class Config(object):
SECRET_KEY = config.get("core", "secret_key")
USE_REVERSE_PROXY = config.getboolean("core",
"use_reverse_proxy",
fallback=False)
DISPLAY_WELCOME = config.getboolean("core",
"display_welcome",
fallback=False)
DISPLAY_TERMS = config.getboolean("core", "display_terms", fallback=False)
# Customize the server name
if config.get("core", "server_name"):
SERVER_NAME = config.get("core", "server_name")
# Database
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_DATABASE_URI = config.get("core", "database_uri")
# Celery
CELERY_CONF = {
"BROKER_URL":
config.get("core",
"celery_broker_url",
fallback="redis://127.0.0.1:6379/0"),
"CELERY_RESULT_BACKEND":
config.get("core",
"celery_result_backend",
fallback="redis://127.0.0.1:6379/1"),
"CELERYBEAT_SCHEDULE":
CELERYBEAT_SCHEDULE,
"CELERY_TASK_SERIALIZER":
"json",
"CELERY_RESULT_SERIALIZER":
"json",
"CELERY_ACCEPT_CONTENT": ["json"],
"CELERYD_HIJACK_ROOT_LOGGER":
False,
}
# Pagination
CVES_PER_PAGE = config.getint("core", "cves_per_page", fallback=20)
VENDORS_PER_PAGE = config.getint("core", "vendors_per_page", fallback=20)
PRODUCTS_PER_PAGE = config.getint("core", "products_per_page", fallback=20)
CWES_PER_PAGE = config.getint("core", "cwes_per_page", fallback=20)
REPORTS_PER_PAGE = config.getint("core", "reports_per_page", fallback=20)
# ReCaptcha
DISPLAY_RECAPTCHA = config.getboolean("core",
"display_recaptcha",
fallback=False)
RECAPTCHA_PUBLIC_KEY = config.get("core", "recaptcha_site_key")
RECAPTCHA_PRIVATE_KEY = config.get("core", "recaptcha_secret_key")
# Vendors and Products excerpt
COUNT_EXCERPT = 3
REPORT_COUNT_EXCERPT = 3
# Flask-User
USER_APP_NAME = "OpenCVE.io"
USER_ENABLE_CHANGE_USERNAME = False
USER_ENABLE_MULTIPLE_EMAILS = True
USER_AUTO_LOGIN_AFTER_CONFIRM = False
# Flask-User redirect pages
USER_AFTER_CHANGE_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_REGISTER_ENDPOINT = "user.login"
USER_AFTER_CONFIRM_ENDPOINT = "user.login"
USER_AFTER_FORGOT_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_RESET_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_LOGOUT_ENDPOINT = "user.login"
USER_AFTER_RESEND_EMAIL_CONFIRMATION_ENDPOINT = "user.login"
USER_AFTER_EDIT_USER_PROFILE_ENDPOINT = "user.edit_user_profile"
# Flask-User urls
USER_LOGIN_URL = "/login"
USER_LOGOUT_URL = "/logout"
USER_REGISTER_URL = "/register"
USER_CHANGE_PASSWORD_URL = "/account/password"
USER_EDIT_USER_PROFILE_URL = "/account/profile"
USER_FORGOT_PASSWORD_URL = "/account/forgot-password"
USER_RESEND_EMAIL_CONFIRMATION_URL = "/account/resend-email-confirmation"
# Mail
EMAIL_ADAPTER = config.get("mail", "email_adapter", fallback="smtp")
USER_EMAIL_SENDER_EMAIL = config.get("mail",
"email_from",
fallback="*****@*****.**")
MAIL_SERVER = config.get("mail", "smtp_server")
MAIL_PORT = config.getint("mail", "smtp_port", fallback=465)
MAIL_USE_TLS = config.getboolean("mail", "smtp_use_tls", fallback=True)
MAIL_USERNAME = config.get("mail", "smtp_username")
MAIL_PASSWORD = config.get("mail", "stmp_password")
DEFAULT_MAIL_SENDER = config.get("mail",
"email_from",
fallback="*****@*****.**")
@staticmethod
def init_app(app):
# Flask-Admin
admin.init_app(app)
admin.add_view(UserModelView(User, db.session))
admin.add_view(CveModelView(Cve, db.session))
admin.add_view(EventModelView(Event, db.session))
admin.add_view(VendorModelView(Vendor, db.session))
admin.add_view(ProductModelView(Product, db.session))
admin.add_link(MenuLink(name="Tasks", url="/admin/tasks"))
# Flask-DebugToolbar
debug_toolbar.init_app(app)
# Celery
cel.init_app(app)
# CSRF protection
csrf.init_app(app)
# SQLAlchemy
db.init_app(app)
# User
user_manager.init_app(app, db, User)
user_manager.email_manager = CustomEmailManager(app)
# Flask-Gravatar
gravatar.init_app(app)
# Flask-Migrate
migrate.init_app(
app=app,
db=db,
directory=str(Path(__file__).resolve().parent / "migrations"),
)
# Reverse proxy should used HTTPS
if app.config["USE_REVERSE_PROXY"]:
app.config["PREFERRED_URL_SCHEME"] = "https"
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
class Config(object):
SECRET_KEY = config.get("core", "secret_key")
USE_REVERSE_PROXY = config.getboolean("core",
"use_reverse_proxy",
fallback=False)
DISPLAY_WELCOME = config.getboolean("core",
"display_welcome",
fallback=False)
DISPLAY_TERMS = config.getboolean("core", "display_terms", fallback=False)
# Customize the server name
if config.get("core", "server_name"):
SERVER_NAME = config.get("core", "server_name")
# Database
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_DATABASE_URI = config.get("core", "database_uri")
# Celery
CELERY_CONF = {
"BROKER_URL":
config.get("core",
"celery_broker_url",
fallback="redis://127.0.0.1:6379/0"),
"CELERY_RESULT_BACKEND":
config.get("core",
"celery_result_backend",
fallback="redis://127.0.0.1:6379/1"),
"CELERYBEAT_SCHEDULE":
CELERYBEAT_SCHEDULE,
"CELERY_TASK_SERIALIZER":
"json",
"CELERY_RESULT_SERIALIZER":
"json",
"CELERY_ACCEPT_CONTENT": ["json"],
"CELERYD_HIJACK_ROOT_LOGGER":
False,
}
# Pagination
CVES_PER_PAGE = config.getint("core", "cves_per_page", fallback=20)
VENDORS_PER_PAGE = config.getint("core", "vendors_per_page", fallback=20)
PRODUCTS_PER_PAGE = config.getint("core", "products_per_page", fallback=20)
CWES_PER_PAGE = config.getint("core", "cwes_per_page", fallback=20)
REPORTS_PER_PAGE = config.getint("core", "reports_per_page", fallback=20)
ALERTS_PER_PAGE = config.getint("core", "alerts_per_page", fallback=20)
TAGS_PER_PAGE = config.getint("core", "tags_per_page", fallback=20)
ACTIVITIES_PER_PAGE = config.getint("core",
"activities_per_page",
fallback=20)
# ReCaptcha
DISPLAY_RECAPTCHA = config.getboolean("core",
"display_recaptcha",
fallback=False)
RECAPTCHA_PUBLIC_KEY = config.get("core", "recaptcha_site_key")
RECAPTCHA_PRIVATE_KEY = config.get("core", "recaptcha_secret_key")
# Vendors and Products excerpt
COUNT_EXCERPT = 3
REPORT_COUNT_EXCERPT = 3
# Flask-User
USER_APP_NAME = "OpenCVE.io"
USER_ENABLE_CHANGE_USERNAME = False
USER_ENABLE_MULTIPLE_EMAILS = True
USER_AUTO_LOGIN_AFTER_CONFIRM = True
# Flask-User redirect pages
USER_AFTER_CHANGE_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_REGISTER_ENDPOINT = "user.login"
USER_AFTER_CONFIRM_ENDPOINT = "user.login"
USER_AFTER_FORGOT_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_RESET_PASSWORD_ENDPOINT = "user.login"
USER_AFTER_LOGOUT_ENDPOINT = "user.login"
USER_AFTER_RESEND_EMAIL_CONFIRMATION_ENDPOINT = "user.login"
USER_AFTER_EDIT_USER_PROFILE_ENDPOINT = "user.edit_user_profile"
# Flask-User urls
USER_LOGIN_URL = "/login"
USER_LOGOUT_URL = "/logout"
USER_REGISTER_URL = "/register"
USER_CHANGE_PASSWORD_URL = "/account/password"
USER_EDIT_USER_PROFILE_URL = "/account/profile"
USER_FORGOT_PASSWORD_URL = "/account/forgot-password"
USER_RESEND_EMAIL_CONFIRMATION_URL = "/account/resend-email-confirmation"
# API rate limit
RATELIMIT_ENABLED = config.getboolean("api",
"ratelimit_enabled",
fallback=False)
RATELIMIT_VALUE = config.get("api",
"ratelimit_value",
fallback="3600/hour")
RATELIMIT_STORAGE_URL = config.get("api",
"ratelimit_storage_url",
fallback="redis://127.0.0.1:6379/2")
RATELIMIT_HEADERS_ENABLED = True
# Mail
EMAIL_ADAPTER = config.get("mail", "email_adapter", fallback="smtp")
USER_EMAIL_SENDER_EMAIL = config.get("mail",
"email_from",
fallback="*****@*****.**")
MAIL_SERVER = config.get("mail", "smtp_server")
MAIL_PORT = config.getint("mail", "smtp_port", fallback=465)
MAIL_USE_TLS = config.getboolean("mail", "smtp_use_tls", fallback=True)
MAIL_USERNAME = config.get("mail", "smtp_username")
# ensure compatibility before deprecating "stmp_password"
# see https://github.com/opencve/opencve/issues/76
try:
MAIL_PASSWORD = config.get("mail", "smtp_password")
except:
MAIL_PASSWORD = config.get("mail", "stmp_password")
DEFAULT_MAIL_SENDER = config.get("mail",
"email_from",
fallback="*****@*****.**")
# Webhook
GLOBAL_WEBHOOK_ENABLED = config.get("webhook",
"global_webhook_enabled",
fallback=False)
WEBHOOK_URL = None
if GLOBAL_WEBHOOK_ENABLED:
try:
WEBHOOK_URL = config.get("webhook", "webhook_url")
except configparser.NoOptionError as e:
raise ValueError(
"'webhook_url' needs to be specified in the 'webhook' section when 'global_webhook_enabled' is set to true."
)
@staticmethod
def init_app(app):
# Flask-DebugToolbar
debug_toolbar.init_app(app)
# Celery
cel.init_app(app)
# CSRF protection
csrf.init_app(app)
# SQLAlchemy
db.init_app(app)
# User
user_manager.init_app(app, db, User)
user_manager.email_manager = CustomEmailManager(app)
# Flask-Gravatar
gravatar.init_app(app)
# Flask-Migrate
migrate.init_app(
app=app,
db=db,
directory=str(Path(__file__).resolve().parent / "migrations"),
)
# Reverse proxy should used HTTPS
if app.config["USE_REVERSE_PROXY"]:
app.config["PREFERRED_URL_SCHEME"] = "https"
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
# API Ratelimit
limiter.init_app(app)
# Flask-Admin
admin = Admin(name="OpenCVE Admin",
template_mode="bootstrap3",
index_view=HomeView())
admin.init_app(app)
with warnings.catch_warnings():
warnings.filterwarnings("ignore", "Fields missing from ruleset")
admin.add_view(UserModelView(User, db.session))
admin.add_view(CveModelView(Cve, db.session))
admin.add_view(EventModelView(Event, db.session))
admin.add_view(VendorModelView(Vendor, db.session))
admin.add_view(ProductModelView(Product, db.session))
admin.add_link(MenuLink(name="Tasks", url="/admin/tasks"))