Flask-SecurityTxt


NameFlask-SecurityTxt JSON
Version 1.3.6 PyPI version JSON
download
home_pageNone
SummaryFlask-SecurityTxt is a Flask extension for creating and serving security.txt files which provide information on reporting security vulnerabilities.
upload_time2024-06-23 19:48:06
maintainerNone
docs_urlNone
authorNone
requires_pythonNone
licenseLICENCE
keywords web security security.txt
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Flask-SecurityTxt

Flask-SecurityTxt is a simple extension for Flask that makes it easy to add a 
security.txt file to your website. This file, as specified by the [Internet 
Security Research Group](https://securitytxt.org/), is used to provide 
information to security researchers about how to report vulnerabilities in your 
website.

## Installation

You can install Flask-SecurityTxt using pip:

```bash
pip install flask-securitytxt
```

## Usage

```python
from flask import Flask
from flask_security_txt import SecurityTxt

app = Flask(__name__)
security_txt = SecurityTxt(app)
```

You can also customize the contents of the security.txt file by providing the
following settings in the configuration file:

| Property                           | Type                | Default                 | Description                                                                                                                                                                                                                                                                              |
|------------------------------------|---------------------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `SECURITY_TXT_ENDPOINT`            | `str`               | `"security_txt"`        | The name by which the end-point will be known to the Flask-app.                                                                                                                                                                                                                          |
| `WELL_KNOWN_DIR`                   | `str`               | `".well-known"`         | The name of the directory that will contain the security.txt file.                                                                                                                                                                                                                       |
| `SECURITY_TXT_FILE_NAME`           | `str`               | `"security.txt"`        | The name of the security.txt file.                                                                                                                                                                                                                                                       |
| `SECURITY_TXT_SIGN_KEY`            | `str`               | `None`                  | The name of a file containing a GPG-key used for signing the security.txt file.                                                                                                                                                                                                          |
| `SECURITY_TXT_CONTACT`             | `str` `Iterable`    | `None`                  | The value of the `contact` field. An `Iterable` type value will result in multiple `contact` fields. The `contact` field value is automatically generated using ` SECURITY_TXT_CONTACT_MAILBOX` if `None`.                                                                               |
| `SECURITY_TXT_CONTACT_MAILBOX`     | `str`               | `"security"`            | The local part of the automatically generated `contact` email address. Only used if `SECURITY_TXT_CONTACT` is `None`.                                                                                                                                                                    |
| `SECURITY_TXT_EXPIRES`             | `str` `datetime`    | `None`                  | The value of the `expires` field. A `datetime` type value will result in a ISO-formatted timestamp string. The `expires` field value is automatically generated using `SECURITY_TXT_OFFSET` if `None`.                                                                                   |
| `SECURITY_TXT_EXPIRES_OFFSET`      | `tuple` `timedelta` | `(0, 0, 0, 0, 0, 0, 1)` | The offset to be applied to `datetime.now()` in order to automatically generate the value of the `expires` field. A `tuple` type will be unpacked and passed to the `timedelta` constructor, which interprets it as days, seconds, microseconds, milliseconds, minutes, hours and weeks. |
| `SECURITY_TXT_ENCRYPTION`          | `str` `Iterable`    | `None`                  | The value of the `encryption` field. An `Iterable` type value will result in multiple `encryption` fields, a value of `None` will omit the `encryption` field.                                                                                                                           |
| `SECURITY_TXT_ACKNOWLEDGMENTS`     | `str` `Iterable`    | `None`                  | The value of the `acknowledgments` field. An `Iterable` type value will result in multiple `acknowledgments` fields, a value of `None` will omit the `acknowledgments` field.                                                                                                            |
| `SECURITY_TXT_PREFERRED_LANGUAGES` | `str` `Iterable`    | `None`                  | The value of the `languages` field. An `Iterable` type value will result in a comma-separated string. The `languages` field value is attempted to be automatically generated using the available translations listed by the `Flask-Babel` extension if `None`.                           |
| `SECURITY_TXT_CANONICAL`           | `str`               | `None`                  | The value of the `canonical` field. The `canonical` field value is automatically generated using a HTTPS-scheme, the host-name of the current request and the URL associated with the security.txt end-point, as named in `SECURITY_TXT_ENDPOINT`.                                       |
| `SECURITY_TXT_POLICY`              | `str` `Iterable`    | `None`                  | The value of the `policy` field. An `Iterable` type value will result in multiple `policy` fields, a value of `None` will omit the `policy` field.                                                                                                                                       |
| `SECURITY_TXT_HIRING`              | `str` `Iterable`    | `None`                  | The value of the `hiring` field. An `Iterable` type value will result in multiple `hiring` fields, a value of `None` will omit the `hiring` field.                                                                                                                                       |
| `SECURITY_TXT_HEADER`              | `str`               | <default header>        | A comment added to the start of the security.txt                                                                                                                                                                                                                                         |
| `SECURITY_TXT_FOOTER`              | `str`               | `None`                  |                                                                                                                                                                                                                                                                                          |

### Configuring Comments

For each property that directly controls that value of a field, a comment can
be added on the preceding line(s) by configuring the property name 
`SECURITY_TXT_<PROPERTY>_COMMENT`. Note that it is up to the developer to
optionally add whitespace and prepend each line of the comment with a `#`.

### Configuring Contact Details

The `Contact` field of the security.txt file can be configured with one of 
two different ways. First of all, the whole value string can be defined
using the `SECURITY_TXT_CONTACT` property. This take precedence over the
alternative method, which uses the `SECURITY_TXT_CONTACT_MAILBOX` property.
The value of this property is combined with the domain name of the current
host, as it is known to Flask. The latter method is less reliable, as such the
prior method is preferred if possible. By default, the contact is set to be
"security@<domain>", with the domain name being provided by Flask.

## Example

A security.txt file will be available in your website's `.well-known` 
directory, with the following contents:

```text
Contact: mailto:security@example.com
Encryption: https://example.com/key.asc
Canonical: https://example.com/.well-known/security.txt
```

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "Flask-SecurityTxt",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "web, security, security.txt",
    "author": null,
    "author_email": "\"M. P. van de Weerd\" <michael@parcifal.dev>",
    "download_url": "https://files.pythonhosted.org/packages/03/38/f5fe0f5853639a59622e2cab2c55602877ac7abcc6d9fa26fe0676b6f786/flask_securitytxt-1.3.6.tar.gz",
    "platform": null,
    "description": "# Flask-SecurityTxt\n\nFlask-SecurityTxt is a simple extension for Flask that makes it easy to add a \nsecurity.txt file to your website. This file, as specified by the [Internet \nSecurity Research Group](https://securitytxt.org/), is used to provide \ninformation to security researchers about how to report vulnerabilities in your \nwebsite.\n\n## Installation\n\nYou can install Flask-SecurityTxt using pip:\n\n```bash\npip install flask-securitytxt\n```\n\n## Usage\n\n```python\nfrom flask import Flask\nfrom flask_security_txt import SecurityTxt\n\napp = Flask(__name__)\nsecurity_txt = SecurityTxt(app)\n```\n\nYou can also customize the contents of the security.txt file by providing the\nfollowing settings in the configuration file:\n\n| Property                           | Type                | Default                 | Description                                                                                                                                                                                                                                                                              |\n|------------------------------------|---------------------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `SECURITY_TXT_ENDPOINT`            | `str`               | `\"security_txt\"`        | The name by which the end-point will be known to the Flask-app.                                                                                                                                                                                                                          |\n| `WELL_KNOWN_DIR`                   | `str`               | `\".well-known\"`         | The name of the directory that will contain the security.txt file.                                                                                                                                                                                                                       |\n| `SECURITY_TXT_FILE_NAME`           | `str`               | `\"security.txt\"`        | The name of the security.txt file.                                                                                                                                                                                                                                                       |\n| `SECURITY_TXT_SIGN_KEY`            | `str`               | `None`                  | The name of a file containing a GPG-key used for signing the security.txt file.                                                                                                                                                                                                          |\n| `SECURITY_TXT_CONTACT`             | `str` `Iterable`    | `None`                  | The value of the `contact` field. An `Iterable` type value will result in multiple `contact` fields. The `contact` field value is automatically generated using ` SECURITY_TXT_CONTACT_MAILBOX` if `None`.                                                                               |\n| `SECURITY_TXT_CONTACT_MAILBOX`     | `str`               | `\"security\"`            | The local part of the automatically generated `contact` email address. Only used if `SECURITY_TXT_CONTACT` is `None`.                                                                                                                                                                    |\n| `SECURITY_TXT_EXPIRES`             | `str` `datetime`    | `None`                  | The value of the `expires` field. A `datetime` type value will result in a ISO-formatted timestamp string. The `expires` field value is automatically generated using `SECURITY_TXT_OFFSET` if `None`.                                                                                   |\n| `SECURITY_TXT_EXPIRES_OFFSET`      | `tuple` `timedelta` | `(0, 0, 0, 0, 0, 0, 1)` | The offset to be applied to `datetime.now()` in order to automatically generate the value of the `expires` field. A `tuple` type will be unpacked and passed to the `timedelta` constructor, which interprets it as days, seconds, microseconds, milliseconds, minutes, hours and weeks. |\n| `SECURITY_TXT_ENCRYPTION`          | `str` `Iterable`    | `None`                  | The value of the `encryption` field. An `Iterable` type value will result in multiple `encryption` fields, a value of `None` will omit the `encryption` field.                                                                                                                           |\n| `SECURITY_TXT_ACKNOWLEDGMENTS`     | `str` `Iterable`    | `None`                  | The value of the `acknowledgments` field. An `Iterable` type value will result in multiple `acknowledgments` fields, a value of `None` will omit the `acknowledgments` field.                                                                                                            |\n| `SECURITY_TXT_PREFERRED_LANGUAGES` | `str` `Iterable`    | `None`                  | The value of the `languages` field. An `Iterable` type value will result in a comma-separated string. The `languages` field value is attempted to be automatically generated using the available translations listed by the `Flask-Babel` extension if `None`.                           |\n| `SECURITY_TXT_CANONICAL`           | `str`               | `None`                  | The value of the `canonical` field. The `canonical` field value is automatically generated using a HTTPS-scheme, the host-name of the current request and the URL associated with the security.txt end-point, as named in `SECURITY_TXT_ENDPOINT`.                                       |\n| `SECURITY_TXT_POLICY`              | `str` `Iterable`    | `None`                  | The value of the `policy` field. An `Iterable` type value will result in multiple `policy` fields, a value of `None` will omit the `policy` field.                                                                                                                                       |\n| `SECURITY_TXT_HIRING`              | `str` `Iterable`    | `None`                  | The value of the `hiring` field. An `Iterable` type value will result in multiple `hiring` fields, a value of `None` will omit the `hiring` field.                                                                                                                                       |\n| `SECURITY_TXT_HEADER`              | `str`               | <default header>        | A comment added to the start of the security.txt                                                                                                                                                                                                                                         |\n| `SECURITY_TXT_FOOTER`              | `str`               | `None`                  |                                                                                                                                                                                                                                                                                          |\n\n### Configuring Comments\n\nFor each property that directly controls that value of a field, a comment can\nbe added on the preceding line(s) by configuring the property name \n`SECURITY_TXT_<PROPERTY>_COMMENT`. Note that it is up to the developer to\noptionally add whitespace and prepend each line of the comment with a `#`.\n\n### Configuring Contact Details\n\nThe `Contact` field of the security.txt file can be configured with one of \ntwo different ways. First of all, the whole value string can be defined\nusing the `SECURITY_TXT_CONTACT` property. This take precedence over the\nalternative method, which uses the `SECURITY_TXT_CONTACT_MAILBOX` property.\nThe value of this property is combined with the domain name of the current\nhost, as it is known to Flask. The latter method is less reliable, as such the\nprior method is preferred if possible. By default, the contact is set to be\n\"security@<domain>\", with the domain name being provided by Flask.\n\n## Example\n\nA security.txt file will be available in your website's `.well-known` \ndirectory, with the following contents:\n\n```text\nContact: mailto:security@example.com\nEncryption: https://example.com/key.asc\nCanonical: https://example.com/.well-known/security.txt\n```\n",
    "bugtrack_url": null,
    "license": "LICENCE",
    "summary": "Flask-SecurityTxt is a Flask extension for creating and serving security.txt files which provide information on reporting security vulnerabilities.",
    "version": "1.3.6",
    "project_urls": {
        "Bug Tracker": "https://gitlab.com/parcifal/flask-security-txt/-/issues",
        "Homepage": "https://gitlab.com/parcifal/flask-security-txt"
    },
    "split_keywords": [
        "web",
        " security",
        " security.txt"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "90a3e46bd2ce43fce9c214f97b811304a88380260cc74a0356e6725383f3f49f",
                "md5": "5b4082b85af421cba97a41543185a5d1",
                "sha256": "498dcf2e1f055d2f9d11944fefd09d25fb45fdfd1eb0107b01f5a44f343d4fad"
            },
            "downloads": -1,
            "filename": "Flask_SecurityTxt-1.3.6-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "5b4082b85af421cba97a41543185a5d1",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 18525,
            "upload_time": "2024-06-23T19:48:05",
            "upload_time_iso_8601": "2024-06-23T19:48:05.230594Z",
            "url": "https://files.pythonhosted.org/packages/90/a3/e46bd2ce43fce9c214f97b811304a88380260cc74a0356e6725383f3f49f/Flask_SecurityTxt-1.3.6-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "0338f5fe0f5853639a59622e2cab2c55602877ac7abcc6d9fa26fe0676b6f786",
                "md5": "16d5386f2b894a3b3d96161e5e848aec",
                "sha256": "831776a677735493c93afb0b3a8b3e64d3d08050cd01114aa25f01c7d39b0bd1"
            },
            "downloads": -1,
            "filename": "flask_securitytxt-1.3.6.tar.gz",
            "has_sig": false,
            "md5_digest": "16d5386f2b894a3b3d96161e5e848aec",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 20786,
            "upload_time": "2024-06-23T19:48:06",
            "upload_time_iso_8601": "2024-06-23T19:48:06.993353Z",
            "url": "https://files.pythonhosted.org/packages/03/38/f5fe0f5853639a59622e2cab2c55602877ac7abcc6d9fa26fe0676b6f786/flask_securitytxt-1.3.6.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-23 19:48:06",
    "github": false,
    "gitlab": true,
    "bitbucket": false,
    "codeberg": false,
    "gitlab_user": "parcifal",
    "gitlab_project": "flask-security-txt",
    "lcname": "flask-securitytxt"
}
        
Elapsed time: 0.45202s