Merge pull request #59 from jkfran/security-txt

Added support for security.txt files
canonical · Apr 26, 2022 · 34b5868 · 34b5868
2 parents 90a5ff7 + 0ac93ba
commit 34b5868
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# 1.0.4 (2022-04-26)
+
+Added support for security.txt files
+
+# 1.0.3 (2022-03-29)
+
+Fix dependencies for Flask 1.1.x: jinja2
+
 # 1.0.2 (2022-03-21)
 
 Pass through error messages from flask.abort to 404.html and 500.html templates

diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py
@@ -277,6 +277,7 @@ def favicon():
 
         robots_path = os.path.join(self.root_path, "..", "robots.txt")
         humans_path = os.path.join(self.root_path, "..", "humans.txt")
+        security_path = os.path.join(self.root_path, "..", "security.txt")
 
         if os.path.isfile(robots_path):
 
@@ -289,3 +290,9 @@ def robots():
             @self.route("/humans.txt")
             def humans():
                 return flask.send_file(humans_path)
+
+        if os.path.isfile(security_path):
+
+            @self.route("/.well-known/security.txt")
+            def security():
+                return flask.send_file(security_path)
diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name="canonicalwebteam.flask-base",
-    version="1.0.3",
+    version="1.0.4",
     description=(
         "Flask extension that applies common configurations"
         "to all of webteam's flask apps."

diff --git a/tests/test_app/security.txt b/tests/test_app/security.txt
@@ -0,0 +1 @@
+security is very important!
diff --git a/tests/test_flask_base.py b/tests/test_flask_base.py
@@ -215,20 +215,25 @@ def test_favicon_serve(self):
             response = client.get("/favicon.ico")
             self.assertEqual(200, response.status_code)
 
-    def test_robots_humans(self):
+    def test_text_files(self):
         """
-        If `robots.txt` and `humans.txt` are provided at the root of the
-        project, check requests to `/robots.txt` load the content
+        If `robots.txt`, `humans.txt`, `security.txt` are provided at the root
+        of the project, check requests to `/robots.txt` load the content
         """
 
         with create_test_app().test_client() as client:
             warnings.simplefilter("ignore", ResourceWarning)
             robots_response = client.get("robots.txt")
             humans_response = client.get("humans.txt")
+            security_response = client.get("/.well-known/security.txt")
             self.assertEqual(200, robots_response.status_code)
             self.assertEqual(200, humans_response.status_code)
+            self.assertEqual(200, security_response.status_code)
             self.assertEqual(robots_response.data, b"robots!")
             self.assertEqual(humans_response.data, b"humans!")
+            self.assertEqual(
+                security_response.data, b"security is very important!"
+            )
 
     def test_error_pages(self):
         """