plain 0.11.0__py3-none-any.whl → 0.12.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- plain/preflight/__init__.py +1 -2
- plain/preflight/{security/base.py → security.py} +30 -37
- {plain-0.11.0.dist-info → plain-0.12.0.dist-info}/METADATA +1 -1
- {plain-0.11.0.dist-info → plain-0.12.0.dist-info}/RECORD +7 -9
- plain/preflight/security/__init__.py +0 -0
- plain/preflight/security/csrf.py +0 -36
- {plain-0.11.0.dist-info → plain-0.12.0.dist-info}/LICENSE +0 -0
- {plain-0.11.0.dist-info → plain-0.12.0.dist-info}/WHEEL +0 -0
- {plain-0.11.0.dist-info → plain-0.12.0.dist-info}/entry_points.txt +0 -0
plain/preflight/__init__.py
CHANGED
|
@@ -15,8 +15,7 @@ from .registry import register, run_checks
|
|
|
15
15
|
|
|
16
16
|
# Import these to force registration of checks
|
|
17
17
|
import plain.preflight.files # NOQA isort:skip
|
|
18
|
-
import plain.preflight.security
|
|
19
|
-
import plain.preflight.security.csrf # NOQA isort:skip
|
|
18
|
+
import plain.preflight.security # NOQA isort:skip
|
|
20
19
|
import plain.preflight.urls # NOQA isort:skip
|
|
21
20
|
|
|
22
21
|
|
|
@@ -16,40 +16,6 @@ SECRET_KEY_WARNING_MSG = (
|
|
|
16
16
|
f"vulnerable to attack."
|
|
17
17
|
)
|
|
18
18
|
|
|
19
|
-
# TODO
|
|
20
|
-
W001 = Warning(
|
|
21
|
-
"You do not have 'plain.middleware.https.HttpsRedirectMiddleware' "
|
|
22
|
-
"in your MIDDLEWARE so the SECURE_HSTS_SECONDS, "
|
|
23
|
-
"SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, "
|
|
24
|
-
"SECURE_CROSS_ORIGIN_OPENER_POLICY, and HTTPS_REDIRECT_ENABLED settings will "
|
|
25
|
-
"have no effect.",
|
|
26
|
-
id="security.W001",
|
|
27
|
-
)
|
|
28
|
-
|
|
29
|
-
W008 = Warning(
|
|
30
|
-
"Your HTTPS_REDIRECT_ENABLED setting is not set to True. "
|
|
31
|
-
"Unless your site should be available over both SSL and non-SSL "
|
|
32
|
-
"connections, you may want to either set this setting True "
|
|
33
|
-
"or configure a load balancer or reverse-proxy server "
|
|
34
|
-
"to redirect all connections to HTTPS.",
|
|
35
|
-
id="security.W008",
|
|
36
|
-
)
|
|
37
|
-
|
|
38
|
-
W009 = Warning(
|
|
39
|
-
SECRET_KEY_WARNING_MSG % "SECRET_KEY",
|
|
40
|
-
id="security.W009",
|
|
41
|
-
)
|
|
42
|
-
|
|
43
|
-
W018 = Warning(
|
|
44
|
-
"You should not have DEBUG set to True in deployment.",
|
|
45
|
-
id="security.W018",
|
|
46
|
-
)
|
|
47
|
-
|
|
48
|
-
W020 = Warning(
|
|
49
|
-
"ALLOWED_HOSTS must not be empty in deployment.",
|
|
50
|
-
id="security.W020",
|
|
51
|
-
)
|
|
52
|
-
|
|
53
19
|
W025 = Warning(SECRET_KEY_WARNING_MSG, id="security.W025")
|
|
54
20
|
|
|
55
21
|
|
|
@@ -69,7 +35,16 @@ def check_secret_key(package_configs, **kwargs):
|
|
|
69
35
|
passed_check = False
|
|
70
36
|
else:
|
|
71
37
|
passed_check = _check_secret_key(secret_key)
|
|
72
|
-
return
|
|
38
|
+
return (
|
|
39
|
+
[]
|
|
40
|
+
if passed_check
|
|
41
|
+
else [
|
|
42
|
+
Warning(
|
|
43
|
+
SECRET_KEY_WARNING_MSG % "SECRET_KEY",
|
|
44
|
+
id="security.W009",
|
|
45
|
+
)
|
|
46
|
+
]
|
|
47
|
+
)
|
|
73
48
|
|
|
74
49
|
|
|
75
50
|
@register(deploy=True)
|
|
@@ -91,9 +66,27 @@ def check_secret_key_fallbacks(package_configs, **kwargs):
|
|
|
91
66
|
@register(deploy=True)
|
|
92
67
|
def check_debug(package_configs, **kwargs):
|
|
93
68
|
passed_check = not settings.DEBUG
|
|
94
|
-
return
|
|
69
|
+
return (
|
|
70
|
+
[]
|
|
71
|
+
if passed_check
|
|
72
|
+
else [
|
|
73
|
+
Warning(
|
|
74
|
+
"You should not have DEBUG set to True in deployment.",
|
|
75
|
+
id="security.W018",
|
|
76
|
+
)
|
|
77
|
+
]
|
|
78
|
+
)
|
|
95
79
|
|
|
96
80
|
|
|
97
81
|
@register(deploy=True)
|
|
98
82
|
def check_allowed_hosts(package_configs, **kwargs):
|
|
99
|
-
return
|
|
83
|
+
return (
|
|
84
|
+
[]
|
|
85
|
+
if settings.ALLOWED_HOSTS
|
|
86
|
+
else [
|
|
87
|
+
Warning(
|
|
88
|
+
"ALLOWED_HOSTS must not be empty in deployment.",
|
|
89
|
+
id="security.W020",
|
|
90
|
+
)
|
|
91
|
+
]
|
|
92
|
+
)
|
|
@@ -61,13 +61,11 @@ plain/packages/config.py,sha256=6Vdf1TEQllZkkEvK0WK__zHJYT9nxmS3EyYrbuq0GkM,1120
|
|
|
61
61
|
plain/packages/registry.py,sha256=Bihdu1sOVslmb2CHAJbMqqzsLIPn0FkqwHoD_JrfZy4,17936
|
|
62
62
|
plain/paginator.py,sha256=4v5SbYotJH9HoNdzf-1j-AEy4ZLbLPuysf-VME4-6e0,6055
|
|
63
63
|
plain/preflight/README.md,sha256=fgcfVRD6rq7IO8AffQhk49c-6akxaE8MQidRp69InDQ,59
|
|
64
|
-
plain/preflight/__init__.py,sha256=
|
|
64
|
+
plain/preflight/__init__.py,sha256=H-TNRvaddPtOGmv4RXoc1fxDV1AOb7_K3u7ECF8mV58,607
|
|
65
65
|
plain/preflight/files.py,sha256=wbHCNgps7o1c1zQNBd8FDCaVaqX90UwuvLgEQ_DbUpY,510
|
|
66
66
|
plain/preflight/messages.py,sha256=u0oc7q7YmBlKYJRcF5SQpzncfOkEzDhZTcpyclQDfHg,2427
|
|
67
67
|
plain/preflight/registry.py,sha256=ZpxnZPIklXuT8xZVTxCUp_IER3zhd7DdfsmqIpAbLj4,2306
|
|
68
|
-
plain/preflight/security
|
|
69
|
-
plain/preflight/security/base.py,sha256=nsv-g-bFr_188mkOQwC1ZDnyS0rE6eZED8xZT-FEM8M,3074
|
|
70
|
-
plain/preflight/security/csrf.py,sha256=8dKzs5kQwTTKeyfHbkrzdPk3OEoUN8mc-0xhSBo1KmM,1175
|
|
68
|
+
plain/preflight/security.py,sha256=n4X71leOFKqalvEPH3QwVzMs5FB7xu840EEYpLj6Ymw,2617
|
|
71
69
|
plain/preflight/urls.py,sha256=O4PQ_v205VA2872fQlhPfxaihDDRCsVp0ZVKQ92aX4k,3019
|
|
72
70
|
plain/runtime/README.md,sha256=Q8VVO7JRGuYrDxzuYL6ptoilhclbecxKzpRXKgbWGkU,2061
|
|
73
71
|
plain/runtime/__init__.py,sha256=DH8TwKTGJhjviOy4yh_d051v8YGaAWMlFBPhK8ZuC9g,1499
|
|
@@ -141,8 +139,8 @@ plain/views/objects.py,sha256=9QBYyb8PgkRirXCQ8-Pms4_yMzP37dfeL30hWRYmtZg,7909
|
|
|
141
139
|
plain/views/redirect.py,sha256=KLnlktzK6ZNMTlaEiZpMKQMEP5zeTgGLJ9BIkIJfwBo,1733
|
|
142
140
|
plain/views/templates.py,sha256=nF9CcdhhjAyp3LB0RrSYnBaHpHzMfPSw719RCdcXk7o,2007
|
|
143
141
|
plain/wsgi.py,sha256=R6k5FiAElvGDApEbMPTT0MPqSD7n2e2Az5chQqJZU0I,236
|
|
144
|
-
plain-0.
|
|
145
|
-
plain-0.
|
|
146
|
-
plain-0.
|
|
147
|
-
plain-0.
|
|
148
|
-
plain-0.
|
|
142
|
+
plain-0.12.0.dist-info/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
|
|
143
|
+
plain-0.12.0.dist-info/METADATA,sha256=eaEqCJ_ZZATzE_wZcodAprf9OO-aru1xTeWRADCCeMo,2722
|
|
144
|
+
plain-0.12.0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
145
|
+
plain-0.12.0.dist-info/entry_points.txt,sha256=7O1RZTmMasKYB73bfqQcTwIhsXo7RjEIKv2WbtTtOIM,39
|
|
146
|
+
plain-0.12.0.dist-info/RECORD,,
|
|
File without changes
|
plain/preflight/security/csrf.py
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
from plain.runtime import settings
|
|
2
|
-
|
|
3
|
-
from .. import Warning, register
|
|
4
|
-
|
|
5
|
-
W003 = Warning(
|
|
6
|
-
"You don't appear to be using Plain's built-in "
|
|
7
|
-
"cross-site request forgery protection via the middleware "
|
|
8
|
-
"('plain.csrf.middleware.CsrfViewMiddleware' is not in your "
|
|
9
|
-
"MIDDLEWARE). Enabling the middleware is the safest approach "
|
|
10
|
-
"to ensure you don't leave any holes.",
|
|
11
|
-
id="security.W003",
|
|
12
|
-
)
|
|
13
|
-
|
|
14
|
-
W016 = Warning(
|
|
15
|
-
"You have 'plain.csrf.middleware.CsrfViewMiddleware' in your "
|
|
16
|
-
"MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. "
|
|
17
|
-
"Using a secure-only CSRF cookie makes it more difficult for network "
|
|
18
|
-
"traffic sniffers to steal the CSRF token.",
|
|
19
|
-
id="security.W016",
|
|
20
|
-
)
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
def _csrf_middleware():
|
|
24
|
-
return "plain.csrf.middleware.CsrfViewMiddleware" in settings.MIDDLEWARE
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
@register(deploy=True)
|
|
28
|
-
def check_csrf_middleware(package_configs, **kwargs):
|
|
29
|
-
passed_check = _csrf_middleware()
|
|
30
|
-
return [] if passed_check else [W003]
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
@register(deploy=True)
|
|
34
|
-
def check_csrf_cookie_secure(package_configs, **kwargs):
|
|
35
|
-
passed_check = not _csrf_middleware() or settings.CSRF_COOKIE_SECURE is True
|
|
36
|
-
return [] if passed_check else [W016]
|
|
File without changes
|
|
File without changes
|
|
File without changes
|