt/Test/Mftf/ActionGroup/AssertFullSecurityTxtConfigurationActionGroup.xml @@ -0,0 +1,31 @@ + + + + + + + Assert security.txt file is rendered as configured. + + + + + + + + + + + + + + + + + + diff --git a/Securitytxt/Test/Mftf/ActionGroup/FillSecurityTxtConfigurationActionGroup.xml b/Securitytxt/Test/Mftf/ActionGroup/FillSecurityTxtConfigurationActionGroup.xml new file mode 100644 index 00000000..14a52f41 --- /dev/null +++ b/Securitytxt/Test/Mftf/ActionGroup/FillSecurityTxtConfigurationActionGroup.xml @@ -0,0 +1,45 @@ + + + + + + + Fill Security.txt system configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtPageActionGroup.xml b/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtPageActionGroup.xml new file mode 100644 index 00000000..90c44c5f --- /dev/null +++ b/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtPageActionGroup.xml @@ -0,0 +1,19 @@ + + + + + + + Navigates browser to security.txt page defined by RFC5785 + + + + + + diff --git a/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtSignaturePageActionGroup.xml b/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtSignaturePageActionGroup.xml new file mode 100644 index 00000000..bb017897 --- /dev/null +++ b/Securitytxt/Test/Mftf/ActionGroup/OpenSecurityTxtSignaturePageActionGroup.xml @@ -0,0 +1,19 @@ + + + + + + + Fill Security.txt system configuration values + + + + + + diff --git a/Securitytxt/Test/Mftf/Data/SecuritytxtConfigData.xml b/Securitytxt/Test/Mftf/Data/SecuritytxtConfigData.xml new file mode 100644 index 00000000..3804a106 --- /dev/null +++ b/Securitytxt/Test/Mftf/Data/SecuritytxtConfigData.xml @@ -0,0 +1,43 @@ + + + + + + magento_securitytxt_securitytxt/general/enabled + 1 + + + magento_securitytxt_securitytxt/general/enabled + 0 + + + Yes + No + security@example.com + +1-555-555-5555 + https://example.com + https://example.com/encryption + https://example.com/acknowledgements + https://example.com/hiring + https://example.com/poliocy + en,es + OpenPGP/Signature + + + magento_securitytxt_securitytxt/contact_information/email + magento_securitytxt_securitytxt/contact_information/phone + magento_securitytxt_securitytxt/contact_information/contact_page + magento_securitytxt_securitytxt/other_information/encryption + magento_securitytxt_securitytxt/other_information/acknowledgements + magento_securitytxt_securitytxt/other_information/hiring + magento_securitytxt_securitytxt/other_information/policy + magento_securitytxt_securitytxt/other_information/preferred_languages + magento_securitytxt_securitytxt/other_information/signature_text + + diff --git a/Securitytxt/Test/Mftf/Data/SecuritytxtPageData.xml b/Securitytxt/Test/Mftf/Data/SecuritytxtPageData.xml new file mode 100644 index 00000000..be1f0f06 --- /dev/null +++ b/Securitytxt/Test/Mftf/Data/SecuritytxtPageData.xml @@ -0,0 +1,17 @@ + + + + + + .well-known/security.txt + + + .well-known/security.txt.sig + + diff --git a/Securitytxt/Test/Mftf/Page/AdminSecurityTxtConfigurationPage.xml b/Securitytxt/Test/Mftf/Page/AdminSecurityTxtConfigurationPage.xml new file mode 100644 index 00000000..cd5462b0 --- /dev/null +++ b/Securitytxt/Test/Mftf/Page/AdminSecurityTxtConfigurationPage.xml @@ -0,0 +1,14 @@ + + + + + +
+ + diff --git a/Securitytxt/Test/Mftf/Section/AdminConfigureSecurityTxtSection.xml b/Securitytxt/Test/Mftf/Section/AdminConfigureSecurityTxtSection.xml new file mode 100644 index 00000000..723fb3b8 --- /dev/null +++ b/Securitytxt/Test/Mftf/Section/AdminConfigureSecurityTxtSection.xml @@ -0,0 +1,33 @@ + + + +
+ + + + + + + + + + + + + + + + + + + + + +
+ diff --git a/Securitytxt/Test/Mftf/Test/RedirectToNotFoundWhenSecurityTxtIsDisabled.xml b/Securitytxt/Test/Mftf/Test/RedirectToNotFoundWhenSecurityTxtIsDisabled.xml new file mode 100644 index 00000000..b0fc6a34 --- /dev/null +++ b/Securitytxt/Test/Mftf/Test/RedirectToNotFoundWhenSecurityTxtIsDisabled.xml @@ -0,0 +1,28 @@ + + + + + + + + + <description value="Security.txt file should redirect to 404 page when extension is disabled."/> + <severity value="CRITICAL"/> + <testCaseId value="SECURITYTXT-1"/> + <group value="securitytxt"/> + </annotations> + <before> + <magentoCLI command="config:set {{DisableSecurityTxt.path}} {{DisableSecurityTxt.value}}" stepKey="disableSecurityTxt"/> + </before> + <actionGroup ref="OpenSecurityTxtPage" stepKey="openSecurityTxt"/> + <see userInput="Whoops, our bad..." stepKey="seeWhoopsForSecurityTxt"/> + <actionGroup ref="OpenSecurityTxtSignaturePage" stepKey="openSecurityTxtSignature"/> + <see userInput="Whoops, our bad..." stepKey="seeWhoopsForSecurityTxtSignature"/> + </test> +</tests> diff --git a/Securitytxt/Test/Mftf/Test/SecurityTxtWithCorrectConfiguration.xml b/Securitytxt/Test/Mftf/Test/SecurityTxtWithCorrectConfiguration.xml new file mode 100644 index 00000000..91df0d85 --- /dev/null +++ b/Securitytxt/Test/Mftf/Test/SecurityTxtWithCorrectConfiguration.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + /** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd"> + <test name="SecurityTxtWithCorrectConfiguration"> + <annotations> + <features value="Security.txt"/> + <stories value="Security.txt extension"/> + <title value="Security.txt should display on frontend as configured."/> + <description value="Security.txt should display on frontend as configured."/> + <severity value="BLOCKER"/> + <testCaseId value="SECURITYTXT-2"/> + <group value="securitytxt"/> + </annotations> + <after> + <magentoCLI command="config:set {{DisableSecurityTxt.path}} {{DisableSecurityTxt.value}}" stepKey="disableSecurityTxt"/> + </after> + + <actionGroup ref="LoginAsAdmin" stepKey="LoginAsAdmin"/> + <actionGroup ref="FillSecurityTxtConfigurationActionGroup" stepKey="fillSecurityTxtConfiguration"/> + <actionGroup ref="AssertFullSecurityTxtConfiguration" stepKey="assertSecurityTxtContent"/> + <actionGroup ref="OpenSecurityTxtSignaturePage" stepKey="openSecurityTxtSignature"/> + <see userInput="{{SecurityTxtConfigurationValue.signature}}" stepKey="seeSecurityTxtSignature"/> + </test> +</tests> diff --git a/Securitytxt/composer.json b/Securitytxt/composer.json new file mode 100644 index 00000000..8d4b5d42 --- /dev/null +++ b/Securitytxt/composer.json @@ -0,0 +1,29 @@ +{ + "name": "magento/module-securitytxt", + "description": "Security.txt file for Magento 2 websites", + "type": "magento2-module", + "require": { + "php": "~7.1.3||~7.2.0||~7.3.0", + "magento/framework": "*", + "magento/module-store": "*", + "magento/module-config": "*" + }, + "authors": [ + { + "name": "Kalpesh Mehta", + "email": "k@lpe.sh" + } + ], + "license": [ + "OSL-3.0", + "AFL-3.0" + ], + "autoload": { + "files": [ + "registration.php" + ], + "psr-4": { + "Magento\\Securitytxt\\": "" + } + } +} diff --git a/Securitytxt/etc/acl.xml b/Securitytxt/etc/acl.xml new file mode 100644 index 00000000..e72ef9c4 --- /dev/null +++ b/Securitytxt/etc/acl.xml @@ -0,0 +1,26 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd"> + <acl> + <resources> + <resource id="Magento_Backend::admin"> + <resource id="Magento_Backend::stores"> + <resource id="Magento_Backend::stores_settings"> + <resource id="Magento_Config::config"> + <resource id="Magento_Securitytxt::config" + title="Securitytxt" + translate="title" + sortOrder="10"/> + </resource> + </resource> + </resource> + </resource> + </resources> + </acl> +</config> \ No newline at end of file diff --git a/Securitytxt/etc/adminhtml/system.xml b/Securitytxt/etc/adminhtml/system.xml new file mode 100644 index 00000000..c636be88 --- /dev/null +++ b/Securitytxt/etc/adminhtml/system.xml @@ -0,0 +1,93 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd"> + <system> + <tab id="security" translate="label" sortOrder="200"> + <label>Security</label> + </tab> + <section id="magento_securitytxt_securitytxt" translate="label" type="text" sortOrder="520" showInDefault="1" + showInWebsite="1" showInStore="1"> + <class>separator-top</class> + <label>Security.txt</label> + <tab>security</tab> + <resource>Magento_Securitytxt::config</resource> + <group id="general" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" + showInStore="1"> + <label>General</label> + <field id="enabled" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="1" + showInStore="1"> + <label>Enable</label> + <source_model>Magento\Config\Model\Config\Source\Yesno</source_model> + </field> + </group> + <group id="contact_information" translate="label" type="text" sortOrder="10" showInDefault="1" + showInWebsite="1" + showInStore="1"> + <label>Contact Information</label> + <field id="email" translate="label comment" type="text" sortOrder="20" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Email</label> + <validate>validate-email</validate> + <backend_model>Magento\Securitytxt\Model\Config\Backend\Validate</backend_model> + </field> + <field id="phone" translate="label comment" type="text" sortOrder="20" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Phone</label> + </field> + <field id="contact_page" translate="label comment" type="text" sortOrder="20" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Contact Page</label> + <validate>validate-url validate-no-html-tags</validate> + <comment>Example: https://example.com/security-contact.html</comment> + </field> + </group> + <group id="other_information" translate="label" type="text" sortOrder="10" showInDefault="1" + showInWebsite="1" + showInStore="1"> + <label>Other Information</label> + <field id="encryption" translate="label comment" type="text" sortOrder="40" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Encryption</label> + <validate>validate-url validate-no-html-tags</validate> + <comment>Example: https://example.com/pgp-key.txt</comment> + </field> + <field id="acknowledgements" translate="label comment" type="text" sortOrder="50" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Acknowledgements</label> + <validate>validate-url validate-no-html-tags</validate> + <comment>Example: https://example.com/hall-of-fame.html</comment> + </field> + <field id="preferred_languages" translate="label comment" type="text" sortOrder="50" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Preferred-Languages</label> + <validate>validate-text validate-no-html-tags</validate> + <comment>Example: en, es, hi, de, fr</comment> + </field> + <field id="hiring" translate="label comment" type="text" sortOrder="50" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Hiring</label> + <validate>validate-url validate-no-html-tags</validate> + <comment>Example: https://example.com/jobs.html</comment> + </field> + <field id="policy" translate="label comment" type="text" sortOrder="60" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Policy</label> + <validate>validate-url validate-no-html-tags</validate> + <comment>Example: https://example.com/security-policy.html</comment> + </field> + <field id="signature_text" translate="label comment" type="textarea" sortOrder="80" showInDefault="1" + showInWebsite="1" showInStore="1"> + <label>Signature</label> + <validate>validate-no-html-tags</validate> + <comment model="Magento\Securitytxt\Model\Config\Signature"/> + </field> + </group> + </section> + </system> +</config> \ No newline at end of file diff --git a/Securitytxt/etc/di.xml b/Securitytxt/etc/di.xml new file mode 100644 index 00000000..19d2a5d1 --- /dev/null +++ b/Securitytxt/etc/di.xml @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd"> + <virtualType name="securitytxtResultPage" type="Magento\Framework\View\Result\Page"> + <arguments> + <argument name="template" xsi:type="string">Magento_Securitytxt::securitytxt.phtml</argument> + </arguments> + </virtualType> + <virtualType name="securitytxtResultPageFactory" type="Magento\Framework\View\Result\PageFactory"> + <arguments> + <argument name="instanceName" xsi:type="string">securitytxtResultPage</argument> + </arguments> + </virtualType> + <type name="Magento\Securitytxt\Controller\Index\Index"> + <arguments> + <argument name="resultPageFactory" xsi:type="object">securitytxtResultPageFactory</argument> + </arguments> + </type> +</config> \ No newline at end of file diff --git a/Securitytxt/etc/frontend/di.xml b/Securitytxt/etc/frontend/di.xml new file mode 100644 index 00000000..36ca7d97 --- /dev/null +++ b/Securitytxt/etc/frontend/di.xml @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd"> + <type name="Magento\Framework\App\RouterList"> + <arguments> + <argument name="routerList" xsi:type="array"> + <item name="securitytxt" xsi:type="array"> + <item name="class" xsi:type="string">Magento\Securitytxt\Controller\Router</item> + <item name="disable" xsi:type="boolean">false</item> + <item name="sortOrder" xsi:type="string">10</item> + </item> + </argument> + </arguments> + </type> +</config> \ No newline at end of file diff --git a/Securitytxt/etc/frontend/routes.xml b/Securitytxt/etc/frontend/routes.xml new file mode 100644 index 00000000..e2cfd519 --- /dev/null +++ b/Securitytxt/etc/frontend/routes.xml @@ -0,0 +1,15 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:framework:App/etc/routes.xsd"> + <router id="standard"> + <route id="securitytxt" frontName="securitytxt"> + <module name="Magento_Securitytxt"/> + </route> + </router> +</config> \ No newline at end of file diff --git a/Securitytxt/etc/module.xml b/Securitytxt/etc/module.xml new file mode 100644 index 00000000..80561d37 --- /dev/null +++ b/Securitytxt/etc/module.xml @@ -0,0 +1,15 @@ +<?xml version="1.0"?> +<!-- +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ +--> +<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd"> + <module name="Magento_Securitytxt" setup_version="1.0.0"> + <sequence> + <module name="Magento_Store"/> + </sequence> + </module> +</config> \ No newline at end of file diff --git a/Securitytxt/i18n/en_US.csv b/Securitytxt/i18n/en_US.csv new file mode 100644 index 00000000..e3062d2c --- /dev/null +++ b/Securitytxt/i18n/en_US.csv @@ -0,0 +1,29 @@ +"At least one contact information is required.","At least one contact information is required." +"Contact Information: Email validation failed. Please enter in correct format.","Contact Information: Email validation failed. Please enter in correct format." +"Contact Information: Contact Page URL should be in correct format and must start with HTTPS.","Contact Information: Contact Page URL should be in correct format and must start with HTTPS." +"Other Information: Encryption URL should be in correct format and must start with HTTPS.","Other Information: Encryption URL should be in correct format and must start with HTTPS." +"Other Information: Acknowledgements URL should be in correct format and must start with HTTPS.","Other Information: Acknowledgements URL should be in correct format and must start with HTTPS." +"Other Information: Hiring URL should be in correct format and must start with HTTPS.","Other Information: Hiring URL should be in correct format and must start with HTTPS." +"Other Information: Policy URL should be in correct format and must start with HTTPS.","Other Information: Policy URL should be in correct format and must start with HTTPS." +Securitytxt,Securitytxt +Security,Security +Security.txt,Security.txt +General,General +Enable,Enable +"Contact Information","Contact Information" +Email,Email +Phone,Phone +"Contact Page","Contact Page" +"Example: https://example.com/security-contact.html","Example: https://example.com/security-contact.html" +"Other Information","Other Information" +Encryption,Encryption +"Example: https://example.com/pgp-key.txt","Example: https://example.com/pgp-key.txt" +Acknowledgements,Acknowledgements +"Example: https://example.com/hall-of-fame.html","Example: https://example.com/hall-of-fame.html" +Preferred-Languages,Preferred-Languages +"Example: en, es, hi, de, fr","Example: en, es, hi, de, fr" +Hiring,Hiring +"Example: https://example.com/jobs.html","Example: https://example.com/jobs.html" +Policy,Policy +"Example: https://example.com/security-policy.html","Example: https://example.com/security-policy.html" +Signature,Signature \ No newline at end of file diff --git a/Securitytxt/registration.php b/Securitytxt/registration.php new file mode 100644 index 00000000..8ed7af62 --- /dev/null +++ b/Securitytxt/registration.php @@ -0,0 +1,13 @@ +<?php +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ + +use \Magento\Framework\Component\ComponentRegistrar; + +ComponentRegistrar::register( + ComponentRegistrar::MODULE, + 'Magento_Securitytxt', + __DIR__ +); diff --git a/_metapackage/composer.json b/_metapackage/composer.json index adcdb253..6355ad33 100644 --- a/_metapackage/composer.json +++ b/_metapackage/composer.json @@ -22,6 +22,7 @@ "magento/module-notifier-telegram-adapter-admin-ui": "*", "magento/module-notifier-template": "*", "magento/module-notifier-template-admin-ui": "*", - "magento/module-notifier-template-api": "*" + "magento/module-notifier-template-api": "*", + "magento/module-securitytxt": "*" } }