fix(): Ensure secure handling of file paths and improve error handling (CodeRabbit suggestion)

2025-01-12 10:34:17 +00:00 · 2024-05-26 20:50:45 +02:00 · 2024-05-26 20:50:45 +02:00 · 6e83494384
commit 6e83494384
parent 40f3dfca23
1 changed files with 9 additions and 6 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@ -3,6 +3,7 @@ from os import environ
 from os import path
 from typing import Any

+from flask import current_app
 from spiffworkflow_backend.config.normalized_environment import normalized_environment

 # Consider: https://flask.palletsprojects.com/en/2.2.x/config/#configuring-from-environment-variables
@ -22,12 +23,14 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
        if value_from_file and value_from_file.startswith("/run/secrets"):
            # rewrite variable name: remove _FILE
            variable_name = variable_name.removesuffix("_FILE")
-
-            if path.exists(value_from_file):
-                with open(value_from_file) as f:
-                    value_to_return = f.readline()
-            else:
-                value_to_return = None
+            try:
+                with open(value_from_file, 'r') as file:
+                    value_to_return = file.read().strip()  # Read entire content and strip any extra whitespace
+            except FileNotFoundError:
+                value_to_return = None  # Handle the case where the file does not exist
+            except Exception as e:
+                current_app.logger.error(f"Error reading from {value_from_file}: {str(e)}")
+                value_to_return = None  # Handle other potential errors

    if value_from_env is not None:
        if isinstance(default, bool):