From c892cd5ae18e13628cd55b1a159dfabd30c62db0 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 18 Sep 2020 17:38:52 -0700 Subject: [PATCH 1/7] removing anything that remotely looks like a secret in code to set a good example --- docker/src/lemur.conf.py | 19 ++++++++++++++++--- lemur/tests/conf.py | 22 ++++++++++++++++++---- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 3cc51792..89448b29 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -1,4 +1,7 @@ import os +import random +import string +import base64 from ast import literal_eval _basedir = os.path.abspath(os.path.dirname(__file__)) @@ -6,10 +9,20 @@ _basedir = os.path.abspath(os.path.dirname(__file__)) CORS = os.environ.get("CORS") == "True" debug = os.environ.get("DEBUG") == "True" -SECRET_KEY = repr(os.environ.get('SECRET_KEY','Hrs8kCDNPuT9vtshsSWzlrYW+d+PrAXvg/HwbRE6M3vzSJTTrA/ZEw==')) -LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET','YVKT6nNHnWRWk28Lra1OPxMvHTqg1ZXvAcO7bkVNSbrEuDQPABM0VQ==')) -LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS','Ls-qg9j3EMFHyGB_NL0GcQLI6622n9pSyGM_Pu0GdCo=')) +def get_random_secret(length): + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4)) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4)) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4)) + return secret_key + ''.join(random.choice(string.digits) for x in range(length/4)) + + +SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) + +LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET', + base64.b64encode(get_random_secret(32).encode('utf8')))) +LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS', + base64.b64encode(get_random_secret(32).encode('utf8')))) LEMUR_WHITELISTED_DOMAINS = [] diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index af0c09ce..62df5a68 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -1,9 +1,21 @@ # This is just Python which means you can inherit and tweak settings import os +import random +import string +import base64 _basedir = os.path.abspath(os.path.dirname(__file__)) + +# generate random secrets for unittest +def get_random_secret(length): + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4)) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4)) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4)) + return secret_key + ''.join(random.choice(string.digits) for x in range(length/4)) + + THREADS_PER_PAGE = 8 # General @@ -14,12 +26,14 @@ debug = False TESTING = True -# this is the secret key used by flask session management -SECRET_KEY = "I/dVhOZNSMZMqrFJa5tWli6VQccOGudKerq3eWPMSzQNmHHVhMAQfQ==" +# this is the secret key used by flask session management (utf8 encoded) +SECRET_KEY = get_random_secret(length=32).encode('utf8') -# You should consider storing these separately from your config + +# You should consider storing these separately from your config (should be URL-safe) LEMUR_TOKEN_SECRET = "test" -LEMUR_ENCRYPTION_KEYS = "o61sBLNBSGtAckngtNrfVNd8xy8Hp9LBGDstTbMbqCY=" +LEMUR_ENCRYPTION_KEYS = base64.urlsafe_b64encode(get_random_secret(length=32).encode('utf8')) + # List of domain regular expressions that non-admin users can issue LEMUR_WHITELISTED_DOMAINS = [ From 21e9a4508df4323bec5feed0a2d3193633fc5b45 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 18 Sep 2020 17:42:28 -0700 Subject: [PATCH 2/7] TypeError: 'float' object cannot be interpreted as an integer --- docker/src/lemur.conf.py | 8 ++++---- lemur/tests/conf.py | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 89448b29..69f9d985 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -11,10 +11,10 @@ debug = os.environ.get("DEBUG") == "True" def get_random_secret(length): - secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4)) - secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4)) - secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4)) - return secret_key + ''.join(random.choice(string.digits) for x in range(length/4)) + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length/4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length/4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length/4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length/4))) SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index 62df5a68..f984aeba 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -10,10 +10,10 @@ _basedir = os.path.abspath(os.path.dirname(__file__)) # generate random secrets for unittest def get_random_secret(length): - secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4)) - secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4)) - secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4)) - return secret_key + ''.join(random.choice(string.digits) for x in range(length/4)) + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length/4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length/4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length/4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length/4))) THREADS_PER_PAGE = 8 From 1632b4b078d2300e815752c0406cbf3579cbe136 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 18 Sep 2020 21:58:53 -0700 Subject: [PATCH 3/7] making lint happy, running make test-python doesn't run lint --- docker/src/lemur.conf.py | 8 ++++---- lemur/tests/conf.py | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 69f9d985..2a4ef514 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -11,10 +11,10 @@ debug = os.environ.get("DEBUG") == "True" def get_random_secret(length): - secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length/4))) - secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length/4))) - secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length/4))) - return secret_key + ''.join(random.choice(string.digits) for x in range(round(length/4))) + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) soi SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index f984aeba..d3badbeb 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -1,19 +1,19 @@ # This is just Python which means you can inherit and tweak settings +import base64 import os import random import string -import base64 _basedir = os.path.abspath(os.path.dirname(__file__)) # generate random secrets for unittest def get_random_secret(length): - secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length/4))) - secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length/4))) - secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length/4))) - return secret_key + ''.join(random.choice(string.digits) for x in range(round(length/4))) + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) THREADS_PER_PAGE = 8 From 19a678dcc258e1619a1a4e806ce66146cb4f7dc7 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Sat, 19 Sep 2020 08:58:52 -0700 Subject: [PATCH 4/7] removing typo --- docker/src/lemur.conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 2a4ef514..4cb3ae0c 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -14,7 +14,7 @@ def get_random_secret(length): secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4))) secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4))) secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) - return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) soi + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) From f8705aa730e386411315cbbcfc5b330bd51144a3 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 25 Sep 2020 17:19:30 -0700 Subject: [PATCH 5/7] lint --- docker/src/lemur.conf.py | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 4cb3ae0c..e414da1f 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -16,7 +16,6 @@ def get_random_secret(length): secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) - SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET', From 96eada297f9d01792aa3640e3e5e456380eee1a2 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Mon, 28 Sep 2020 14:40:56 -0700 Subject: [PATCH 6/7] lint --- lemur/tests/conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index e2d2e50b..f1019d04 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -15,6 +15,7 @@ def get_random_secret(length): secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) + THREADS_PER_PAGE = 8 # General From ba47e7448d360a191f559895e122a7ccd97af9d1 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Mon, 28 Sep 2020 14:42:03 -0700 Subject: [PATCH 7/7] lint --- docker/src/lemur.conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index e414da1f..4cb3ae0c 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -16,6 +16,7 @@ def get_random_secret(length): secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) + SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',