#620179101

Committed 05 Apr 2024 01:48PM UTC coverage: 66.777%. First build

Build # #620179101

Build Type

travis-ci

Run Details

6247 of 9355 relevant lines covered (66.78%)

5.19 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

33.33

/src/quorum/extras.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

# Hive Flask Quorum
# Copyright (c) 2008-2025 Hive Solutions Lda.
#
# This file is part of Hive Flask Quorum.
#
# Hive Flask Quorum is free software: you can redistribute it and/or modify
# it under the terms of the Apache License as published by the Apache
# Foundation, either version 2.0 of the License, or (at your option) any
# later version.
#
# Hive Flask Quorum is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# Apache License for more details.
#
# You should have received a copy of the Apache License along with
# Hive Flask Quorum. If not, see <http://www.apache.org/licenses/>.

__author__ = "João Magalhães <joamag@hive.pt>"
""" The author(s) of the module """

__copyright__ = "Copyright (c) 2008-2025 Hive Solutions Lda."
""" The copyright for the module """

__license__ = "Apache License, Version 2.0"
""" The license for the module """

import flask

YEAR_IN_SECS = 31536000
""" The number of seconds that exist in a
complete year (365 days) """


class SSLify(object):
    """
    Secures your flask app by enabling the forcing
    of the protocol in the HTTP connection.
    """

    def __init__(self, app, age=YEAR_IN_SECS, subdomains=False):
        """
        Constructor of the class.

        :type app: App
        :param app: The application object to be used in the
        in SSL operation for the forcing of the protocol.
        :type age: int
        :param age: The maximum age of the hsts operation.
        :type subdomains: bool
        :param subdomains: If subdomain should be allows as part
        of the security policy.
        """

        if not app == None:
            self.app = app
            self.hsts_age = age
            self.hsts_include_subdomains = subdomains

            self.init_app(self.app)
        else:
            self.app = None

    def init_app(self, app):
        """
        Configures the configured flask app to enforce SSL.

        :type app: App
        :param app: The application to be configured to enforce
        the SSL redirection support.
        """

        app.before_request(self.redirect_to_ssl)
        app.after_request(self.set_hsts_header)

    @property
    def hsts_header(self):
        """
        Returns the proper hsts policy.

        :rtype: String
        :return: The proper hsts policy string value.
        """

        hsts_policy = "max-age={0}".format(self.hsts_age)
        if self.hsts_include_subdomains:
            hsts_policy += "; includeSubDomains"

        return hsts_policy

    def redirect_to_ssl(self):
        """
        Redirect incoming requests to HTTPS in case the current
        protocol is not considered secure.

        This is a conditional execution that verifies the current
        request against any of the defined rules of security.

        :rtype: Request
        :return: The changed request containing the redirect
        instruction in case it's required.
        """

        criteria = [
            flask.request.is_secure,
            flask.request.headers.get("X-Forwarded-Proto", "http") == "https",
        ]

        if any(criteria):
            return
        if not flask.request.url.startswith("http://"):
            return

        url = flask.request.url.replace("http://", "https://", 1)
        request = flask.redirect(url)
        return request

    def set_hsts_header(self, response):
        """
        Adds hsts header to each response, that should be performed
        at the end of the request handling workflow.

        This header should enable extra security options to be
        interpreted at the client side.

        :type response: Response
        :param response: The response to be used to set the hsts
        policy header.
        :rtype: Response
        :return: The changed response object, containing the strict
        transport security (hsts) header.
        """

        response.headers.setdefault("Strict-Transport-Security", self.hsts_header)
        return response

1	#!/usr/bin/python
2	# -- coding: utf-8 --
3
4	# Hive Flask Quorum
5	# Copyright (c) 2008-2025 Hive Solutions Lda.
6	#
7	# This file is part of Hive Flask Quorum.
8	#
9	# Hive Flask Quorum is free software: you can redistribute it and/or modify
10	# it under the terms of the Apache License as published by the Apache
11	# Foundation, either version 2.0 of the License, or (at your option) any
12	# later version.
13	#
14	# Hive Flask Quorum is distributed in the hope that it will be useful,
15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	# Apache License for more details.
18	#
19	# You should have received a copy of the Apache License along with
20	# Hive Flask Quorum. If not, see <http://www.apache.org/licenses/>.
21
22	__author__ = "João Magalhães <joamag@hive.pt>"	8✔
23	""" The author(s) of the module """
24
25	__copyright__ = "Copyright (c) 2008-2025 Hive Solutions Lda."	8✔
26	""" The copyright for the module """
27
28	__license__ = "Apache License, Version 2.0"	8✔
29	""" The license for the module """
30
31	import flask	8✔
32
33	YEAR_IN_SECS = 31536000	8✔
34	""" The number of seconds that exist in a
35	complete year (365 days) """
36
37
38	class SSLify(object):	8✔
39	"""
40	Secures your flask app by enabling the forcing
41	of the protocol in the HTTP connection.
42	"""
43
44	def __init__(self, app, age=YEAR_IN_SECS, subdomains=False):	8✔
45	"""
46	Constructor of the class.
47
48	:type app: App
49	:param app: The application object to be used in the
50	in SSL operation for the forcing of the protocol.
51	:type age: int
52	:param age: The maximum age of the hsts operation.
53	:type subdomains: bool
54	:param subdomains: If subdomain should be allows as part
55	of the security policy.
56	"""
57
58	if not app == None:	×
59	self.app = app	×
60	self.hsts_age = age	×
61	self.hsts_include_subdomains = subdomains	×
62
63	self.init_app(self.app)	×
64	else:
65	self.app = None	×
66
67	def init_app(self, app):	8✔
68	"""
69	Configures the configured flask app to enforce SSL.
70
71	:type app: App
72	:param app: The application to be configured to enforce
73	the SSL redirection support.
74	"""
75
76	app.before_request(self.redirect_to_ssl)	×
77	app.after_request(self.set_hsts_header)	×
78
79	@property	8✔
80	def hsts_header(self):
81	"""
82	Returns the proper hsts policy.
83
84	:rtype: String
85	:return: The proper hsts policy string value.
86	"""
87
88	hsts_policy = "max-age={0}".format(self.hsts_age)	×
89	if self.hsts_include_subdomains:	×
90	hsts_policy += "; includeSubDomains"	×
91
92	return hsts_policy	×
93
94	def redirect_to_ssl(self):	8✔
95	"""
96	Redirect incoming requests to HTTPS in case the current
97	protocol is not considered secure.
98
99	This is a conditional execution that verifies the current
100	request against any of the defined rules of security.
101
102	:rtype: Request
103	:return: The changed request containing the redirect
104	instruction in case it's required.
105	"""
106
107	criteria = [	×
108	flask.request.is_secure,
109	flask.request.headers.get("X-Forwarded-Proto", "http") == "https",
110	]
111
112	if any(criteria):	×
113	return	×
114	if not flask.request.url.startswith("http://"):	×
115	return	×
116
117	url = flask.request.url.replace("http://", "https://", 1)	×
118	request = flask.redirect(url)	×
119	return request	×
120
121	def set_hsts_header(self, response):	8✔
122	"""
123	Adds hsts header to each response, that should be performed
124	at the end of the request handling workflow.
125
126	This header should enable extra security options to be
127	interpreted at the client side.
128
129	:type response: Response
130	:param response: The response to be used to set the hsts
131	policy header.
132	:rtype: Response
133	:return: The changed response object, containing the strict
134	transport security (hsts) header.
135	"""
136
137	response.headers.setdefault("Strict-Transport-Security", self.hsts_header)	×
138	return response	×

hivesolutions / flask-quorum / #620179101

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous