🔒️(backend) specify explicit imports to limit security exposure

Replace wildcard imports with specific function imports, particularly for OS package which could expose dangerous functions. Follows security audit recommendations to minimize attack surface.
2025-06-23 16:48:14 +02:00
parent 17b1dde050
commit 866a2cea20
4 changed files with 17 additions and 17 deletions
--- a/src/backend/manage.py
+++ b/src/backend/manage.py
@@ -3,12 +3,12 @@
 meet's sandbox management script.
 """

-import os
 import sys
+from os import environ

 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-    os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+    environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+    environ.setdefault("DJANGO_CONFIGURATION", "Development")

    from configurations.management import execute_from_command_line

--- a/src/backend/meet/celery_app.py
+++ b/src/backend/meet/celery_app.py
@@ -1,13 +1,13 @@
 """Meet celery configuration file."""

-import os
+from os import environ

 from celery import Celery
 from configurations.importer import install

 # Set the default Django settings module for the 'celery' program.
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")

 install(check_options=True)

--- a/src/backend/meet/settings.py
+++ b/src/backend/meet/settings.py
@@ -11,7 +11,7 @@ https://docs.djangoproject.com/en/3.1/ref/settings/
 """

 import json
-import os
+from os import path
 from socket import gethostbyname, gethostname

 from django.utils.translation import gettext_lazy as _
@@ -22,7 +22,7 @@ from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.logging import ignore_logger

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = path.dirname(path.dirname(path.abspath(__file__)))


 def get_release():
@@ -38,7 +38,7 @@ def get_release():
    # Try to get the current release from the version.json file generated by the
    # CI during the Docker image build
    try:
-        with open(os.path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
+        with open(path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
            return json.load(version)["version"]
    except FileNotFoundError:
        return "NA"  # Default: not available
@@ -69,7 +69,7 @@ class Base(Configuration):

    API_VERSION = "v1.0"

-    DATA_DIR = values.Value(os.path.join("/", "data"), environ_name="DATA_DIR")
+    DATA_DIR = values.Value(path.join("/", "data"), environ_name="DATA_DIR")

    # Security
    ALLOWED_HOSTS = values.ListValue([])
@@ -106,9 +106,9 @@ class Base(Configuration):

    # Static files (CSS, JavaScript, Images)
    STATIC_URL = "/static/"
-    STATIC_ROOT = os.path.join(DATA_DIR, "static")
+    STATIC_ROOT = path.join(DATA_DIR, "static")
    MEDIA_URL = "/media/"
-    MEDIA_ROOT = os.path.join(DATA_DIR, "media")
+    MEDIA_ROOT = path.join(DATA_DIR, "media")

    SITE_ID = 1

@@ -166,7 +166,7 @@ class Base(Configuration):
        )
    )

-    LOCALE_PATHS = (os.path.join(BASE_DIR, "locale"),)
+    LOCALE_PATHS = (path.join(BASE_DIR, "locale"),)

    TIME_ZONE = "UTC"
    USE_I18N = True
@@ -176,7 +176,7 @@ class Base(Configuration):
    TEMPLATES = [
        {
            "BACKEND": "django.template.backends.django.DjangoTemplates",
-            "DIRS": [os.path.join(BASE_DIR, "templates")],
+            "DIRS": [path.join(BASE_DIR, "templates")],
            "OPTIONS": {
                "context_processors": [
                    "django.contrib.auth.context_processors.auth",
--- a/src/backend/meet/wsgi.py
+++ b/src/backend/meet/wsgi.py
@@ -7,11 +7,11 @@ For more information on this file, see
 https://docs.djangoproject.com/en/3.1/howto/deployment/wsgi/
 """

-import os
+from os import environ

 from configurations.wsgi import get_wsgi_application

-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")

 application = get_wsgi_application()