Fixed security issues

caff_previewer_wrapper/app.py

@@ -73,4 +73,4 @@ def perform_conversion():
 
 
 if __name__ == '__main__':
-    app.run(debug=True)
+    app.run(debug=True)  # nosec: app only launches in debug mode... if it's launched in developement mode

caff_previewer_wrapper/converter.py

@@ -1,4 +1,5 @@
-import subprocess
+import os.path
+import subprocess  # nosec: That's the whole point of this application
 from flask import current_app
 import werkzeug.exceptions
 
@@ -11,11 +12,15 @@ def run_abstract_converter(converter: str, source: str, destination: str) -> int
     :param destination: destination file
     :returns: exitcode of the converter
     """
-    completed_process = subprocess.run([converter, source, destination],
+    if not (os.path.isfile(source) and os.path.isfile(converter)):
+        raise FileNotFoundError("Source or converter binary does not exists")
+
+    completed_process = subprocess.run([converter, source, destination],  # nosec: Concerning arguments checked above
                                        timeout=current_app.config['CONVERSION_TIMEOUT'], env={})
 
     return completed_process.returncode
 
+
 def convert_caff_to_tga(source: str, destination: str):
     """
     This function uses caff_previewer to convert a CAFF file into a TGA file

caff_previewer_wrapper/utils.py

@@ -5,7 +5,7 @@ import hashlib
 
 def write_file_to_fd_while_calculating_md5(fd: int) -> str:
     chunksize = current_app.config['RECIEVE_CHUNKSIZE']
-    m = hashlib.md5()
+    m = hashlib.md5()  # nosec: md5 is used only for integrity checking here
 
     total_recieved = 0
 
@@ -28,7 +28,7 @@ def write_file_to_fd_while_calculating_md5(fd: int) -> str:
 
 
 def create_md5_sum_for_file(fname):
-    m = hashlib.md5()
+    m = hashlib.md5()  # nosec: md5 is used only for integrity checking here
 
     with open(fname, "rb") as f:
         for chunk in iter(lambda: f.read(4096), b""):