Never run Flask application with debug mode

Flask server in debug mode allows users to execute any Python code on a server, which is a security issue for us. Change-Id: I9e12510b0abb04182e85bf3f73cdad29e1f8d382 Closes-Bug: #1506419
2015-10-15 12:51:23 +02:00 · 2015-10-15 12:51:23 +02:00 · 77d0052c51
commit 77d0052c51
parent 05b3a6ec6b
2 changed files with 3 additions and 5 deletions
--- a/ironic_inspector/main.py
+++ b/ironic_inspector/main.py
@ -364,7 +364,7 @@ def create_ssl_context():
    return context


-def main(args=sys.argv[1:], in_functional_test=False):  # pragma: no cover
+def main(args=sys.argv[1:]):  # pragma: no cover
    log.register_options(CONF)
    CONF(args, project='ironic-inspector')
    debug = CONF.debug
@ -377,8 +377,7 @@ def main(args=sys.argv[1:], in_functional_test=False):  # pragma: no cover
         'ironicclient.common.http=ERROR')])
    log.setup(CONF, 'ironic_inspector')

-    app_kwargs = {'debug': debug and not in_functional_test,
-                  'host': CONF.listen_address,
+    app_kwargs = {'host': CONF.listen_address,
                  'port': CONF.listen_port}

    context = create_ssl_context()
--- a/ironic_inspector/test/functional.py
+++ b/ironic_inspector/test/functional.py
@ -372,8 +372,7 @@ def mocked_server():
            cfg.CONF.unregister_opt(dbsync.command_opt)

            eventlet.greenthread.spawn_n(main.main,
-                                         args=['--config-file', conf_file],
-                                         in_functional_test=True)
+                                         args=['--config-file', conf_file])
            eventlet.greenthread.sleep(1)
            # Wait for service to start up to 30 seconds
            for i in range(10):