Skip to content
Snippets Groups Projects
Verified Commit 37df277b authored by David Hoese's avatar David Hoese
Browse files

Fix bandit issues

parent 78357b50
No related branches found
No related tags found
No related merge requests found
......@@ -2,7 +2,8 @@ JSONIFY_PRETTYPRINT_REGULAR = False
if "SECRET_KEY" not in globals():
# we don't do anything with cookies or sessions, set this somewhere secret in the future
SECRET_KEY = "secret!"
# Security: This is expected to be overwritten either via environment variable or sub-configuration
SECRET_KEY = "secret!" # nosec B105
ARCHIVE_ROOT = "/data1/cache"
ARCHIVE_URL = "http://metobs.ssec.wisc.edu/pub/cache"
......@@ -11,5 +12,6 @@ ARCHIVE_URL = "http://metobs.ssec.wisc.edu/pub/cache"
INFLUXDB_HOST = "rain01"
INFLUXDB_PORT = 8086
INFLUXDB_USER = "root"
INFLUXDB_PASS = "root"
# Security: This is expected to be overwritten either via environment variable or sub-configuration
INFLUXDB_PASS = "root" # nosec B105
INFLUXDB_DB = "metobs"
import logging
from datetime import datetime, timedelta
from xml.dom.minidom import Document
# Security: Document is only used for creating an XML document, not parsing one
from xml.dom.minidom import Document # nosec B408
import numpy as np
import pandas as pd
......
import json as builtin_json
import logging
import os
import sys
from datetime import datetime
from enum import Enum
from urllib.error import URLError
......@@ -18,10 +19,10 @@ LOG = logging.getLogger(__name__)
app = Flask(__name__)
# Load custom configuration file is specified
if os.environ.get("METOBSAPI_SETTINGS") is None:
app.config.from_object("metobsapi.common_config")
else:
app.config.from_object("metobsapi.common_config")
if os.environ.get("METOBSAPI_SETTINGS") is not None:
app.config.from_pyfile(os.environ.get("METOBSAPI_SETTINGS"))
app.config.from_prefixed_env(prefix="METOBSAPI")
# Load json handler and add custom enum encoder
......@@ -163,14 +164,16 @@ def get_instrument_status(site, inst=None, fmt=None):
json_subpath = os.path.join(site, inst, "status.json")
# try to load the JSON file from the archive
if not os.path.exists(app.config.get("ARCHIVE_ROOT")):
if not os.path.isfile(app.config.get("ARCHIVE_ROOT")) and app.config.get("ARCHIVE_ROOT").startswith("http"):
LOG.warning("Using URL request for status JSON, not meant for operational use")
# we aren't on a system with the archive available, fall back to URL
# loads directly to the archive
base_url = app.config.get("ARCHIVE_URL")
json_url = os.path.join(base_url, json_subpath)
try:
json_str = urlopen(json_url).read()
# Security: We check to ensure this is an HTTP URL as a base URL.
# The server configuration is also the one setting what the root URL is.
json_str = urlopen(json_url).read() # nosec B310
except URLError:
response["status_message"] = "Could not retrieve configured status: {}".format(json_url)
json_str = None
......@@ -196,4 +199,5 @@ def get_instrument_status(site, inst=None, fmt=None):
if __name__ == "__main__":
app.debug = True
app.run("0.0.0.0", threaded=True)
bind_addr = "0.0.0.0" if len(sys.argv) <= 1 else sys.argv[0] # nosec B104
app.run(bind_addr, threaded=True)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment