alexAubin
commented
5 years ago PR got merged ... I'm gonna keep this issue opened because we might want to find a way to have a more accurate way of analyzing the nginx conf file, there are too many clumsy / bold assumptions right now.
c.f. https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/
When using an
aliasdirectirve, nginx.conf should follow https://github.com/YunoHost/example_ynh/blob/master/conf/nginx.conf (in particular the first two lines)