Merge branch 'master' into pending-tasks

CHANGELOG.unreleased.md

@@ -18,6 +18,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 - Added a search feature for segments and segment groups. Listed segments/groups can be searched by id and name. [#7175](https://github.com/scalableminds/webknossos/pull/7175)
 - Added support for transformations with thin plate splines. [#7131](https://github.com/scalableminds/webknossos/pull/7131)
 - WEBKNOSSOS can now read S3 remote dataset credentials from environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_KEY`. Those will be used, if available, when accessing remote datasets for which no explicit credentials are supplied. [#7170](https://github.com/scalableminds/webknossos/pull/7170)
+- Added security.txt according to [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116). The content is configurable and it can be disabled. [#7182](https://github.com/scalableminds/webknossos/pull/7182)
 
 ### Changed
 - Redesigned the info tab in the right-hand sidebar to be fit the new branding and design language. [#7110](https://github.com/scalableminds/webknossos/pull/7110)

app/RequestHandler.scala

@@ -30,7 +30,7 @@ class RequestHandler @Inject()(webCommands: WebCommands,
     with LazyLogging {
 
   override def routeRequest(request: RequestHeader): Option[Handler] =
-    if (request.uri.matches("^(/api/|/data/|/tracings/|/swagger).*$")) {
+    if (request.uri.matches("^(/api/|/data/|/tracings/|/swagger/|/\\.well-known/).*$")) {
       super.routeRequest(request)
     } else if (request.uri.matches("^(/assets/).*$")) {
       val path = request.path.replaceFirst("^(/assets/)", "")

app/controllers/Application.scala

@@ -87,6 +87,14 @@ class Application @Inject()(multiUserDAO: MultiUserDAO,
     } yield Ok
   }
 
+  def getSecurityTxt: Action[AnyContent] = Action {
+    addNoCacheHeaderFallback(if (conf.WebKnossos.SecurityTxt.enabled) {
+      Ok(conf.WebKnossos.SecurityTxt.content)
+    } else {
+      NotFound
+    })
+  }
+
 }
 
 class ReleaseInformationDAO @Inject()(sqlClient: SqlClient)(implicit ec: ExecutionContext)

app/utils/WkConf.scala

@@ -81,6 +81,11 @@ class WkConf @Inject()(configuration: Configuration) extends ConfigReader with L
       val version: Int = get[Int]("webKnossos.termsOfService.version")
     }
 
+    object SecurityTxt {
+      val enabled: Boolean = get[Boolean]("webKnossos.securityTxt.enabled")
+      val content: String = get[String]("webKnossos.securityTxt.content")
+    }
+
     val operatorData: String = get[String]("webKnossos.operatorData")
     val children = List(User, Tasks, Cache, SampleOrganization, FetchUsedStorage, TermsOfService)
   }

conf/application.conf

@@ -99,6 +99,13 @@ webKnossos {
     acceptanceDeadline = "2023-01-01T00:00:00Z"
     version = 1
   }
+  securityTxt {
+    enabled = true
+    content ="""Contact: https://github.com/scalableminds/webknossos/security/advisories/new
+Expires: 2024-07-03T10:00:00.000Z
+Preferred-Languages: en,de
+    """
+  }
 }
 
 singleSignOn {

conf/noDS.noTS.routes

@@ -1,3 +1,4 @@
--> /api/      webknossos.versioned.Routes
+-> /api/                         webknossos.versioned.Routes
 
-GET  /swagger.json  controllers.ApiHelpController.getResources
+GET   /swagger.json              controllers.ApiHelpController.getResources
+GET   /.well-known/security.txt  controllers.Application.getSecurityTxt

conf/noDS.routes

@@ -1,4 +1,5 @@
--> /api/      webknossos.versioned.Routes
--> /tracings/ com.scalableminds.webknossos.tracingstore.Routes
+-> /api/                         webknossos.versioned.Routes
+-> /tracings/                    com.scalableminds.webknossos.tracingstore.Routes
 
-GET  /swagger.json  controllers.ApiHelpController.getResources
+GET   /swagger.json              controllers.ApiHelpController.getResources
+GET   /.well-known/security.txt  controllers.Application.getSecurityTxt

conf/noTS.routes

@@ -1,4 +1,5 @@
--> /api/      webknossos.versioned.Routes
--> /data/     com.scalableminds.webknossos.datastore.Routes
+-> /api/                         webknossos.versioned.Routes
+-> /data/                        com.scalableminds.webknossos.datastore.Routes
 
-GET  /swagger.json  controllers.ApiHelpController.getResources
+GET   /swagger.json              controllers.ApiHelpController.getResources
+GET   /.well-known/security.txt  controllers.Application.getSecurityTxt

conf/routes

@@ -1,5 +1,6 @@
--> /api/             webknossos.versioned.Routes
--> /data/            com.scalableminds.webknossos.datastore.Routes
--> /tracings/        com.scalableminds.webknossos.tracingstore.Routes
+-> /api/                         webknossos.versioned.Routes
+-> /data/                        com.scalableminds.webknossos.datastore.Routes
+-> /tracings/                    com.scalableminds.webknossos.tracingstore.Routes
 
-GET   /swagger.json  controllers.ApiHelpController.getResources
+GET   /swagger.json              controllers.ApiHelpController.getResources
+GET   /.well-known/security.txt  controllers.Application.getSecurityTxt