From 866a2cea20f7097343a6d6871e886e6e038d2fc4 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Mon, 23 Jun 2025 16:48:14 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(backend)=20specify=20expl?=
 =?UTF-8?q?icit=20imports=20to=20limit=20security=20exposure?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace wildcard imports with specific function imports, particularly for
OS package which could expose dangerous functions. Follows security audit
recommendations to minimize attack surface.
---
 src/backend/manage.py          |  6 +++---
 src/backend/meet/celery_app.py |  6 +++---
 src/backend/meet/settings.py   | 16 ++++++++--------
 src/backend/meet/wsgi.py       |  6 +++---
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/backend/manage.py b/src/backend/manage.py
index 4e53fdca..839b164a 100644
--- a/src/backend/manage.py
+++ b/src/backend/manage.py
@@ -3,12 +3,12 @@
 meet's sandbox management script.
 """
 
-import os
 import sys
+from os import environ
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-    os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+    environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+    environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
     from configurations.management import execute_from_command_line
 
diff --git a/src/backend/meet/celery_app.py b/src/backend/meet/celery_app.py
index 1fd3b697..96ee6a96 100644
--- a/src/backend/meet/celery_app.py
+++ b/src/backend/meet/celery_app.py
@@ -1,13 +1,13 @@
 """Meet celery configuration file."""
 
-import os
+from os import environ
 
 from celery import Celery
 from configurations.importer import install
 
 # Set the default Django settings module for the 'celery' program.
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
 install(check_options=True)
 
diff --git a/src/backend/meet/settings.py b/src/backend/meet/settings.py
index c11c4a20..09931673 100755
--- a/src/backend/meet/settings.py
+++ b/src/backend/meet/settings.py
@@ -11,7 +11,7 @@ https://docs.djangoproject.com/en/3.1/ref/settings/
 """
 
 import json
-import os
+from os import path
 from socket import gethostbyname, gethostname
 
 from django.utils.translation import gettext_lazy as _
@@ -22,7 +22,7 @@ from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.logging import ignore_logger
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = path.dirname(path.dirname(path.abspath(__file__)))
 
 
 def get_release():
@@ -38,7 +38,7 @@ def get_release():
     # Try to get the current release from the version.json file generated by the
     # CI during the Docker image build
     try:
-        with open(os.path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
+        with open(path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
             return json.load(version)["version"]
     except FileNotFoundError:
         return "NA"  # Default: not available
@@ -69,7 +69,7 @@ class Base(Configuration):
 
     API_VERSION = "v1.0"
 
-    DATA_DIR = values.Value(os.path.join("/", "data"), environ_name="DATA_DIR")
+    DATA_DIR = values.Value(path.join("/", "data"), environ_name="DATA_DIR")
 
     # Security
     ALLOWED_HOSTS = values.ListValue([])
@@ -106,9 +106,9 @@ class Base(Configuration):
 
     # Static files (CSS, JavaScript, Images)
     STATIC_URL = "/static/"
-    STATIC_ROOT = os.path.join(DATA_DIR, "static")
+    STATIC_ROOT = path.join(DATA_DIR, "static")
     MEDIA_URL = "/media/"
-    MEDIA_ROOT = os.path.join(DATA_DIR, "media")
+    MEDIA_ROOT = path.join(DATA_DIR, "media")
 
     SITE_ID = 1
 
@@ -166,7 +166,7 @@ class Base(Configuration):
         )
     )
 
-    LOCALE_PATHS = (os.path.join(BASE_DIR, "locale"),)
+    LOCALE_PATHS = (path.join(BASE_DIR, "locale"),)
 
     TIME_ZONE = "UTC"
     USE_I18N = True
@@ -176,7 +176,7 @@ class Base(Configuration):
     TEMPLATES = [
         {
             "BACKEND": "django.template.backends.django.DjangoTemplates",
-            "DIRS": [os.path.join(BASE_DIR, "templates")],
+            "DIRS": [path.join(BASE_DIR, "templates")],
             "OPTIONS": {
                 "context_processors": [
                     "django.contrib.auth.context_processors.auth",
diff --git a/src/backend/meet/wsgi.py b/src/backend/meet/wsgi.py
index 19835f8c..67c529b6 100644
--- a/src/backend/meet/wsgi.py
+++ b/src/backend/meet/wsgi.py
@@ -7,11 +7,11 @@ For more information on this file, see
 https://docs.djangoproject.com/en/3.1/howto/deployment/wsgi/
 """
 
-import os
+from os import environ
 
 from configurations.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
 application = get_wsgi_application()