Skip to main content

backend-structure

Flask Application Structure

Entry Point (flask/run.py)

  • WSGI entry point using the application factory pattern
  • Imports create_app() from the app package
  • Runs on 0.0.0.0:5000 with debug disabled
  • Standard production-ready setup

Application Factory (flask/app/__init__.py)

  • Environment-driven configuration - all settings come from environment variables
  • Raises ValueError if SECRET_KEY is missing
  • 12 registered blueprints

Blueprint Organization (API Structure)

The application is organized into these functional areas:

Core Features:

  • Home (/api/home/) - Basic status/health endpoint
  • Upload (/api/upload) - File upload functionality
  • Validation (/api/validate) - OSCAL document validation
  • Generation (/api/generate) - SSP template generation

Analysis & Security:

  • Dependencies (/api/test) - Dependency analysis
  • Vulnerable Functions (/api/vulnerable) - Code vulnerability detection
  • Vulnerable Packages (/api/vulnerable-packages) - Package vulnerability tracking
  • Attack Paths (/api/attack) - Attack path analysis

MITRE Integration:

  • Priority Controls (/api/priority) - Control prioritization
  • CVE/CWE Mappings (/api/cve-cwe-mappings) - Vulnerability mappings

Testing Infrastructure:

  • Test Runner (no prefix) - General test execution
  • InSpec Runner (no prefix) - Compliance testing

Configuration Requirements

The Flask application expects these environment variables:

Auto-Generated Variables

These are automatically generated by scripts/generate-env.sh:

  • HOST_VOLUME_PATH - Set to the parent directory of the current working directory
  • HOST_UID - User ID of the current user (from id -u)
  • HOST_GID - Group ID of the current user (from id -g)
  • DOCKER_GID - Group ID of the docker group (from getent group docker)

Docker Container Variables

These are set in flask/Dockerfile during container build:

  • FLASK_APP=run:create_app - Flask application entry point
  • FLASK_ENV=development - Flask environment mode
  • SECRET_KEY=your-secret-key - Default secret key (overridden by docker-compose)
  • UPLOAD_FOLDER=/shared - Container path for uploaded files
  • GENERATION_FOLDER=/generatedFiles - Container path for generated files

Database Connection Variables

Set by Docker Compose for ArangoDB connectivity:

  • ARANGO_DB_URL, ARANGO_DB_NAME, ARANGO_DB_USERNAME, ARANGO_DB_PASSWORD

Environment Generation Process

The environment variables are created through:

  1. Automatic setup: setup.sh calls scripts/generate-env.sh during initial setup
  2. Manual generation: Run scripts/generate-env.sh directly when needed
  3. Container build: Additional variables set during Docker image creation
  4. Runtime override: Docker Compose provides final values for database connections and secrets

The generate-env.sh script writes variables to a .env file in the project root directory, ensuring consistent user/group permissions between the host system and Docker containers.