From 3565d24bce31d2317e3ac23e672b7e758cef2311 Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Mon, 16 Dec 2024 14:39:43 +0100 Subject: [PATCH 1/4] werkzeug --- .../api_invoker_management/app.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py index 0a54348..46a5523 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py @@ -127,6 +127,9 @@ app.add_api('openapi.yaml', app.app.config['JWT_ALGORITHM'] = 'RS256' app.app.config['JWT_PUBLIC_KEY'] = pub_data +# Limit the maximum allowed size for the body of a request +app.app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 + config = Config() -- GitLab From b2567adccc53f394ed20cedaaed0f2add4cf434e Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Mon, 16 Dec 2024 15:00:45 +0100 Subject: [PATCH 2/4] werkzeug removed --- .../api_invoker_management/app.py | 3 --- .../TS29222_CAPIF_API_Invoker_Management_API/requirements.txt | 1 - 2 files changed, 4 deletions(-) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py index 46a5523..0a54348 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py @@ -127,9 +127,6 @@ app.add_api('openapi.yaml', app.app.config['JWT_ALGORITHM'] = 'RS256' app.app.config['JWT_PUBLIC_KEY'] = pub_data -# Limit the maximum allowed size for the body of a request -app.app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 - config = Config() diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt index 34d990e..5d64a22 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt @@ -20,6 +20,5 @@ opentelemetry-api == 1.19.0 opentelemetry-sdk == 1.19.0 flask_executor == 1.0.0 Flask-APScheduler == 1.13.1 -werkzeug == 3.0.4 gunicorn == 22.0.0 packaging == 24.0 \ No newline at end of file -- GitLab From 83b9ec5fd82693ed4d542afdc06945980aaa441d Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Tue, 17 Dec 2024 12:10:19 +0100 Subject: [PATCH 3/4] Resolved some security issues --- .../requirements.txt | 19 ++++++++++--------- .../capif_events/core/notifications.py | 2 +- .../capif_security/core/notification.py | 2 +- services/mock_server/mock_server.py | 2 +- .../core/register_operations.py | 2 +- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt index 5d64a22..c28e5fb 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt @@ -6,19 +6,20 @@ Flask == 3.0.3 pymongo == 4.7.3 redis == 4.5.4 flask_jwt_extended == 4.6.0 -cryptography == 42.0.8 +cryptography == 43.0.1 rfc3987 == 1.3.8 -opentelemetry-instrumentation == 0.40b0 -opentelemetry-instrumentation-flask == 0.40b0 -opentelemetry-instrumentation-redis == 0.40b0 -opentelemetry-instrumentation-pymongo == 0.40b0 -opentelemetry-exporter-otlp == 1.19.0 -opentelemetry-exporter-jaeger == 1.19.0 +opentelemetry-instrumentation == 0.41b0 +opentelemetry-instrumentation-flask == 0.41b0 +opentelemetry-instrumentation-redis == 0.41b0 +opentelemetry-instrumentation-pymongo == 0.41b0 +opentelemetry-exporter-otlp == 1.20.0 +opentelemetry-exporter-jaeger == 1.20.0 fluent == 0.10.0 fluent-logger == 0.10.0 -opentelemetry-api == 1.19.0 -opentelemetry-sdk == 1.19.0 +opentelemetry-api == 1.20.0 +opentelemetry-sdk == 1.20.0 flask_executor == 1.0.0 Flask-APScheduler == 1.13.1 +werkzeug == 3.0.6 gunicorn == 22.0.0 packaging == 24.0 \ No newline at end of file diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py index c6dae59..b59869b 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py @@ -67,7 +67,7 @@ class Notifications(): def request_post(self, url, data): headers = {'content-type': 'application/json'} - return requests.post(url, json={'text': str(data.to_str())}, headers=headers) + return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=10) async def send_request(self, url, data): async with aiohttp.ClientSession() as session: diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py index 2efad5f..6936d13 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py @@ -9,4 +9,4 @@ class Notifications(): def request_post(self, url, data): headers = {'content-type': 'application/json'} - return requests.post(url, json={'text': str(data.to_str())}, headers=headers) \ No newline at end of file + return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=10) \ No newline at end of file diff --git a/services/mock_server/mock_server.py b/services/mock_server/mock_server.py index a3d26b8..db6b26f 100644 --- a/services/mock_server/mock_server.py +++ b/services/mock_server/mock_server.py @@ -57,4 +57,4 @@ def requests_list(): configure_logging(app) if __name__ == '__main__': - app.run(host=os.environ.get("IP",'0.0.0.0'),port=os.environ.get("PORT",9100),debug=True) + app.run(host=os.environ.get("IP",'0.0.0.0'),port=os.environ.get("PORT",9100)) diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 42627fd..2375578 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -73,7 +73,7 @@ class RegisterOperations: try: url = f"https://{self.config["ccf"]["url"]}{self.config["ccf"]["helper_remove_user"]}{uuid}" - requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt") + requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt", timeout=10) mycol.delete_one({"uuid": uuid}) current_app.logger.debug(f"User with uuid {uuid} removed successfully") -- GitLab From 2caae6aeca260924fc3806530f8580d0ee9424a7 Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Wed, 18 Dec 2024 11:14:13 +0100 Subject: [PATCH 4/4] Timeout env --- .../capif_events/core/notifications.py | 3 ++- .../capif_security/core/notification.py | 3 ++- services/docker-compose-capif.yml | 2 ++ services/docker-compose-mock-server.yml | 2 ++ services/docker-compose-register.yml | 1 + services/mock_server/mock_server.py | 4 +++- .../register/register_service/core/register_operations.py | 3 ++- 7 files changed, 14 insertions(+), 4 deletions(-) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py index b59869b..9df3ad4 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py @@ -13,6 +13,7 @@ from flask import current_app import asyncio import aiohttp from util import dict_to_camel_case, clean_empty, serialize_clean_camel_case +import os class Notifications(): @@ -67,7 +68,7 @@ class Notifications(): def request_post(self, url, data): headers = {'content-type': 'application/json'} - return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=10) + return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=os.getenv("TIMEOUT")) async def send_request(self, url, data): async with aiohttp.ClientSession() as session: diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py index 6936d13..795dd0b 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py @@ -1,4 +1,5 @@ import requests +import os class Notifications(): @@ -9,4 +10,4 @@ class Notifications(): def request_post(self, url, data): headers = {'content-type': 'application/json'} - return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=10) \ No newline at end of file + return requests.post(url, json={'text': str(data.to_str())}, headers=headers, timeout=int(os.getenv("TIMEOUT"))) \ No newline at end of file diff --git a/services/docker-compose-capif.yml b/services/docker-compose-capif.yml index 8aa7d02..799b52a 100644 --- a/services/docker-compose-capif.yml +++ b/services/docker-compose-capif.yml @@ -158,6 +158,7 @@ services: - CONTAINER_NAME=api-events - MONITORING=${MONITORING} - LOG_LEVEL=${LOG_LEVEL} + - TIMEOUT=10 extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -232,6 +233,7 @@ services: - VAULT_ACCESS_TOKEN=dev-only-token - VAULT_PORT=8200 - LOG_LEVEL=${LOG_LEVEL} + - TIMEOUT=10 extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway diff --git a/services/docker-compose-mock-server.yml b/services/docker-compose-mock-server.yml index 2529b8d..d769505 100644 --- a/services/docker-compose-mock-server.yml +++ b/services/docker-compose-mock-server.yml @@ -8,6 +8,8 @@ services: - ./mock_server:/usr/src/app extra_hosts: - host.docker.internal:host-gateway + environment: + - DEBUG_MODE=True restart: unless-stopped image: labs.etsi.org:5050/ocf/capif/mock_server:latest diff --git a/services/docker-compose-register.yml b/services/docker-compose-register.yml index 3e29bb6..011e906 100644 --- a/services/docker-compose-register.yml +++ b/services/docker-compose-register.yml @@ -12,6 +12,7 @@ services: - VAULT_ACCESS_TOKEN=dev-only-token - VAULT_PORT=8200 - LOG_LEVEL=${LOG_LEVEL} + - TIMEOUT=10 extra_hosts: - host.docker.internal:host-gateway - vault:host-gateway diff --git a/services/mock_server/mock_server.py b/services/mock_server/mock_server.py index db6b26f..a07c5ef 100644 --- a/services/mock_server/mock_server.py +++ b/services/mock_server/mock_server.py @@ -56,5 +56,7 @@ def requests_list(): configure_logging(app) +debug_mode = os.getenv('DEBUG_MODE', 'False').lower() in ['true', '1'] + if __name__ == '__main__': - app.run(host=os.environ.get("IP",'0.0.0.0'),port=os.environ.get("PORT",9100)) + app.run(host=os.environ.get("IP",'0.0.0.0'),port=os.environ.get("PORT",9100), debug=debug_mode) diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 2375578..10850ab 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -5,6 +5,7 @@ from datetime import datetime from config import Config import requests import uuid +import os class RegisterOperations: @@ -73,7 +74,7 @@ class RegisterOperations: try: url = f"https://{self.config["ccf"]["url"]}{self.config["ccf"]["helper_remove_user"]}{uuid}" - requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt", timeout=10) + requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt", timeout=int(os.getenv("TIMEOUT"))) mycol.delete_one({"uuid": uuid}) current_app.logger.debug(f"User with uuid {uuid} removed successfully") -- GitLab