Updated to Flask 1.0.2 to resolve issue with CVE-2018-1000656 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000656).

Fyzel · Fyzel · commit 0ed5cf11cff1 · 2018-09-21T20:55:37.000-06:00
diff --git a/api/restplus.py b/api/restplus.py
@@ -13,7 +13,6 @@
 import traceback
 
 from flask_restplus import Api
-import settings
 from sqlalchemy.orm.exc import NoResultFound
 
 log = logging.getLogger(__name__)
@@ -28,8 +27,8 @@ def default_error_handler(exception):
     message = 'An unhandled exception occurred.'
     log.exception(message)
 
-    if not settings.FLASK_DEBUG:
-        return {'message': message}, 500
+    # if not settings.FLASK_DEBUG:
+    #     return {'message': message}, 500
 
 
 @api.errorhandler(NoResultFound)
diff --git a/app.py b/app.py
@@ -19,7 +19,6 @@
 from flask_jwt import JWT, jwt_required, current_identity
 from api.geolocation_data_flaskapi.endpoints.location_endpoint import ns as location_namespace
 
-import settings
 from database import db
 
 
@@ -28,20 +27,7 @@ def create_app():
     return flask_app
 
 
-def configure_app(flask_app):
-    if settings.FLASK_MODE is 'DEV':
-        flask_app.config['SERVER_NAME'] = settings.FLASK_SERVER_NAME
-    flask_app.config['SQLALCHEMY_DATABASE_URI'] = settings.SQLALCHEMY_DATABASE_URI
-    flask_app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = settings.SQLALCHEMY_TRACK_MODIFICATIONS
-    flask_app.config['SWAGGER_UI_DOC_EXPANSION'] = settings.RESTPLUS_SWAGGER_UI_DOC_EXPANSION
-    flask_app.config['RESTPLUS_VALIDATE'] = settings.RESTPLUS_VALIDATE
-    flask_app.config['RESTPLUS_MASK_SWAGGER'] = settings.RESTPLUS_MASK_SWAGGER
-    flask_app.config['ERROR_404_HELP'] = settings.RESTPLUS_ERROR_404_HELP
-    flask_app.secret_key = settings.FLASK_SECRET_KEY
-
-
 def initialize_app(flask_app):
-    configure_app(flask_app)
     blueprint = Blueprint('geolocation', __name__, url_prefix='/geolocation')
     api.init_app(blueprint)
     api.add_namespace(location_namespace)
@@ -58,6 +44,7 @@ def initialize_app(flask_app):
 log = logging.getLogger(__name__)
 
 app = create_app()
+app.config.from_object('config.DevelopmentConfig')
 initialize_app(app)
 
 jwt = JWT(app, authenticate, identity)
@@ -85,4 +72,4 @@ def main():
 
 
 if __name__ == "__main__":
-    app.run(debug=settings.FLASK_DEBUG)
+    app.run()
diff --git a/config.py b/config.py
@@ -0,0 +1,26 @@
+class Config(object):
+    DEBUG = False
+    TESTING = False
+    SQLALCHEMY_DATABASE_URI = 'mysql://geolocation-api:mypass@localhost/Geolocation?charset=utf8'
+    SECRET_KEY = 'Change me'
+    SQLALCHEMY_TRACK_MODIFICATIONS = False
+
+    # RESTplus settings
+    RESTPLUS_SWAGGER_UI_DOC_EXPANSION = 'list'
+    RESTPLUS_VALIDATE = True
+    RESTPLUS_MASK_SWAGGER = False
+    RESTPLUS_ERROR_404_HELP = False
+
+
+class ProductionConfig(Config):
+    pass
+
+
+class DevelopmentConfig(Config):
+    DEBUG = True
+    SQLALCHEMY_TRACK_MODIFICATIONS = True
+
+
+class TestingConfig(Config):
+    TESTING = True
+    SQLALCHEMY_TRACK_MODIFICATIONS = True
diff --git a/create_geolocation_data_flaskapi_user.py b/create_geolocation_data_flaskapi_user.py
@@ -27,7 +27,7 @@
 from passlib.hash import sha512_crypt
 from sqlalchemy import create_engine, MetaData, Table, Column, Integer, NVARCHAR, BOOLEAN, DATETIME, select
 
-from settings import SQLALCHEMY_DATABASE_URI
+import config
 from api.geolocation_data_flaskapi.business.security import salt_password
 
 __all__ = []
@@ -168,7 +168,7 @@ def main(argv=None):
 
         hashed_password = sha512_crypt.hash(salt_password(password, salt))
 
-        engine = create_engine(SQLALCHEMY_DATABASE_URI, echo=True)
+        engine = create_engine(config.DevelopmentConfig.SQLALCHEMY_DATABASE_URI, echo=True)
 
         metadata = MetaData()
         user = Table('user', metadata,
diff --git a/requirements.txt b/requirements.txt
@@ -1,26 +1,26 @@
-aniso8601==1.3.0
+aniso8601==3.0.2
 appdirs==1.4.3
-certifi==2017.7.27.1
+certifi==2018.8.24
 chardet==3.0.4
 click==6.7
 configparser==3.5.0
-Flask==0.12.2
+Flask==1.0.2
 Flask-JWT==0.3.2
-flask-restplus==0.10.1
+flask-restplus==0.11.0
 Flask-SQLAlchemy==2.3.2
-idna==2.6
+idna==2.7
 itsdangerous==0.24
-Jinja2==2.9.6
+Jinja2==2.10
 jsonschema==2.6.0
 MarkupSafe==1.0
-mysqlclient==1.3.12
+mysqlclient==1.3.13
 passlib==1.7.1
-pycountry==17.9.23
-PyJWT==1.5.3
-python-dateutil==2.6.1
-pytz==2017.2
-requests==2.18.4
+pycountry==18.5.26
+PyJWT==1.6.4
+python-dateutil==2.7.3
+pytz==2018.5
+requests==2.19.1
 six==1.11.0
-SQLAlchemy==1.1.14
-urllib3==1.22
-Werkzeug==0.12.2
+SQLAlchemy==1.2.12
+urllib3==1.23
+Werkzeug==0.14.1
diff --git a/settings.py b/settings.py
diff --git a/static/images/swagger-ui.png b/static/images/swagger-ui.png
