plain 0.11.0__tar.gz → 0.12.0__tar.gz

{plain-0.11.0 → plain-0.12.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: plain
-Version: 0.11.0
+Version: 0.12.0
 Summary: A web framework for building products with Python.
 Author: Dave Gaeddert
 Author-email: dave.gaeddert@dropseed.dev

{plain-0.11.0 → plain-0.12.0}/plain/preflight/__init__.py

@@ -15,8 +15,7 @@ from .registry import register, run_checks
 
 # Import these to force registration of checks
 import plain.preflight.files  # NOQA isort:skip
-import plain.preflight.security.base  # NOQA isort:skip
-import plain.preflight.security.csrf  # NOQA isort:skip
+import plain.preflight.security  # NOQA isort:skip
 import plain.preflight.urls  # NOQA isort:skip
 
 

plain-0.11.0/plain/preflight/security/base.py → plain-0.12.0/plain/preflight/security.py

@@ -16,40 +16,6 @@ SECRET_KEY_WARNING_MSG = (
     f"vulnerable to attack."
 )
 
-# TODO
-W001 = Warning(
-    "You do not have 'plain.middleware.https.HttpsRedirectMiddleware' "
-    "in your MIDDLEWARE so the SECURE_HSTS_SECONDS, "
-    "SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, "
-    "SECURE_CROSS_ORIGIN_OPENER_POLICY, and HTTPS_REDIRECT_ENABLED settings will "
-    "have no effect.",
-    id="security.W001",
-)
-
-W008 = Warning(
-    "Your HTTPS_REDIRECT_ENABLED setting is not set to True. "
-    "Unless your site should be available over both SSL and non-SSL "
-    "connections, you may want to either set this setting True "
-    "or configure a load balancer or reverse-proxy server "
-    "to redirect all connections to HTTPS.",
-    id="security.W008",
-)
-
-W009 = Warning(
-    SECRET_KEY_WARNING_MSG % "SECRET_KEY",
-    id="security.W009",
-)
-
-W018 = Warning(
-    "You should not have DEBUG set to True in deployment.",
-    id="security.W018",
-)
-
-W020 = Warning(
-    "ALLOWED_HOSTS must not be empty in deployment.",
-    id="security.W020",
-)
-
 W025 = Warning(SECRET_KEY_WARNING_MSG, id="security.W025")
 
 
@@ -69,7 +35,16 @@ def check_secret_key(package_configs, **kwargs):
         passed_check = False
     else:
         passed_check = _check_secret_key(secret_key)
-    return [] if passed_check else [W009]
+    return (
+        []
+        if passed_check
+        else [
+            Warning(
+                SECRET_KEY_WARNING_MSG % "SECRET_KEY",
+                id="security.W009",
+            )
+        ]
+    )
 
 
 @register(deploy=True)
@@ -91,9 +66,27 @@ def check_secret_key_fallbacks(package_configs, **kwargs):
 @register(deploy=True)
 def check_debug(package_configs, **kwargs):
     passed_check = not settings.DEBUG
-    return [] if passed_check else [W018]
+    return (
+        []
+        if passed_check
+        else [
+            Warning(
+                "You should not have DEBUG set to True in deployment.",
+                id="security.W018",
+            )
+        ]
+    )
 
 
 @register(deploy=True)
 def check_allowed_hosts(package_configs, **kwargs):
-    return [] if settings.ALLOWED_HOSTS else [W020]
+    return (
+        []
+        if settings.ALLOWED_HOSTS
+        else [
+            Warning(
+                "ALLOWED_HOSTS must not be empty in deployment.",
+                id="security.W020",
+            )
+        ]
+    )

{plain-0.11.0 → plain-0.12.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "plain"
-version = "0.11.0"
+version = "0.12.0"
 description = "A web framework for building products with Python."
 authors = ["Dave Gaeddert <dave.gaeddert@dropseed.dev>"]
 readme = "README.md"

plain-0.11.0/plain/preflight/security/csrf.py

@@ -1,36 +0,0 @@
-from plain.runtime import settings
-
-from .. import Warning, register
-
-W003 = Warning(
-    "You don't appear to be using Plain's built-in "
-    "cross-site request forgery protection via the middleware "
-    "('plain.csrf.middleware.CsrfViewMiddleware' is not in your "
-    "MIDDLEWARE). Enabling the middleware is the safest approach "
-    "to ensure you don't leave any holes.",
-    id="security.W003",
-)
-
-W016 = Warning(
-    "You have 'plain.csrf.middleware.CsrfViewMiddleware' in your "
-    "MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. "
-    "Using a secure-only CSRF cookie makes it more difficult for network "
-    "traffic sniffers to steal the CSRF token.",
-    id="security.W016",
-)
-
-
-def _csrf_middleware():
-    return "plain.csrf.middleware.CsrfViewMiddleware" in settings.MIDDLEWARE
-
-
-@register(deploy=True)
-def check_csrf_middleware(package_configs, **kwargs):
-    passed_check = _csrf_middleware()
-    return [] if passed_check else [W003]
-
-
-@register(deploy=True)
-def check_csrf_cookie_secure(package_configs, **kwargs):
-    passed_check = not _csrf_middleware() or settings.CSRF_COOKIE_SECURE is True
-    return [] if passed_check else [W016]