071e229c14
* Added how to fix it section for flask-graphql * Restructured code examples * Adjusted format * Change to allowed_framework_names not needed anymore * Update rule.adoc * Applied suggestion.
123 lines
2.5 KiB
Plaintext
123 lines
2.5 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
Django application startup:
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
from django.conf import settings
|
|
|
|
settings.configure(DEBUG=True) # Sensitive when set to True
|
|
settings.configure(DEBUG_PROPAGATE_EXCEPTIONS=True) # Sensitive when set to True
|
|
|
|
def custom_config(config):
|
|
settings.configure(default_settings=config, DEBUG=True) # Sensitive
|
|
----
|
|
|
|
Inside ``settings.py`` or ``global_settings.py``, which are the default configuration
|
|
files for a Django application:
|
|
|
|
[source,python,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
DEBUG = True # Sensitive
|
|
DEBUG_PROPAGATE_EXCEPTIONS = True # Sensitive
|
|
----
|
|
|
|
|
|
Flask application startup:
|
|
|
|
[source,python,diff-id=3,diff-type=noncompliant]
|
|
----
|
|
from flask import Flask
|
|
|
|
app = Flask()
|
|
app.debug = True # Sensitive
|
|
app.run(debug=True) # Sensitive
|
|
----
|
|
|
|
The following code defines a GraphQL endpoint with GraphiQL enabled. While this might be a useful configuration during development, it should never be enabled for applications deployed in production:
|
|
|
|
[source,python,diff-id=4,diff-type=noncompliant]
|
|
----
|
|
from flask import Flask
|
|
from graphql_server.flask import GraphQLView
|
|
|
|
app = Flask(__name__)
|
|
|
|
app.add_url_rule(
|
|
'/graphql',
|
|
view_func=GraphQLView.as_view(
|
|
'graphql',
|
|
schema=schema,
|
|
graphiql=True # Sensitive
|
|
)
|
|
)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
from django.conf import settings
|
|
|
|
settings.configure(DEBUG=False)
|
|
settings.configure(DEBUG_PROPAGATE_EXCEPTIONS=False)
|
|
|
|
def custom_config(config):
|
|
settings.configure(default_settings=config, DEBUG=False)
|
|
----
|
|
|
|
[source,python,diff-id=2,diff-type=compliant]
|
|
----
|
|
DEBUG = False
|
|
DEBUG_PROPAGATE_EXCEPTIONS = False
|
|
----
|
|
|
|
[source,python,diff-id=3,diff-type=compliant]
|
|
----
|
|
from flask import Flask
|
|
|
|
app = Flask()
|
|
app.debug = False
|
|
app.run(debug=False)
|
|
----
|
|
|
|
[source,python,diff-id=4,diff-type=compliant]
|
|
----
|
|
from flask import Flask
|
|
from graphql_server.flask import GraphQLView
|
|
|
|
app = Flask(__name__)
|
|
|
|
app.add_url_rule(
|
|
'/graphql',
|
|
view_func=GraphQLView.as_view(
|
|
'graphql',
|
|
schema=schema
|
|
)
|
|
)
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|