From 2c64da2bee6eeea27c08eb7a94894feaa5494910 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Thu, 15 Oct 2015 12:51:23 +0200 Subject: [PATCH] Never run Flask application with debug mode Flask server in debug mode allows users to execute any Python code on a server, which is a security issue for us. Change-Id: I9e12510b0abb04182e85bf3f73cdad29e1f8d382 Closes-Bug: #1506419 (cherry picked from commit 77d0052c5133034490386fbfadfdb1bdb49aa44f) --- ironic_inspector/main.py | 5 ++--- ironic_inspector/test/functional.py | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ironic_inspector/main.py b/ironic_inspector/main.py index d39a841ec..6351e7613 100644 --- a/ironic_inspector/main.py +++ b/ironic_inspector/main.py @@ -364,7 +364,7 @@ def create_ssl_context(): return context -def main(args=sys.argv[1:], in_functional_test=False): # pragma: no cover +def main(args=sys.argv[1:]): # pragma: no cover log.register_options(CONF) CONF(args, project='ironic-inspector') debug = CONF.debug @@ -377,8 +377,7 @@ def main(args=sys.argv[1:], in_functional_test=False): # pragma: no cover 'ironicclient.common.http=ERROR')]) log.setup(CONF, 'ironic_inspector') - app_kwargs = {'debug': debug and not in_functional_test, - 'host': CONF.listen_address, + app_kwargs = {'host': CONF.listen_address, 'port': CONF.listen_port} context = create_ssl_context() diff --git a/ironic_inspector/test/functional.py b/ironic_inspector/test/functional.py index f9d573041..d69092e4a 100644 --- a/ironic_inspector/test/functional.py +++ b/ironic_inspector/test/functional.py @@ -372,8 +372,7 @@ def mocked_server(): cfg.CONF.unregister_opt(dbsync.command_opt) eventlet.greenthread.spawn_n(main.main, - args=['--config-file', conf_file], - in_functional_test=True) + args=['--config-file', conf_file]) eventlet.greenthread.sleep(1) # Wait for service to start up to 30 seconds for i in range(10):