Secure art_view for scanning

[lukasszz]

Case

https://lukaszherok.com/art/REf

2023-07-23 09:00:12,226] ERROR in app: Exception on /art/REf [GET]
Traceback (most recent call last):
  File "/home/lukasz/lhcom4/venv/lib/python3.9/site-packages/flask/app.py", line 2528, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/lukasz/lhcom4/venv/lib/python3.9/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/lukasz/lhcom4/venv/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/lukasz/lhcom4/venv/lib/python3.9/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "./app/main/routes.py", line 29, in art_view
    with open(current_app.root_path + "/art/" + md_file + ".md") as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/lukasz/lhcom4/app/art/REf.md'

Internal Server Error

Solution

Secure art_view routing and show nice error.

• Maybe do the sleep() for making scanner job worse
• if we return 404 then it maybe caught by fail2ban
• Search how to make flask app resistant for scanning.