From dd2ce7177be7481d02631082ed654c913c4aa0e3 Mon Sep 17 00:00:00 2001 From: Joshua Reed <11220408+jreed1701@users.noreply.github.com> Date: Wed, 3 Jan 2024 15:52:03 -0700 Subject: [PATCH 1/2] Eliminate security vulnerabilty and disable debug /console endpoint. --- application/config/config.py | 4 ++-- application/gui/launch.py | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/application/config/config.py b/application/config/config.py index 4083e6d..25db1c7 100644 --- a/application/config/config.py +++ b/application/config/config.py @@ -19,8 +19,8 @@ class DefaultConfig: DEFAULT_INSTALL_PATH = f"/usr/local/share/{APP_NAME}" # Flask specific configs - DEBUG = True - ENV = "development" + DEBUG = False + ENV = "production" FLASK_RUN_HOST = "0.0.0.0" FLASK_RUN_PORT = "5000" FLASK_FORCE_AUTH = False # Leave as False except in testing. diff --git a/application/gui/launch.py b/application/gui/launch.py index e6c1127..569b89a 100644 --- a/application/gui/launch.py +++ b/application/gui/launch.py @@ -51,7 +51,12 @@ def _create_backend(self) -> Flask: def _spawn_server_on_thread(self): self._server_thread = Thread( target=lambda: self._globals._FLASK_APP.run( - host="0.0.0.0", port=5000, debug=True, use_reloader=False, threaded=True + host="0.0.0.0", + port=5000, + debug=False, + use_reloader=False, + threaded=True, + use_evalex=False ) ) self._server_thread.daemon = True From a93f311d138af7fc56bf5355beb543facb4b82a2 Mon Sep 17 00:00:00 2001 From: Joshua Reed <11220408+jreed1701@users.noreply.github.com> Date: Wed, 3 Jan 2024 15:54:52 -0700 Subject: [PATCH 2/2] Fix black formatting error. --- application/gui/launch.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/gui/launch.py b/application/gui/launch.py index 569b89a..eae9a57 100644 --- a/application/gui/launch.py +++ b/application/gui/launch.py @@ -56,7 +56,7 @@ def _spawn_server_on_thread(self): debug=False, use_reloader=False, threaded=True, - use_evalex=False + use_evalex=False, ) ) self._server_thread.daemon = True