chore(security): remove hardcoded security key

Remove hardcoded security key for flask. Use environment variable instead.
2025-03-16 15:19:48 +01:00
parent 8590c7a715
commit de8a0ab688
7 changed files with 41 additions and 3 deletions
--- a/src/.env.template
+++ b/src/.env.template
@@ -0,0 +1 @@
+FLASK_SECRET_KEY=
--- a/src/app.py
+++ b/src/app.py
@@ -18,6 +18,10 @@
 from flask import request, Flask, url_for, render_template, redirect
 import operators
 import json
+from dotenv import load_dotenv
+import os
+
+


 __author__ = 'Michael Mäder'
@@ -36,7 +40,7 @@ A little web application that offers API calls for arithmetic operations
 # creation of the Flask application
 app = Flask(__name__)

-app.config['SECRET_KEY'] = 'the-best-secret-ever'   # super secure key against CSRF attacks
+app.config['SECRET_KEY'] = os.environ.get('FLASK_SECRET_KEY')   # super secure key against CSRF attacks

 # global variable containing the name of the login user
 global_data = {'username': 'no_user'}
--- a/src/pdm.lock
+++ b/src/pdm.lock
@@ -5,7 +5,7 @@
 groups = ["default"]
 strategy = ["inherit_metadata"]
 lock_version = "4.5.0"
-content_hash = "sha256:5a2be8939d6734b2295f420aee17c34be5958903eb13eba88b45213f3c4c0333"
+content_hash = "sha256:e36fdc748f0c9135da773b2fbab7f45cc5c43e27fad6d39d2de23857da4c1a91"

 [[metadata.targets]]
 requires_python = ">3.11"
@@ -177,6 +177,18 @@ files = [
    {file = "coverage-7.6.12.tar.gz", hash = "sha256:48cfc4641d95d34766ad41d9573cc0f22a48aa88d22657a1fe01dca0dbae4de2"},
 ]

+[[package]]
+name = "dotenv"
+version = "0.9.9"
+summary = "Deprecated package"
+groups = ["default"]
+dependencies = [
+    "python-dotenv",
+]
+files = [
+    {file = "dotenv-0.9.9-py2.py3-none-any.whl", hash = "sha256:29cf74a087b31dafdb5a446b6d7e11cbce8ed2741540e2339c69fbef92c94ce9"},
+]
+
 [[package]]
 name = "flask"
 version = "3.1.0"
@@ -364,6 +376,17 @@ files = [
    {file = "pytest_cov-6.0.0-py3-none-any.whl", hash = "sha256:eee6f1b9e61008bd34975a4d5bab25801eb31898b032dd55addc93e96fcaaa35"},
 ]

+[[package]]
+name = "python-dotenv"
+version = "1.0.1"
+requires_python = ">=3.8"
+summary = "Read key-value pairs from a .env file and set them as environment variables"
+groups = ["default"]
+files = [
+    {file = "python-dotenv-1.0.1.tar.gz", hash = "sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca"},
+    {file = "python_dotenv-1.0.1-py3-none-any.whl", hash = "sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a"},
+]
+
 [[package]]
 name = "werkzeug"
 version = "3.1.3"
--- a/src/pyproject.toml
+++ b/src/pyproject.toml
@@ -10,6 +10,7 @@ dependencies = [
    "pytest-cov>=4.1.0",
    "Flask>=3.0.2",
    "flask-wtf>=1.2.1",
+    "dotenv>=0.9.9",
 ]
 requires-python = ">3.11"
 readme = "README.md"