Skip to content

Commit 34e9fc0

Browse files
SPotes22SPotes22
committed
fix(security): mitigación parcial de vulnerabilidad siguiendo guías OWASP 🔒
1 parent 2e16e9f commit 34e9fc0

3 files changed

Lines changed: 24 additions & 7 deletions

File tree

.gitignore

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
.env
2-
/venv
2+
env
3+
env/
4+
venv/
35
venv
46
*.key
57
*.sqlite3
@@ -11,3 +13,8 @@ AutoCommit.py
1113
check_files.py
1214
auditor
1315
auditor/
16+
review/
17+
node_modules/
18+
node_modules
19+
package.json
20+

cuarentena/pagina_inofensiva.html

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
<html>
2+
<body>
3+
<h1>Página Inofensiva</h1>
4+
<img src="http://127.0.0.1:8080/logout" width="0" height="0">
5+
</body>
6+
</html>

servidor.py

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,14 @@
4343
argon2 = Argon2(app)
4444
ph = PasswordHasher()
4545

46+
print("configuracion inicial completada ...")
4647

4748
# --- CONFIGURACIÓN DE CARPETAS ---
4849
UPLOAD_FOLDER = './cuarentena'
4950
os.makedirs(UPLOAD_FOLDER, exist_ok=True)
5051
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
5152

53+
print("verificacion de archivos demo ...")
5254

5355
# --- USUARIOS BASE ---
5456
users = {
@@ -66,7 +68,8 @@
6668
}
6769
}
6870

69-
71+
print("usuarios base generados...")
72+
'''
7073
# --- DEMO USERS DESDE ENV ---
7174
try:
7275
demo_users_env = os.getenv("DEMO_USERS", "[]")
@@ -79,7 +82,8 @@
7982
except Exception as e:
8083
print(f"[WARN] No se pudieron cargar demo_users: {e}")
8184
82-
85+
print("usuarios demo creados ....")
86+
'''
8387
# --- LOGIN MANAGER ---
8488
login_manager = LoginManager(app)
8589
login_manager.login_view = 'login'
@@ -95,7 +99,7 @@ def load_user(user_id):
9599
return Usuario(user_id, users[user_id]['role'])
96100
return None
97101

98-
102+
print("login initializied... Starting app....")
99103
# --- RUTAS ---
100104
@app.route('/')
101105
def home():
@@ -120,7 +124,7 @@ def login():
120124
return render_template("login.html", error="Credenciales inválidas.")
121125
return render_template("login.html")
122126

123-
@app.route('/logout')
127+
@app.route('/logout',methods=['GET','POST'])
124128
@login_required
125129
def logout():
126130
logout_user()
@@ -217,7 +221,7 @@ def handle_message(data):
217221

218222
# --- INICIO ---
219223
if __name__ == '__main__':
220-
port = int(os.environ.get("PORT", 10000))
224+
port = int(os.environ.get("PORT", 8080))
221225
socketio.run(app, host='0.0.0.0', port=port) # 👉 Para gunicorn/render
222-
226+
print(f"app running at host : 0.0.0.0 and port {port}")
223227
application = app

0 commit comments

Comments
 (0)