check if IP filtering applied and API address is in whitelist also API Key is valid Returns: None or Abort(403) or Abort(401)
()
| 197 | |
| 198 | @app.before_request |
| 199 | def authorization_check(): |
| 200 | """ |
| 201 | check if IP filtering applied and API address is in whitelist also |
| 202 | API Key is valid |
| 203 | |
| 204 | Returns: |
| 205 | None or Abort(403) or Abort(401) |
| 206 | """ |
| 207 | # IP Limitation |
| 208 | white_list_enabled = app.config["OWASP_HONEYPOT_CONFIG"]["api_client_white_list"] |
| 209 | white_list_ips = app.config["OWASP_HONEYPOT_CONFIG"]["api_client_white_list_ips"] |
| 210 | api_access_without_key = app.config["OWASP_HONEYPOT_CONFIG"]["api_access_without_key"] |
| 211 | |
| 212 | if white_list_enabled: |
| 213 | if flask_request.remote_addr not in white_list_ips: |
| 214 | abort(403, "unauthorized IP") |
| 215 | if not api_access_without_key: |
| 216 | is_authorized() |
| 217 | return |
| 218 | |
| 219 | |
| 220 | @app.route("/", methods=["GET", "POST"]) |
nothing calls this directly
no test coverage detected