Merge pull request #307 from GaneshPatil7517/fix/security-fri-server

Author: pradeeban

Dockerfile.sh

@@ -9,7 +9,11 @@ RUN mkdir /mcr-install \
 
 WORKDIR /mcr-install
 
-RUN wget https://ssd.mathworks.com/supportfiles/downloads/R2021a/Release/1/deployment_files/installer/complete/glnxa64/MATLAB_Runtime_R2021a_Update_1_glnxa64.zip
+ARG MATLAB_RUNTIME_SHA256="b821022690804e498d2e5ad814dccb64aab17c5e4bc10a1e2a12498ef5364e0d"
+ENV MATLAB_RUNTIME_SHA256=${MATLAB_RUNTIME_SHA256}
+
+RUN wget https://ssd.mathworks.com/supportfiles/downloads/R2021a/Release/1/deployment_files/installer/complete/glnxa64/MATLAB_Runtime_R2021a_Update_1_glnxa64.zip \
+    && echo "${MATLAB_RUNTIME_SHA256}  MATLAB_Runtime_R2021a_Update_1_glnxa64.zip" | sha256sum -c -
 
 RUN unzip MATLAB_Runtime_R2021a_Update_1_glnxa64.zip \
     && ./install -destinationFolder /opt/mcr -agreeToLicense yes -mode silent \

fri/server/main.py

@@ -14,7 +14,15 @@
 
 
 app = Flask(__name__)
-app.secret_key = "secret key"
+secret_key = os.environ.get("FLASK_SECRET_KEY")
+if not secret_key:
+    # In production, require an explicit FLASK_SECRET_KEY to be set.
+    # For local development and tests, fall back to a per-process random key
+    # so that importing this module does not fail hard.
+    if os.environ.get("FLASK_ENV") == "production":
+        raise RuntimeError("FLASK_SECRET_KEY environment variable not set in production")
+    secret_key = os.urandom(32)
+app.secret_key = secret_key
 
 cors = CORS(app)
 app.config['CORS_HEADERS'] = 'Content-Type'
@@ -431,4 +439,6 @@ def openJupyter():
 
 
 if __name__ == "__main__":
-    app.run(host="0.0.0.0", port=5000)
+    # In production, use:
+    # gunicorn -w 4 -b 0.0.0.0:5000 fri.server.main:app
+    app.run(host="0.0.0.0", port=5000, debug=False)