Onderhouds- en bugfixrelease van Internet.nl

4 april 2022
Vanaf vandaag kunt u gebruik maken van een nieuwe, verbeterde versie van Internet.nl. In deze nieuwe versie is de onderliggende, hergebruikte software geüpgraded. Ook zijn er verbeteringen aan de documentatie en softwarecode doorgevoerd.

Sneller, stabieler en accurater

De verbeteringen maken Internet.nl stabieler en sneller. Bovendien kunnen andere ontwikkelaars de Internet.nl-software eenvoudiger zelf installeren of code bijdragen aan het project. Tot slot is er een klein aantal inhoudelijke wijzigingen en bugfixes geïmplementeerd waardoor de testen en begeleidende teksten accurater zijn.

Over Internet.nl

De testtool Internet.nl is een initiatief van het Platform Internetstandaarden, een samenwerkingsverband van partijen uit de Internetgemeenschap en de Nederlandse overheid. Het doel van het platform is om gezamenlijk het gebruik van moderne internetstandaarden verder te vergroten om daarmee het internet voor iedereen toegankelijker, veiliger en betrouwbaarder te maken. De softwarecode van Internet.nl is online beschikbaar onder een open source licentie.


Release notes 1.4.0

Software update and development & documentation release.

New

  • Mention LinkedIn next to Twitter in footer [(#496)]
  • Add security.txt based on https://securitytxt.org/ [(#493)]

Changes

  • Improve description of the ipv4-ipv6 comparison results and what may be a reason for the differences [(#540)]
  • Refer to https://dutchcloudcommunity.nl/ on https://internet.nl/about/ [(#589)]
  • Check for max of 10 DNS lookups in SPF test [(#286)]
  • System administrators can disable/enable categories of tests (for example, only run IPv6 tests)
  • Files from the /static/ directory are now cached by the client for one day by default (instead of none)

Bugfixes

  • Fix some minor typos and broken link [(#574)] [(#575)]
  • Add a missing ' in the frame-ancestors explanation [(#578)]
  • An empty part of Content Security Policy gives an error [(#583)]
  • Recursion error when stripping nonces in IPv4 and IPv6 comparison [(#587)]
  • Remove certificate from the certificate chain in the shipped cert chain file [(#614)]

Dependencies

  • Update Django version to latest LTS version, together with dependencies [(#486)]
  • Update version of Celery to the latest LTS version, together with dependencies [(#586)]
  • Updated jQuery (also stops support for very old browsers) [(#565)]
  • Pinned all dependencies on specific versions with pip-tools.

Settings

  • Moved Django settings to an environment file, so it can be more easily configured in automated environments (containers)
  • Made a clear distinction between user confgured settings and 'standard app settings'
  • Add DEFAULT_AUTO_FIELD to default config file [(#599)]
  • Increased the test duration 50%-100% for all tests on single mode, to deal with slow servers or servers that have a lot of MX records.
  • Made the rate limiting feature of starting new scans configurable in the settings (not via environment)

Migrations

  • Administrative movements of models to a new subproject (checks).

Development & documentation

  • Added installation steps to makefile for easier installation of the virtual environment and custom python dependencies
  • Added Github action that checks for code linting and runs tests. More QA tools to come.
  • Added various tests and moved the existing tests to be run in pytest. Coverage today: 32%
  • Added a partial admin web interface that is available during development, to more easily inspect the contents of the database
  • Added an ERD diagram image of the database to the documentation
  • Removed infinite wait on Unbound pipe, to reduce complexity in the connection leakage issue (see ahead)
  • Added example and usable configuration examples for Redis, workers, services, Apache etc
  • Added a logger with dictconfig, this allows run time logging of the application
  • Added (debug) log statements for further code inspection, especially on expiring tasks
  • Separate scanning code from UI code via a new django app "checks"
  • Added workaround / configs for Redis-backend-connection leak [(#676)] on single scan mode. Cron settings and some bash scripts that restart the scan services every 6 hours. This allows tens of thousands of scans per recycle.
  • Spread out tasks over more dedicated workers to be able to inspect and manage bottlenecks
  • Fixed Django-app bootstrapping, which prevented the app from loading correctly
  • Building and testing for Python 3.7 and 3.10 to transit to the new version
  • Added caching of static files in the apache config
  • Simplified and deduplicated the apache config