Skip to main content

Flask-SecurityTxt is a Flask extension for creating and serving security.txt files which provide information on reporting security vulnerabilities.

Project description

Flask-SecurityTxt

Flask-SecurityTxt is a simple extension for Flask that makes it easy to add a security.txt file to your website. This file, as specified by the Internet Security Research Group, is used to provide information to security researchers about how to report vulnerabilities in your website.

Installation

You can install Flask-SecurityTxt using pip:

pip install flask-securitytxt

Usage

from flask import Flask
from flask_security_txt import SecurityTxt

app = Flask(__name__)
security_txt = SecurityTxt(app)

You can also customize the contents of the security.txt file by providing the following settings in the configuration file:

Property Type Default Description
SECURITY_TXT_ENDPOINT str "security_txt" The name by which the end-point will be known to the Flask-app.
WELL_KNOWN_DIR str ".well-known" The name of the directory that will contain the security.txt file.
SECURITY_TXT_FILE_NAME str "security.txt" The name of the security.txt file.
SECURITY_TXT_SIGN_KEY str None The name of a file containing a GPG-key used for signing the security.txt file.
SECURITY_TXT_CONTACT str Iterable None The value of the contact field. An Iterable type value will result in multiple contact fields. The contact field value is automatically generated using SECURITY_TXT_CONTACT_LOCAL_PART if None.
SECURITY_TXT_CONTACT_MAILBOX str "security" The local part of the automatically generated contact email address. Only used if SECURITY_TXT_CONTACT is None.
SECURITY_TXT_EXPIRES str datetime None The value of the expires field. A datetime type value will result in a ISO-formatted timestamp string. The expires field value is automatically generated using SECURITY_TXT_OFFSET if None.
SECURITY_TXT_EXPIRES_OFFSET tuple timedelta (0, 0, 0, 0, 0, 0, 1) The offset to be applied to datetime.now() in order to automatically generate the value of the expires field. A tuple type will be unpacked and passed to the timedelta constructor, which interprets it as days, seconds, microseconds, milliseconds, minutes, hours and weeks.
SECURITY_TXT_ENCRYPTION str Iterable None The value of the encryption field. An Iterable type value will result in multiple encryption fields, a value of None will omit the encryption field.
SECURITY_TXT_ACKNOWLEDGMENTS str Iterable None The value of the acknowledgments field. An Iterable type value will result in multiple acknowledgments fields, a value of None will omit the acknowledgments field.
SECURITY_TXT_PREFERRED_LANGUAGES str Iterable None The value of the languages field. An Iterable type value will result in a comma-separated string. The languages field value is attempted to be automatically generated using the available translations listed by the Flask-Babel extension if None.
SECURITY_TXT_CANONICAL str None The value of the canonical field. The canonical field value is automatically generated using a HTTPS-scheme, the host-name of the current request and the URL associated with the security.txt end-point, as named in SECURITY_TXT_ENDPOINT.
SECURITY_TXT_POLICY str Iterable None The value of the policy field. An Iterable type value will result in multiple policy fields, a value of None will omit the policy field.
SECURITY_TXT_HIRING str Iterable None The value of the hiring field. An Iterable type value will result in multiple hiring fields, a value of None will omit the hiring field.
SECURITY_TXT_HEADER str A comment added to the start of the security.txt
SECURITY_TXT_FOOTER str None

For each property that directly controls that value of a field, a comment can be added on the preceding line(s) by configuring the property name SECURITY_TXT_<PROPERTY>_COMMENT. Note that it is up to the developer to optionally add whitespace and prepend each line of the comment with a #.

Example

A security.txt file will be available in your website's .well-known directory, with the following contents:

Contact: mailto:security@example.com
Encryption: https://example.com/key.asc
Canonical: https://example.com/.well-known/security.txt

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Flask-SecurityTxt-1.3.4.tar.gz (20.3 kB view hashes)

Uploaded Source

Built Distribution

Flask_SecurityTxt-1.3.4-py3-none-any.whl (18.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page