🔒️(backend) specify explicit imports to limit security exposure

Replace wildcard imports with specific function imports, particularly for
OS package which could expose dangerous functions. Follows security audit
recommendations to minimize attack surface.

src/backend/manage.py

@@ -3,12 +3,12 @@
 meet's sandbox management script.
 """
 
-import os
 import sys
+from os import environ
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+    environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-    os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+    environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
     from configurations.management import execute_from_command_line
 

src/backend/meet/celery_app.py

@@ -1,13 +1,13 @@
 """Meet celery configuration file."""
 
-import os
+from os import environ
 
 from celery import Celery
 from configurations.importer import install
 
 # Set the default Django settings module for the 'celery' program.
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
 install(check_options=True)
 

src/backend/meet/settings.py

@@ -11,7 +11,7 @@ https://docs.djangoproject.com/en/3.1/ref/settings/
 """
 
 import json
-import os
+from os import path
 from socket import gethostbyname, gethostname
 
 from django.utils.translation import gettext_lazy as _
@@ -22,7 +22,7 @@ from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.logging import ignore_logger
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = path.dirname(path.dirname(path.abspath(__file__)))
 
 
 def get_release():
@@ -38,7 +38,7 @@ def get_release():
     # Try to get the current release from the version.json file generated by the
     # CI during the Docker image build
     try:
-        with open(os.path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
+        with open(path.join(BASE_DIR, "version.json"), encoding="utf8") as version:
             return json.load(version)["version"]
     except FileNotFoundError:
         return "NA"  # Default: not available
@@ -69,7 +69,7 @@ class Base(Configuration):
 
     API_VERSION = "v1.0"
 
-    DATA_DIR = values.Value(os.path.join("/", "data"), environ_name="DATA_DIR")
+    DATA_DIR = values.Value(path.join("/", "data"), environ_name="DATA_DIR")
 
     # Security
     ALLOWED_HOSTS = values.ListValue([])
@@ -106,9 +106,9 @@ class Base(Configuration):
 
     # Static files (CSS, JavaScript, Images)
     STATIC_URL = "/static/"
-    STATIC_ROOT = os.path.join(DATA_DIR, "static")
+    STATIC_ROOT = path.join(DATA_DIR, "static")
     MEDIA_URL = "/media/"
-    MEDIA_ROOT = os.path.join(DATA_DIR, "media")
+    MEDIA_ROOT = path.join(DATA_DIR, "media")
 
     SITE_ID = 1
 
@@ -166,7 +166,7 @@ class Base(Configuration):
         )
     )
 
-    LOCALE_PATHS = (os.path.join(BASE_DIR, "locale"),)
+    LOCALE_PATHS = (path.join(BASE_DIR, "locale"),)
 
     TIME_ZONE = "UTC"
     USE_I18N = True
@@ -176,7 +176,7 @@ class Base(Configuration):
     TEMPLATES = [
         {
             "BACKEND": "django.template.backends.django.DjangoTemplates",
-            "DIRS": [os.path.join(BASE_DIR, "templates")],
+            "DIRS": [path.join(BASE_DIR, "templates")],
             "OPTIONS": {
                 "context_processors": [
                     "django.contrib.auth.context_processors.auth",

src/backend/meet/wsgi.py

@@ -7,11 +7,11 @@ For more information on this file, see
 https://docs.djangoproject.com/en/3.1/howto/deployment/wsgi/
 """
 
-import os
+from os import environ
 
 from configurations.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
+environ.setdefault("DJANGO_SETTINGS_MODULE", "meet.settings")
-os.environ.setdefault("DJANGO_CONFIGURATION", "Development")
+environ.setdefault("DJANGO_CONFIGURATION", "Development")
 
 application = get_wsgi_application()