Merge pull request #568 from fugerit-org/567-chore-add-property-for-security-hardening

fugerit79 · web-flow · commit 16526282e966 · 2025-11-04T20:01:53.000+01:00
feat: new option 'security-hardening' #567
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- new security-hardening property <https://github.com/fugerit-org/fj-doc/issues/567>
+
+### Fixed
+
+- doc-language handling for AsciiDoc handler
+
 ## [8.17.2] - 2025-10-31
 
 ### Added
diff --git a/docs/html/doc_meta_info.html b/docs/html/doc_meta_info.html
@@ -347,6 +347,29 @@ <h2  style="font-weight: bold;">Properties for generic metadata</h2>
 				<td id="cell_15_4"  style=" width: 5%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
 		<p>8.15.0</p>
 				</td>
+		</tr>				
+		<tr>
+				<td id="cell_16_0"  style=" width: 20%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
+		<span  id="security-hardening"></span>
+		<p style="font-style: italic;">security-hardening</p>
+				</td>
+				<td id="cell_16_1"  style=" width: 40%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
+		<p>If set to '0' (default) nothing change.
+              Different values represents the hardening level.
+                Currently supported values :
+                    '1' - Library version will not be shown in metadata.
+                    'max' - Maximum available level (currently equals '1')
+                    </p>
+				</td>
+				<td id="cell_16_2"  style=" width: 25%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
+		<p></p>
+				</td>
+				<td id="cell_16_3"  style=" width: 10%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
+		<p></p>
+				</td>
+				<td id="cell_16_4"  style=" width: 5%; border-top: 1px solid black; border-bottom: 1px solid black; border-left: 1px solid black; border-right: 1px solid black; padding: 2px;">
+		<p>8.17.3</p>
+				</td>
 		</tr>				
 				</tbody>
 		</table>
diff --git a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/config/VenusVersion.java b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/config/VenusVersion.java
@@ -13,10 +13,12 @@ private VenusVersion() {}
 
     public static final String NOT_AVAILABLE = "NA";
 
-    public static final String VENUS_CREATOR = String.format( "%s (https://github.com/fugerit-org/fj-doc)", DocConfig.FUGERIT_VENUS_DOC );
+    public static final String VENUS_CREATOR = String.format( "%s (https://venusdocs.fugerit.org)", DocConfig.FUGERIT_VENUS_DOC );
 
     public static final String VENUS_PRODUCER_FORMAT = "%s (%s) over %s (%s)";
 
+    public static final String VENUS_PRODUCER_FORMAT_SH1 = "%s over %s";
+
     public static Optional<String> getFjDocCoreVersion() {
         return getFjDocModuleVersion( FJ_DOC_BASE_ARTIFACT_ID );
     }
diff --git a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/GenericConsts.java b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/GenericConsts.java
@@ -212,6 +212,36 @@ private GenericConsts() {}
 	 */
 	public static final String DOC_TABLE_CHECK_INTEGRITY = "table-check-integrity";
 
+    /**
+     * <a href="https://venusdocs.fugerit.org/docs/html/doc_meta_info.html#security-hardening">See 'security-hardening' documentation.</a>
+     */
+    public static final String SECURITY_HARDENING = "security-hardening";
+
+    /**
+     * This value disable security hardening (default)
+     */
+    public static final String SECURITY_HARDENING_DISABLED = String.valueOf( SecurityHardeningConsts.SECURITY_HARDENING_DISABLED );
+
+    /**
+     * Security hardening level 1
+     */
+    public static final String SECURITY_HARDENING_1 = String.valueOf( SecurityHardeningConsts.SECURITY_HARDENING_1 );
+
+    /**
+     * Security hardening level max (currently same as 1)
+     */
+    public static final String SECURITY_HARDENING_MAX = "max";
+
+    /**
+     * Security hardening level mapping to max (currently 1)
+     */
+    public static final String SECURITY_HARDENING_CURRENT_MAX = SECURITY_HARDENING_1;
+
+    /**
+     * Default security hardening option (0 - disabled)
+     */
+    public static final String SECURITY_HARDENING_DEFAULT = SECURITY_HARDENING_DISABLED;
+
 	public static final boolean FAIL_WHEN_ELEMENT_NOT_FOUND_DEFAULT = Boolean.FALSE;
 	
 }
diff --git a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/SecurityHardeningConsts.java b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/SecurityHardeningConsts.java
@@ -0,0 +1,12 @@
+package org.fugerit.java.doc.base.typehelper.generic;
+
+public class SecurityHardeningConsts {
+
+    private SecurityHardeningConsts() {}
+
+    public static final int SECURITY_HARDENING_DISABLED = 0;
+
+    public static final int SECURITY_HARDENING_1 = 1;
+
+
+}
diff --git a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/SecurityHardeningUtil.java b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/SecurityHardeningUtil.java
@@ -0,0 +1,49 @@
+package org.fugerit.java.doc.base.typehelper.generic;
+
+import lombok.extern.slf4j.Slf4j;
+import org.fugerit.java.doc.base.model.DocBase;
+
+import java.util.function.Supplier;
+
+@Slf4j
+public class SecurityHardeningUtil {
+
+    private SecurityHardeningUtil() {}
+
+    private static String resolveSecurityHardeningInfo( String securityHardeningInfo ) {
+        if ( GenericConsts.SECURITY_HARDENING_MAX.equalsIgnoreCase( securityHardeningInfo ) ) {
+            return GenericConsts.SECURITY_HARDENING_CURRENT_MAX;
+        } else {
+            return securityHardeningInfo;
+        }
+    }
+
+    public static int findCurrentValue( DocBase docBase ) {
+        return findCurrentValue( docBase.getStableInfo().getProperty(GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_DEFAULT) );
+    }
+
+    public static int findCurrentValue( String securityHardeningInfo ) {
+        String securityHardening = resolveSecurityHardeningInfo( securityHardeningInfo );
+        log.debug( "securityHardening : {}", securityHardening );
+        try {
+            return Integer.parseInt(securityHardening);
+        } catch (NumberFormatException nfe) {
+            log.warn( "failed to check option {} - {}", GenericConsts.SECURITY_HARDENING, nfe.getMessage() );
+        }
+        return SecurityHardeningConsts.SECURITY_HARDENING_DISABLED;
+    }
+
+    public static <T> T applyHardening( DocBase docBase, int minimumSecurityHardening, Supplier<T> securityHardening, Supplier<T> noSecurityHardening) {
+        return applyHardening( docBase.getStableInfo().getProperty(GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_DEFAULT), minimumSecurityHardening, securityHardening, noSecurityHardening );
+    }
+
+    public static <T> T applyHardening( String securityHardeningInfo, int minimumSecurityHardening, Supplier<T> securityHardening, Supplier<T> noSecurityHardening) {
+        int valueSecurityHardening = SecurityHardeningUtil.findCurrentValue( securityHardeningInfo );
+        if ( valueSecurityHardening >= minimumSecurityHardening) {
+            return securityHardening.get();
+        } else {
+            return noSecurityHardening.get();
+        }
+    }
+
+}
diff --git a/fj-doc-base/src/test/java/test/org/fugerit/java/doc/base/typehelper/generic/TestSecurityHardeningUtil.java b/fj-doc-base/src/test/java/test/org/fugerit/java/doc/base/typehelper/generic/TestSecurityHardeningUtil.java
@@ -0,0 +1,64 @@
+package test.org.fugerit.java.doc.base.typehelper.generic;
+
+import org.fugerit.java.doc.base.model.DocBase;
+import org.fugerit.java.doc.base.typehelper.generic.GenericConsts;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningConsts;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningUtil;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class TestSecurityHardeningUtil {
+
+    @Test
+    void testDefault() {
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_DISABLED, SecurityHardeningUtil.findCurrentValue( (String)null ) );
+    }
+
+    @Test
+    void testDisabled() {
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_DISABLED, SecurityHardeningUtil.findCurrentValue(GenericConsts.SECURITY_HARDENING_DISABLED) );
+    }
+
+    @Test
+    void testSH1() {
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_1, SecurityHardeningUtil.findCurrentValue(GenericConsts.SECURITY_HARDENING_1) );
+    }
+
+    @Test
+    void testSHMax() {
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_1, SecurityHardeningUtil.findCurrentValue(GenericConsts.SECURITY_HARDENING_MAX) );
+    }
+
+    @Test
+    void testSHNumberFormatExceptionSetToDefault() {
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_DISABLED, SecurityHardeningUtil.findCurrentValue( "not-a-number" ) );
+    }
+
+    @Test
+    void testDocBase() {
+        DocBase docBase = new DocBase();
+        docBase.getStableInfoSafe().setProperty( GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_1);
+        Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_1, SecurityHardeningUtil.findCurrentValue( docBase ) );
+    }
+
+    private static final String YES = "YES";
+
+    private static final String NO = "NO";
+
+    @Test
+    void testApplyNoSecurityHardening() {
+        DocBase docBase = new DocBase();
+        docBase.getStableInfoSafe().setProperty( GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_DISABLED );
+        String result = SecurityHardeningUtil.applyHardening( docBase, SecurityHardeningConsts.SECURITY_HARDENING_1, () -> YES, () -> NO );
+        Assertions.assertEquals( NO, result );
+    }
+
+    @Test
+    void testApplySecurityHardening() {
+        DocBase docBase = new DocBase();
+        docBase.getStableInfoSafe().setProperty( GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_1 );
+        String result = SecurityHardeningUtil.applyHardening( GenericConsts.SECURITY_HARDENING_1 , SecurityHardeningConsts.SECURITY_HARDENING_1, () -> YES, () -> NO );
+        Assertions.assertEquals( YES, result );
+    }
+
+}
diff --git a/fj-doc-freemarker/src/main/resources/fj_doc_freemarker_config/template/asciidoc.ftl b/fj-doc-freemarker/src/main/resources/fj_doc_freemarker_config/template/asciidoc.ftl
@@ -2,7 +2,9 @@
 <#if (docBase.infoDocTitle)??>= ${docBase.infoDocTitle}</#if>
 <#if (docBase.infoDocAuthor)??>${docBase.infoDocAuthor}</#if>
 <#if (docBase.infoDocSubject)??>:description: ${docBase.infoDocSubject}</#if>
-<#if (docBase.infoDocSubject)??>:lang: ${docBase.infoDocLanguage}</#if>
+<#if (docBase.infoDocLanguage)??>:lang: ${docBase.infoDocLanguage}</#if>
+<#if (docBase.infoDocProducer)??>:generator: ${docBase.infoDocProducer}<#else>:generator: Venus Fugerit Doc over Apache FreeMarker</#if>
+<#if (docBase.infoDocCreator)??>:created-by: ${docBase.infoDocCreator}<#else>:created-by: Venus Fugerit Doc (https://venusdocs.fugerit.org)</#if>
 
 <#list docBase.docBody.elementList as item>
 	<@doc_element.handleElement current=item/>
diff --git a/fj-doc-freemarker/src/main/resources/fj_doc_freemarker_config/template/html_doc.ftl b/fj-doc-freemarker/src/main/resources/fj_doc_freemarker_config/template/html_doc.ftl
@@ -13,8 +13,10 @@
 		<#if (docBase.stableInfo['html-charset'])??><meta charset="${docBase.stableInfo['html-charset']}"></#if>
 		<#if (docBase.infoDocAuthor)??><meta name="author" content="${docBase.infoDocAuthor}"/></#if>
 		<#if (docBase.infoDocSubject)??><meta name="description" content="${docBase.infoDocSubject}"/></#if>
-		<#if (docBase.infoDocLanguage)??><meta http-equiv="content-language" content="${docBase.infoDocLanguage}"/></#if>		
-		<meta name="doc-version-compatibility" content="${comp}"/>
+		<#if (docBase.infoDocLanguage)??><meta http-equiv="content-language" content="${docBase.infoDocLanguage}"/></#if>
+        <#if (docBase.infoDocProducer)??><meta http-equiv="generator" content="${docBase.infoDocProducer}"/><#else><meta http-equiv="generator" content="Venus Fugerit Doc over Apache FreeMarker"/></#if>
+        <#if (docBase.infoDocCreator)??><meta http-equiv="created-by" content="${docBase.infoDocCreator}"/><#else><meta http-equiv="created-by" content="Venus Fugerit Doc (https://venusdocs.fugerit.org)"/></#if>
+        <meta name="doc-version-compatibility" content="${comp}"/>
 		${docBase.stableInfo['html-add-to-head']!''}
 		<#if (docBase.stableInfo['html-css-style'])??>
 		<style type="text/css">
diff --git a/fj-doc-freemarker/src/test/resources/coverage/xml/asciidoc.xml b/fj-doc-freemarker/src/test/resources/coverage/xml/asciidoc.xml
@@ -13,6 +13,8 @@
 	<info name="doc-subject">fj doc venus sample source xml</info>
 	<info name="doc-author">fugerit79</info>
 	<info name="doc-language">en</info>
+      <info name="doc-producer">My AsciiDoc producer</info>
+      <info name="doc-creator">My AsciiDoc creator</info>
 	<!-- additional properties -->
 	<info name="set-total-page">true</info>
 	<info name="html-css-link">/css/test.css</info>
diff --git a/fj-doc-guide/src/main/docs/asciidoc/chapters/00_2_release_notes.adoc b/fj-doc-guide/src/main/docs/asciidoc/chapters/00_2_release_notes.adoc
@@ -6,6 +6,8 @@ Whereas the link:https://github.com/fugerit-org/fj-doc/blob/main/CHANGELOG.md[CH
 [#doc-release-notes-unreleased]
 ==== Unreleased
 
+- new security-hardening property link:https://github.com/fugerit-org/fj-doc/issues/567[#567]
+
 [#doc-release-notes-8-17-2]
 ==== Version 8.17.2 [2025-10-31]
 
diff --git a/fj-doc-guide/src/main/docs/asciidoc/chapters/03_4_doc_format_info.adoc b/fj-doc-guide/src/main/docs/asciidoc/chapters/03_4_doc_format_info.adoc
@@ -38,3 +38,26 @@ Some DocHandler will ignore some info elements.
 
 </doc>
 ----
+
+[#doc-format-entry-point-info-security-hardening]
+==== Security hardening property
+
+The _security-hardening_ property allows setting security hardening level.
+
+Available values are
+
+[cols="2*", options="header"]
+|====================================================================================================================================
+
+| value      | description
+
+| 0
+| the default value, nothing changes
+
+| 1
+| minimum metadata are set, for instance in PDF producer library version is not shown
+
+| max
+| the maximum level available, currently the same as 1
+
+|====================================================================================================================================
diff --git a/fj-doc-lib-autodoc/src/test/resources/docs/meta_xml/adm_standard_meta_info.xml b/fj-doc-lib-autodoc/src/test/resources/docs/meta_xml/adm_standard_meta_info.xml
@@ -224,6 +224,17 @@
       <admeta:supportedType>all</admeta:supportedType>
       <admeta:supportedHandler>all</admeta:supportedHandler>
     </admeta:admMetaInfo>
+      <admeta:admMetaInfo>
+          <admeta:name>security-hardening</admeta:name>
+          <admeta:description>If set to '0' (default) nothing change.
+              Different values represents the hardening level.
+                Currently supported values :
+                    '1' - Library version will not be shown in metadata.
+                    'max' - Maximum available level (currently equals '1')
+                    </admeta:description>
+          <admeta:since>8.17.3</admeta:since>
+          <admeta:supportedType>all</admeta:supportedType>
+      </admeta:admMetaInfo>
   </admeta:admSection>
 
   <admeta:admSection>
diff --git a/fj-doc-mod-fop/src/main/java/org/fugerit/java/doc/mod/fop/PdfFopTypeHandler.java b/fj-doc-mod-fop/src/main/java/org/fugerit/java/doc/mod/fop/PdfFopTypeHandler.java
@@ -27,6 +27,8 @@
 import org.fugerit.java.core.xml.dom.DOMUtils;
 import org.fugerit.java.doc.base.config.*;
 import org.fugerit.java.doc.base.model.DocBase;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningConsts;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningUtil;
 import org.fugerit.java.doc.mod.fop.config.FopConfigClassLoaderWrapper;
 import org.fugerit.java.doc.mod.fop.utils.ConfigUtils;
 import org.fugerit.java.doc.mod.fop.utils.FopHelperConstants;
@@ -132,7 +134,21 @@ private static String getApacheFOPVersion() {
 		return MavenProps.getProperty( "org.apache.xmlgraphics", "fop", MavenProps.VERSION );
 	}
 
-	private static final String PRODUCER_DEFAULT = String.format( VenusVersion.VENUS_PRODUCER_FORMAT, DocConfig.FUGERIT_VENUS_DOC , getModuleVersion() , "Apache FOP", getApacheFOPVersion() );
+    private static final String PRODUCER_OVER = "Apache FOP";
+
+    /**
+     * Default producer
+     */
+	private static final String PRODUCER_DEFAULT = String.format( VenusVersion.VENUS_PRODUCER_FORMAT, DocConfig.FUGERIT_VENUS_DOC , getModuleVersion() , PRODUCER_OVER, getApacheFOPVersion() );
+
+    /**
+     * Security hardened producer
+     */
+    private static final String PRODUCER_DEFAULT_SH1 = String.format( VenusVersion.VENUS_PRODUCER_FORMAT_SH1, DocConfig.FUGERIT_VENUS_DOC , PRODUCER_OVER );
+
+    private String findDefaultProducer( DocBase docBase ) {
+        return SecurityHardeningUtil.applyHardening( docBase, SecurityHardeningConsts.SECURITY_HARDENING_1, () -> PRODUCER_DEFAULT_SH1, () -> PRODUCER_DEFAULT );
+    }
 
 	public PdfFopTypeHandler( Charset charset, FopConfig fopConfig, boolean accessibility, boolean keepEmptyTags ) {
 		super( DocConfig.TYPE_PDF, charset );
@@ -225,7 +241,7 @@ private void xsltDebugCheck( DocBase docBase, byte[] xslContent, Transformer tra
     }
 
     private void setupMetadata( DocBase docBase, FOUserAgent foUserAgent ) {
-        foUserAgent.setProducer( StringUtils.valueWithDefault( docBase.getInfoDocProducer(), PRODUCER_DEFAULT ) );
+        foUserAgent.setProducer( StringUtils.valueWithDefault( docBase.getInfoDocProducer(), findDefaultProducer( docBase ) ) );
         foUserAgent.setCreator( StringUtils.valueWithDefault( docBase.getInfoDocCreator(), VenusVersion.VENUS_CREATOR  ) );
     }
 
diff --git a/fj-doc-mod-fop/src/test/java/test/org/fugerit/java/doc/mod/fop/TestSecurityHardening.java b/fj-doc-mod-fop/src/test/java/test/org/fugerit/java/doc/mod/fop/TestSecurityHardening.java
@@ -0,0 +1,46 @@
+package test.org.fugerit.java.doc.mod.fop;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDDocumentInformation;
+import org.fugerit.java.core.lang.helpers.ClassHelper;
+import org.fugerit.java.doc.base.config.DocInput;
+import org.fugerit.java.doc.base.config.DocOutput;
+import org.fugerit.java.doc.base.config.DocTypeHandler;
+import org.fugerit.java.doc.mod.fop.PdfFopTypeHandler;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import test.org.fugerit.java.BasicTest;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+
+@Slf4j
+class TestSecurityHardening extends BasicTest {
+
+    private static final String TEST_PRODUCER = "Venus Fugerit Doc over Apache FOP";
+
+    private static final String TEST_CREATOR = "Venus Fugerit Doc (https://venusdocs.fugerit.org)";
+
+	@Test
+	void testSecurityHardening() throws Exception {
+		DocTypeHandler handler = PdfFopTypeHandler.HANDLER;
+		String fileName = "doc_security_hardening_1";
+		File outputFile = new File( String.format( "target/%s.%s", fileName, handler.getType() ) );
+		try ( InputStreamReader reader = new InputStreamReader( ClassHelper.loadFromDefaultClassLoader(  String.format( "sample/%s.xml", fileName ) ) );
+			  FileOutputStream fos = new FileOutputStream( outputFile ) ) {
+			handler.handle( DocInput.newInput( handler.getType(), reader ) , DocOutput.newOutput( fos ) );
+			log.info( "file {}", outputFile.getCanonicalFile() );
+		}
+        try (PDDocument document = PDDocument.load(outputFile)) {
+            PDDocumentInformation info = document.getDocumentInformation();
+            String producer = info.getProducer();
+            String creator = info.getCreator();
+            log.info( "producer : {}, creator : {}", producer, creator );
+            Assertions.assertEquals( TEST_PRODUCER, producer );
+            Assertions.assertEquals( TEST_CREATOR, creator );
+        }
+	}
+	
+}
diff --git a/fj-doc-mod-fop/src/test/resources/sample/doc_security_hardening_1.xml b/fj-doc-mod-fop/src/test/resources/sample/doc_security_hardening_1.xml
diff --git a/fj-doc-mod-openpdf-ext/src/main/java/org/fugerit/java/doc/mod/openpdf/ext/helpers/DocumentMetaHelper.java b/fj-doc-mod-openpdf-ext/src/main/java/org/fugerit/java/doc/mod/openpdf/ext/helpers/DocumentMetaHelper.java
diff --git a/fj-doc-mod-openpdf-ext/src/test/java/test/org/fugerit/java/doc/mod/openpdf/ext/TestSecurityHardeningOpenPDF.java b/fj-doc-mod-openpdf-ext/src/test/java/test/org/fugerit/java/doc/mod/openpdf/ext/TestSecurityHardeningOpenPDF.java
diff --git a/fj-doc-mod-openpdf-ext/src/test/resources/xml/doc_security_hardening_1.xml b/fj-doc-mod-openpdf-ext/src/test/resources/xml/doc_security_hardening_1.xml
