71 lines
No EOL
1.9 KiB
Python
71 lines
No EOL
1.9 KiB
Python
"""
|
|
Security utilities for the NetViz application.
|
|
"""
|
|
from typing import Dict, Any
|
|
import secrets
|
|
import string
|
|
|
|
|
|
def get_secure_headers() -> Dict[str, Any]:
|
|
"""
|
|
Get secure headers configuration for Flask-Talisman.
|
|
|
|
Returns:
|
|
Dict with security header configuration
|
|
"""
|
|
return {
|
|
'content_security_policy': {
|
|
'default-src': "'self'",
|
|
'img-src': "'self' data:",
|
|
'style-src': "'self' 'unsafe-inline'", # Needed for Tailwind
|
|
'script-src': "'self' 'unsafe-inline'", # Needed for HTMX
|
|
'font-src': "'self'"
|
|
},
|
|
'force_https': False, # Set to True in production
|
|
'strict_transport_security': True,
|
|
'strict_transport_security_max_age': 31536000,
|
|
'strict_transport_security_include_subdomains': True,
|
|
'referrer_policy': 'strict-origin-when-cross-origin',
|
|
'frame_options': 'DENY',
|
|
'session_cookie_secure': False, # Set to True in production
|
|
'session_cookie_http_only': True
|
|
}
|
|
|
|
|
|
def generate_password() -> str:
|
|
"""
|
|
Generate a secure random password.
|
|
|
|
Returns:
|
|
A secure random password string
|
|
"""
|
|
alphabet = string.ascii_letters + string.digits + string.punctuation
|
|
password = ''.join(secrets.choice(alphabet) for _ in range(16))
|
|
return password
|
|
|
|
|
|
def sanitize_input(input_string: str) -> str:
|
|
"""
|
|
Sanitize user input to prevent XSS attacks.
|
|
|
|
Args:
|
|
input_string: The input string to sanitize
|
|
|
|
Returns:
|
|
Sanitized string
|
|
"""
|
|
# Replace problematic characters with HTML entities
|
|
replacements = {
|
|
'<': '<',
|
|
'>': '>',
|
|
'"': '"',
|
|
"'": ''',
|
|
'/': '/',
|
|
'\\': '\',
|
|
'\n': '<br>',
|
|
}
|
|
|
|
for char, replacement in replacements.items():
|
|
input_string = input_string.replace(char, replacement)
|
|
|
|
return input_string |