diff options
| author | Philip Sargent <philip.sargent@gmail.com> | 2024-12-12 17:08:00 +0000 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@gmail.com> | 2024-12-12 17:08:00 +0000 |
| commit | 321f912083633417b7bc050f8c139fdfd724357e (patch) | |
| tree | 7557a2ffdea3ac7fa932ddf4ece28423019abca7 /security-warnings.txt | |
| parent | 58c9dd7d09b13acd99a4ce921401ce927f682f31 (diff) | |
| download | troggle-321f912083633417b7bc050f8c139fdfd724357e.tar.gz troggle-321f912083633417b7bc050f8c139fdfd724357e.tar.bz2 troggle-321f912083633417b7bc050f8c139fdfd724357e.zip | |
fixing pre-run script
Diffstat (limited to 'security-warnings.txt')
| -rw-r--r-- | security-warnings.txt | 54 |
1 files changed, 10 insertions, 44 deletions
diff --git a/security-warnings.txt b/security-warnings.txt index 1aa9a9f..90aef32 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -1,44 +1,10 @@ -Traceback (most recent call last): - File "/home/philip/expo/troggle/manage.py", line 23, in <module> - execute_from_command_line(sys.argv) - ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line - utility.execute() - ~~~~~~~~~~~~~~~^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 416, in execute - django.setup() - ~~~~~~~~~~~~^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/__init__.py", line 24, in setup - apps.populate(settings.INSTALLED_APPS) - ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/apps/registry.py", line 91, in populate - app_config = AppConfig.create(entry) - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/apps/config.py", line 123, in create - mod = import_module(mod_path) - File "/home/philip/.local/share/uv/python/cpython-3.13.1-linux-x86_64-gnu/lib/python3.13/importlib/__init__.py", line 88, in import_module - return _bootstrap._gcd_import(name[level:], package, level) - ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - File "<frozen importlib._bootstrap>", line 1387, in _gcd_import - File "<frozen importlib._bootstrap>", line 1360, in _find_and_load - File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked - File "<frozen importlib._bootstrap>", line 935, in _load_unlocked - File "<frozen importlib._bootstrap_external>", line 1026, in exec_module - File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/apps.py", line 8, in <module> - from .checks import check_middleware, check_models_permissions, check_user_model - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/checks.py", line 9, in <module> - from .management import _get_builtin_permissions - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/management/__init__.py", line 10, in <module> - from django.contrib.contenttypes.management import create_contenttypes - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/contenttypes/management/__init__.py", line 2, in <module> - from django.db import DEFAULT_DB_ALIAS, IntegrityError, migrations, router, transaction - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/__init__.py", line 2, in <module> - from .operations import * # NOQA - ^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/operations/__init__.py", line 2, in <module> - from .models import ( - ...<15 lines>... - ) - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/operations/models.py", line 3, in <module> - from django.db.migrations.state import ModelState -ModuleNotFoundError: No module named 'django.db.migrations.state' +System check identified some issues: + +WARNINGS: +?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect. +?: (security.W009) Your SECRET_KEY has less than 50 characters, less than 5 unique characters, or it's prefixed with 'django-insecure-' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack. +?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. +?: (security.W018) You should not have DEBUG set to True in deployment. + +System check identified 5 issues (0 silenced). |