# Network Security Audit - 20251123-092514
== Listening Ports (if containers running) ==

== TLS/SSL Configuration ==
/home/administrator/projects/coppertone.tech/frontend/nginx.conf:19:    # Note: Add Strict-Transport-Security when serving over HTTPS
/home/administrator/projects/coppertone.tech/frontend/nginx.conf:23:    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' https://api.qrserver.com; frame-ancestors 'self';" always;
/home/administrator/projects/coppertone.tech/frontend/nginx.conf:35:        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' https://api.qrserver.com; frame-ancestors 'self';" always;
/home/administrator/projects/coppertone.tech/frontend/node_modules/wait-on/.github/workflows/node.js.yml:2:# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
/home/administrator/projects/coppertone.tech/frontend/node_modules/wait-on/.github/workflows/node.js.yml:20:        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
/home/administrator/projects/coppertone.tech/frontend/node_modules/path-browserify/.travis.yml:14:  # Old npm certs are untrusted https://github.com/npm/npm/issues/20191
/home/administrator/projects/coppertone.tech/frontend/node_modules/path-browserify/.travis.yml:15:  - 'if [ "${TRAVIS_NODE_VERSION}" = "0.6" ] || [ "${TRAVIS_NODE_VERSION}" = "0.8" ]; then export NPM_CONFIG_STRICT_SSL=false; fi'
/home/administrator/projects/coppertone.tech/frontend/node_modules/extsprintf/jsl.node.conf:108:# Define certain identifiers of which the lint is not aware.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/extend@3.0.2/node_modules/extend/.travis.yml:19:  - 'case "${TRAVIS_NODE_VERSION}" in 0.*) export NPM_CONFIG_STRICT_SSL=false ;; esac'
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/wait-on@9.0.3_debug@4.4.3/node_modules/wait-on/.github/workflows/node.js.yml:2:# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/wait-on@9.0.3_debug@4.4.3/node_modules/wait-on/.github/workflows/node.js.yml:20:        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/chromium-edge-launcher@0.2.0/node_modules/chromium-edge-launcher/.github/workflows/ci.yml:13:        # awaiting support for 'latest'/'lts'. https://github.com/actions/setup-node/issues/26
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/path-browserify@1.0.1/node_modules/path-browserify/.travis.yml:14:  # Old npm certs are untrusted https://github.com/npm/npm/issues/20191
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/path-browserify@1.0.1/node_modules/path-browserify/.travis.yml:15:  - 'if [ "${TRAVIS_NODE_VERSION}" = "0.6" ] || [ "${TRAVIS_NODE_VERSION}" = "0.8" ]; then export NPM_CONFIG_STRICT_SSL=false; fi'
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/iconv-lite@0.6.3/node_modules/iconv-lite/.github/dependabot.yml:2:# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/extsprintf@1.3.0/node_modules/extsprintf/jsl.node.conf:108:# Define certain identifiers of which the lint is not aware.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/react-native@0.82.1_@babel+core@7.28.5_react@19.2.0/node_modules/react-native/scripts/xcode/ccache.conf:6:# See https://ccache.dev/manual/4.3.html#_configuration_options for details and available options
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/@vue+tsconfig@0.8.1_typescript@5.9.3_vue@3.5.24_typescript@5.9.3_/node_modules/@vue/tsconfig/.github/workflows/publish.yml:21:          registry-url: 'https://registry.npmjs.org'
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/babel-preset-current-node-syntax@1.2.0_@babel+core@7.28.5/node_modules/babel-preset-current-node-syntax/.github/workflows/nodejs.yml:2:# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/sanitize-filename@1.6.3/node_modules/sanitize-filename/.travis.yml:51:    # https://github.com/airtap/airtap/blob/00cfae3f38b59f5ff4001cb5e131964e72ab6f24/bin/airtap.js#L6
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/npm-run-all2@8.0.4/node_modules/npm-run-all2/.github/workflows/release.yml:30:          registry-url: 'https://registry.npmjs.org'
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/chrome-launcher@0.15.2/node_modules/chrome-launcher/.github/workflows/lh-smoke.yml:31:    - run: yarn add --frozen-lockfile --network-timeout 1000000 -D https://github.com/GoogleChrome/lighthouse.git#main
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/npm-run-all2/.github/workflows/release.yml:30:          registry-url: 'https://registry.npmjs.org'
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/@vue/tsconfig/.github/workflows/publish.yml:21:          registry-url: 'https://registry.npmjs.org'
/home/administrator/projects/coppertone.tech/frontend/node_modules/iconv-lite/.github/dependabot.yml:2:# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
/home/administrator/projects/coppertone.tech/frontend/node_modules/extend/.travis.yml:19:  - 'case "${TRAVIS_NODE_VERSION}" in 0.*) export NPM_CONFIG_STRICT_SSL=false ;; esac'
/home/administrator/projects/coppertone.tech/backend/pkg/ipfs/client.go:112:		gateway = "https://ipfs.io"
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:95:	dbSSLMode := strings.TrimSpace(os.Getenv("DB_SSL_MODE"))
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:102:	if dbSSLMode == "" {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:103:		dbSSLMode = "require"

== Internal vs External Services ==
/home/administrator/projects/coppertone.tech/frontend/src/lib/p2pStorage.ts:13:const IPFS_SERVICE_URL = import.meta.env.VITE_IPFS_SERVICE_URL || 'http://localhost:8086'
/home/administrator/projects/coppertone.tech/frontend/src/lib/p2pStorage.ts:14:const IPFS_WS_ADDR = import.meta.env.VITE_IPFS_WS_ADDR || '/ip4/127.0.0.1/tcp/4002/ws'
/home/administrator/projects/coppertone.tech/frontend/cypress.config.ts:6:    baseUrl: 'http://localhost:4173',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/WebSocketSubject.ts:33: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/WebSocketSubject.ts:52: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/WebSocketSubject.ts:73: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/WebSocketSubject.ts:94: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/webSocket.ts:92: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/webSocket.ts:106: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/src/internal/observable/dom/webSocket.ts:126: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/WebSocketSubject.d.ts:29: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/WebSocketSubject.d.ts:48: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/WebSocketSubject.d.ts:69: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/WebSocketSubject.d.ts:90: *   url: 'ws://localhost:8081',
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/webSocket.d.ts:91: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/webSocket.d.ts:105: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/rxjs/dist/types/internal/observable/dom/webSocket.d.ts:125: * const subject = webSocket('ws://localhost:8081');
/home/administrator/projects/coppertone.tech/frontend/node_modules/@csstools/css-color-parser/dist/index.d.ts:90:    /** Rec. 2020, expressed through `color(rec2020 0 0 0)` */
/home/administrator/projects/coppertone.tech/frontend/node_modules/@csstools/css-color-parser/dist/index.d.ts:92:    /** XYZ, expressed through `color(xyz-d50 0 0 0)` */
/home/administrator/projects/coppertone.tech/frontend/node_modules/tough-cookie/dist/permuteDomain.d.ts:13: * @param allowSpecialUseDomain - flag to control if {@link https://www.rfc-editor.org/rfc/rfc6761.html | Special Use Domains} such as `localhost` should be allowed
/home/administrator/projects/coppertone.tech/frontend/node_modules/tough-cookie/dist/getPublicSuffix.d.ts:8:     * be treated as if they were valid public suffixes ('local', 'example', 'invalid', 'localhost', 'test').
/home/administrator/projects/coppertone.tech/frontend/node_modules/tough-cookie/dist/getPublicSuffix.d.ts:11:     * In testing scenarios it's common to configure the cookie store with so that `http://localhost` can be used as a domain:
/home/administrator/projects/coppertone.tech/frontend/node_modules/@jridgewell/sourcemap-codec/src/vlq.ts:32:    value = -0x80000000 | -value;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/convert-hrtime@5.0.0/node_modules/convert-hrtime/index.d.ts:19://=> {seconds: 0.000002399, milliseconds: 0.002399, nanoseconds: 2399n}
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/@helia+block-brokers@4.2.4/node_modules/@helia/block-brokers/src/trustless-gateway/utils.ts:26:    // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost"
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/@helia+block-brokers@4.2.4/node_modules/@helia/block-brokers/src/trustless-gateway/utils.ts:29:      if (host === '127.0.0.1' || host === 'localhost' || host.endsWith('.localhost')) {
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:34056:    readonly SYNC_FLUSH_COMMANDS_BIT: 0x00000001;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:34072:    readonly DEPTH_BUFFER_BIT: 0x00000100;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:34073:    readonly STENCIL_BUFFER_BIT: 0x00000400;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:34074:    readonly COLOR_BUFFER_BIT: 0x00004000;