From 31b2a83bed6c55a937cdeee5111f2d1a8624807a Mon Sep 17 00:00:00 2001
From: Joshua Reed <11220408+jreed1701@users.noreply.github.com>
Date: Wed, 3 Jan 2024 15:52:03 -0700
Subject: [PATCH] Eliminate security vulnerabilty and disable debug /console
 endpoint.

---
 application/config/config.py | 4 ++--
 application/gui/launch.py    | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/application/config/config.py b/application/config/config.py
index 4083e6d..25db1c7 100644
--- a/application/config/config.py
+++ b/application/config/config.py
@@ -19,8 +19,8 @@ class DefaultConfig:
         DEFAULT_INSTALL_PATH = f"/usr/local/share/{APP_NAME}"
 
     # Flask specific configs
-    DEBUG = True
-    ENV = "development"
+    DEBUG = False
+    ENV = "production"
     FLASK_RUN_HOST = "0.0.0.0"
     FLASK_RUN_PORT = "5000"
     FLASK_FORCE_AUTH = False  # Leave as False except in testing.
diff --git a/application/gui/launch.py b/application/gui/launch.py
index e6c1127..569b89a 100644
--- a/application/gui/launch.py
+++ b/application/gui/launch.py
@@ -51,7 +51,12 @@ def _create_backend(self) -> Flask:
     def _spawn_server_on_thread(self):
         self._server_thread = Thread(
             target=lambda: self._globals._FLASK_APP.run(
-                host="0.0.0.0", port=5000, debug=True, use_reloader=False, threaded=True
+                host="0.0.0.0",
+                port=5000,
+                debug=False,
+                use_reloader=False,
+                threaded=True,
+                use_evalex=False
             )
         )
         self._server_thread.daemon = True