From 6e83494384c3c4543c23aabd0862c98fc0224891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chris=20Da=C3=9Fler?= Date: Sun, 26 May 2024 20:50:45 +0200 Subject: [PATCH] fix(): Ensure secure handling of file paths and improve error handling (CodeRabbit suggestion) --- .../src/spiffworkflow_backend/config/default.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 1d443be1b..0cf89779c 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -3,6 +3,7 @@ from os import environ from os import path from typing import Any +from flask import current_app from spiffworkflow_backend.config.normalized_environment import normalized_environment # Consider: https://flask.palletsprojects.com/en/2.2.x/config/#configuring-from-environment-variables @@ -22,12 +23,14 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No if value_from_file and value_from_file.startswith("/run/secrets"): # rewrite variable name: remove _FILE variable_name = variable_name.removesuffix("_FILE") - - if path.exists(value_from_file): - with open(value_from_file) as f: - value_to_return = f.readline() - else: - value_to_return = None + try: + with open(value_from_file, 'r') as file: + value_to_return = file.read().strip() # Read entire content and strip any extra whitespace + except FileNotFoundError: + value_to_return = None # Handle the case where the file does not exist + except Exception as e: + current_app.logger.error(f"Error reading from {value_from_file}: {str(e)}") + value_to_return = None # Handle other potential errors if value_from_env is not None: if isinstance(default, bool):