VeIiBddlmZddlZdZdZdZdZdZdd d Zd Z d d ddd ddZ ddiZ iZ iZ dZGddeZ ddlZdZdS#e$rddlZddlZejZdZYdSwxYw)) OrderedDictNDENY SAMEORIGINz ALLOW-FROMi>zstrict-origin-when-cross-originz'self'z'none') default-src object-srcLaxz1'self' themes.googleusercontent.com *.gstatic.comz%'self' www.google.com www.youtube.comzG'self' ajax.googleapis.com *.googleanalytics.com *.google-analytics.comz='self' ajax.googleapis.com fonts.googleapis.com *.gstatic.comz'self' *.gstatic.com)zfont-srcz frame-srcz script-srcz style-srcrrzbrowsing-topicsz() ceZdZdZddZeeedddeddde de ddde dde ddfdZ dZdZd Zd Zd Zd Zd ZdZdZdZdZdZdZdZdZdS)TalismanzB Talisman is a Flask extension for HTTP security headers. Nc *||j|fi|dSdSN)init_app)selfappkwargss \/var/www/html/MCyber-Diagnostic/venv/lib/python3.11/site-packages/flask_talisman/talisman.py__init__zTalisman.__init__Cs. ? DM# ( ( ( ( ( ( ( ?TFct|trt||_n||_t|trt||_n||_t|trt||_n||_||_||_||_| |_ | |_ | |_ | |_ | |_ t|trt||_n||_||_||_|jr|jt#d|pg|_|j|jjd<||_||_||jd<|r d|jd<||_||_||_||_||j||j| |j!dS)a Initialization. Args: app: A Flask application. feature_policy: A string or dictionary describing the feature policy for the response. permissions_policy: A string or dictionary describing the permissions policy for the response. document_policy: A string or dictionary describing the document policy for the response. force_https: Redirects non-http requests to https, disabled in debug mode. force_https_permanent: Uses 301 instead of 302 redirects. frame_options: Sets the X-Frame-Options header, defaults to SAMEORIGIN. frame_options_allow_from: Used when frame_options is set to ALLOW_FROM and is a string of domains to allow frame embedding. strict_transport_security: Sets HSTS headers. strict_transport_security_preload: Enables HSTS preload. See https://hstspreload.org. strict_transport_security_max_age: How long HSTS headers are honored by the browser. strict_transport_security_include_subdomains: Whether to include all subdomains when setting HSTS. content_security_policy: A string or dictionary describing the content security policy for the response. content_security_policy_report_uri: A string indicating the report URI used for CSP violation reports content_security_policy_report_only: Whether to set the CSP header as "report-only", which disables the enforcement by the browser and requires a "report-uri" parameter with a backend to receive the POST data content_security_policy_nonce_in: A list of csp sections to include a per-request nonce value in referrer_policy: A string describing the referrer policy for the response. session_cookie_secure: Forces the session cookie to only be sent over https. Disabled in debug mode. session_cookie_http_only: Prevents JavaScript from reading the session cookie. session_cookie_samesite: Sets samesite parameter on session cookie force_file_save: Prevents the user from opening a file download directly on >= IE 8 x_content_type_options: Prevents MIME type sniffing x_xss_protection: Prevents the page from loading when the browser detects reflected cross-site scripting attacks See README.rst for a detailed description of each option. Nz}Setting content_security_policy_report_only to True also requires a URI to be specified in content_security_policy_report_uri csp_nonceSESSION_COOKIE_SAMESITETSESSION_COOKIE_HTTPONLY)" isinstancedictrfeature_policypermissions_policydocument_policy force_httpsforce_https_permanent frame_optionsframe_options_allow_fromstrict_transport_security!strict_transport_security_preload!strict_transport_security_max_age,strict_transport_security_include_subdomainscontent_security_policy"content_security_policy_report_uri#content_security_policy_report_only ValueError content_security_policy_nonce_in _get_nonce jinja_envglobalsreferrer_policysession_cookie_secureconfigforce_file_savex_content_type_optionsx_xss_protectionrbefore_request _force_https _make_nonce after_request_set_response_headers)rrrrrrrr1r r!r"r#r$r%r&r'r(r*r.r/session_cookie_http_onlysession_cookie_samesiter2r3s rrzTalisman.init_appGsV nd + + 1"-n"="=D  "0D  ($ / / 9&12D&E&ED # #&8D # ot , , 3#.#?#?D #2D &%:"*(@%)B& - . . . 9 9 -t 4 4 C+67N+O+OD ( (+BD ( . / 0 0  3 67?566 6 - 2 -.2_ k*.%:"0G ,- # 948CJ0 1.&<# 0 4,--- 4+,,, $455555rc>tjjtjj}t |di}|d|j|d|j |d|j |d|j |d|j |d|j |d|j|d |j|S) Ntalisman_view_optionsrr r!r&r*rrr)flask current_appview_functionsgetrequestendpointgetattr setdefaultrr r!r&r*rrr)r view_function view_optionss r_get_local_optionszTalisman._get_local_optionssA)8<< M "$$  2B88   t/?@@@1CDDD &(E G G G %t'C E E E .  1 3 3 3  $"9 ; ; ; t3 5 5 5 d1   rc |jr|jjsd|jjd<|jjtjjtjjdddkg}| }|dr|t|sotjj drMtjj ddd }d }|jrd }t j|| }|Sd Sd Sd S)zZRedirect any non-https requests to https. Based largely on flask-sslify. TSESSION_COOKIE_SECUREX-Forwarded-Protohttphttpsrzhttp://zhttps://i.i-)codeN)r/rdebugr0r=rA is_secureheadersr@rGanyurl startswithreplacerredirect)rcriteria local_optionsrSrNrs rr5zTalisman._force_httpss  % @8> @;? 78 HN M # M ! % %&96 B Bg M  //11  ' H  } ++I66 m'// :qII-DN3T222      rc|}||j|||j|||j|||j|||j|||j||j|S)z5Applies all configured headers to the given response.) rG_set_feature_policy_headersrQ_set_permissions_policy_headers_set_document_policy_headers_set_frame_options_headers$_set_content_security_policy_headers_set_hsts_headers_set_referrer_policy_headers)rresponseoptionss rr8zTalisman._set_response_headers s))++ (()97CCC ,,X-=wGGG ))(*:GDDD ''(8'BBB 11(2BGLLL x/000 ))(*:;;;rc|}|drH|drBttjdds)t t tj_dSdSdSdS)Nr&r*r)rGrCr=rAget_random_string NONCE_LENGTHr)rrXs rr6zTalisman._make_nonces//11 78 F@A FEM;== F'8 &E&EEM # # #  F F F F F Frc8ttjddS)Nr)rCr=rA)rs rr+zTalisman._get_nonce su}k2666rct|tr|Sg}|D]0\}}d||}||1d|}|S)Nz{}={}z, )rstritemsformatappendjoin)rpolicypoliciessectioncontent policy_parts r_parse_structured_header_policyz(Talisman._parse_structured_header_policy#sx fc " " M &  ) ) GW!..'::K OOK ( ( ( (8$$ rc|}t|tru|}t}|dD]O}|d}d|dd||d<Pg}|D]\}}t|tsd|}d||}ttj dr1||dvr'|dtj j z }| |d |}|S) N; rMrz{} {}rr*z 'nonce-{}'z; )rGrrjrsplitstriprnrkrlhasattrr=rArrm) rrorX policy_stringrs policy_partsrprqrrs r _parse_policyzTalisman._parse_policy1s_//11 fc " " E"M ]]F,22377 E E *002288== *-((<3C*D*D|A'' &  ) ) GWgs++ ,((7++!..'::KEM;77 M}-OPPP}33EM4KLLL OOK ( ( ( (8$$ rc^|dsdS|d}||}||d<dS)NrzFeature-Policy)r}rrQrcros rr[z$Talisman._set_feature_policy_headersMsD'(  F)*##F++$* !!!rc^|dsdS|d}||}||d<dS)NrzPermissions-Policyrtrs rr\z(Talisman._set_permissions_policy_headersVsD+,  F-.55f==(.$%%%rc^|dsdS|d}||}||d<dS)NrzDocument-Policyrrs rr]z%Talisman._set_document_policy_headers_sD()  F*+55f==%+!"""rc|dsdS|d|d<|dtkr+|dxxd|dz cc<dSdS)Nr zX-Frame-Optionsz {}r!) ALLOW_FROMrl)rrQrcs rr^z#Talisman._set_frame_options_headershsx'  F%,_%=!" ? #z 1 1 % & & &%,,23+5+5 5 & & & & & 2 1rc|jrd|d<|jrd|d<|jrd|d<|dsdS|d}||}|jrd|vr |d |jzz }d }|jr|d z }|||<dS) Nz 1; mode=blockzX-XSS-ProtectionnosniffzX-Content-Type-OptionsnoopenzX-Download-Optionsr&z report-uriz ; report-uri zContent-Security-Policyz -Report-Only)r3r2r1r}r'r()rrQrcro csp_headers rr_z-Talisman._set_content_security_policy_headersqs   :*9G& '  & :09G, -   5,4G( )01  F23##F++  2 PF** o(OO OF.  3 ) . (J$ rctjjtjjdddkg}|jrt |sdSd|j}|j r|dz }|j r|dz }||d<dS)NrJrKrLz max-age={}z; includeSubDomainsz ; preloadzStrict-Transport-Security) r=rArPrQr@r"rRrlr$r%r#)rrQrWvalues rr`zTalisman._set_hsts_headerss M # M ! % %&96 B Bg M - S]]  F##D$JKK  < + * *E  1 ! [ E/4+,,,rc|j|d<dS)NzReferrer-Policy)r.)rrQs rraz%Talisman._set_referrer_policy_headerss%)%9!"""rc fd}|S)aUse talisman as a decorator to configure options for a particular view. Only force_https, frame_options, frame_options_allow_from, content_security_policy, content_security_policy_nonce_in and feature_policy can be set on a per-view basis. Example: app = Flask(__name__) talisman = Talisman(app) @app.route('/normal') def normal(): return 'Normal' @app.route('/embeddable') @talisman(frame_options=ALLOW_FROM, frame_options_allow_from='*') def embeddable(): return 'Embeddable' c*t|d|S)Nr<)setattr)frs r decoratorz$Talisman.__call__..decorators A. 7 7 7Hr)rrrs ` r__call__zTalisman.__call__s$,     rr )__name__ __module__ __qualname____doc__rDEFAULT_FEATURE_POLICYDEFAULT_PERMISSIONS_POLICYDEFAULT_DOCUMENT_POLICYrONE_YEAR_IN_SECSDEFAULT_CSP_POLICYDEFAULT_REFERRER_POLICYDEFAULT_SESSION_COOKIE_SAMESITErrGr5r8r6r+rtr}r[r\r]r^r_r`rarrrrr r >ss))))293"'!$%)&*.3.>9=$6/305-13"&%)$C#'"1O6O6O6O6b26   FFF777   8+++///,,,555%%%4555$:::rr c:tj|d|Sr )secrets token_urlsafe)lengths rreres$V,,WfW55rctjtjztjzdfdt |DS)Nrhc3LK|]}tVdSr )rndchoice).0_ allowed_charss r z$get_random_string..sC$$ JJ} % %$$$$$$r)stringascii_lowercaseascii_uppercasedigitsrnrange)rrs @rreresg  "  " # M  ww$$$$6]]$$$$$ $r) collectionsrr=rrrrrrrGOOGLE_CSP_POLICYrrrrfobjectr rre ImportErrorrandomr SystemRandomrrrrrs_$#####    ; #(F:+!+  "t  {{{{{v{{{| $NNN66666  $ $ $MMMMMM &   C$$$$$$ $sAA*)A*