Never run Flask application with debug mode

Flask server in debug mode allows users to execute any Python code
on a server, which is a security issue for us.

Change-Id: I9e12510b0abb04182e85bf3f73cdad29e1f8d382
Closes-Bug: #1506419
This commit is contained in:
Dmitry Tantsur 2015-10-15 12:51:23 +02:00
parent 05b3a6ec6b
commit 77d0052c51
2 changed files with 3 additions and 5 deletions

View File

@ -364,7 +364,7 @@ def create_ssl_context():
return context return context
def main(args=sys.argv[1:], in_functional_test=False): # pragma: no cover def main(args=sys.argv[1:]): # pragma: no cover
log.register_options(CONF) log.register_options(CONF)
CONF(args, project='ironic-inspector') CONF(args, project='ironic-inspector')
debug = CONF.debug debug = CONF.debug
@ -377,8 +377,7 @@ def main(args=sys.argv[1:], in_functional_test=False): # pragma: no cover
'ironicclient.common.http=ERROR')]) 'ironicclient.common.http=ERROR')])
log.setup(CONF, 'ironic_inspector') log.setup(CONF, 'ironic_inspector')
app_kwargs = {'debug': debug and not in_functional_test, app_kwargs = {'host': CONF.listen_address,
'host': CONF.listen_address,
'port': CONF.listen_port} 'port': CONF.listen_port}
context = create_ssl_context() context = create_ssl_context()

View File

@ -372,8 +372,7 @@ def mocked_server():
cfg.CONF.unregister_opt(dbsync.command_opt) cfg.CONF.unregister_opt(dbsync.command_opt)
eventlet.greenthread.spawn_n(main.main, eventlet.greenthread.spawn_n(main.main,
args=['--config-file', conf_file], args=['--config-file', conf_file])
in_functional_test=True)
eventlet.greenthread.sleep(1) eventlet.greenthread.sleep(1)
# Wait for service to start up to 30 seconds # Wait for service to start up to 30 seconds
for i in range(10): for i in range(10):