1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# A Flask SECRET_KEY used for sensitive operations (like signing session cookies),
# needs to be properly random.
# For example the output of "openssl rand -hex 32" or "python -c 'import os; print(os.urandom(16))'"
SECRET_KEY = "cafebabe1234567890deadbeefcafebabe"
SESSION_PROTECTION = "strong"
PREFERRED_URL_SCHEME = "https"
SERVER_NAME = "localhost:5000"
WTF_CSRF_SSL_STRICT = False
# Sentry
# SENTRY_INGEST is the URL of your Sentry ingest endpoint.
SENTRY_INGEST = ""
SENTRY_ENV = "development" # or "production"
SENTRY_ERROR_SAMPLE_RATE = 1.0
SENTRY_TRACES_SAMPLE_RATE = 1.0
# Turnstile
TURNSTILE_SITEKEY = "1x00000000000000000000BB"
TURNSTILE_SECRET = "1x0000000000000000000000000000000AA"
# Email
MAIL_SERVER = "mail.example.com" # The outgoing SMTP server to use
MAIL_DEBUG = False # Whether to print out SMTP commands and responses (very verbose!)
MAIL_PORT = 465 # SMTP port to connect to
MAIL_USE_TLS = False # Whether to use STARTTLS
MAIL_USE_SSL = True # Whether to connect using SSL/TLS
MAIL_USERNAME = "username" # The username to use for auth
MAIL_PASSWORD = "" # The password to use for auth
MAIL_DEFAULT_SENDER = "seccerts@example.com" # The sender address
# MAIL_SUPPRESS_SEND = True # Whether to suppress all sending (for testing)
# WebUI
CHAT_ENABLED = True # Whether to enable the WebUI chat feature
WEBUI_URL = "" # The URL of the WebUI API
WEBUI_KEY = "" # Your WebUI API key
WEBUI_MODELS = ["llama-4-scout-17b-16e-instruct", "gpt-oss-120b", "deepseek-r1"] # The models to allow for the WebUI
WEBUI_DEFAULT_MODEL = "llama-4-scout-17b-16e-instruct" # The default model to use
WEBUI_SYSTEM_PROMPT = "You are a helpful assistant for the sec-certs project and an expert in security certifications. You can answer questions about Common Criteria and FIPS 140 certifications. Use the information from the context provided to you as much as possible. "
WEBUI_PROMPT_CC_ALL = "You are answering questions about Common Criteria certificates. In your context, you have relevant information extracted from Common Criteria certification reports and security targets."
WEBUI_PROMPT_CC_CERT = "You are answering questions about a Common Criteria certificate '{{ cert_name }}'."
WEBUI_PROMPT_CC_BOTH = "You are answering questions about a Common Criteria certificate '{{ cert_name }}'. In your context, you have relevant information extracted from Common Criteria certification reports and security targets."
WEBUI_PROMPT_FIPS_ALL = "You are answering questions about FIPS 140 certificates. In your context, you have relevant information extracted from FIPS 140 security policies."
WEBUI_PROMPT_FIPS_CERT = "You are answering questions about a FIPS 140 certificate '{{ cert_name }}'."
WEBUI_PROMPT_FIPS_BOTH = "You are answering questions about a FIPS 140 certificate '{{ cert_name }}'. In your context, you have relevant information extracted from FIPS 140 security policies."
WEBUI_PROMPT_PP_ALL = "You are answering questions about Common Criteria Protection Profiles. In your context, you have relevant information extracted from Protection Profiles and their certification reports."
WEBUI_PROMPT_PP_CERT = "You are answering questions about a Common Criteria Protection Profile '{{ cert_name }}'."
WEBUI_PROMPT_PP_BOTH = "You are answering questions about a Common Criteria Protection Profile '{{ cert_name }}'. In your context, you have relevant information extracted from Protection Profiles and their certification reports."
WEBUI_COLLECTION_CC_REPORTS = "" # The ID of the knowledge base of Common Criteria certification reports
WEBUI_COLLECTION_CC_TARGETS = "" # The ID of the knowledge base of Common Criteria security targets
WEBUI_COLLECTION_FIPS_TARGETS = "" # The ID of the knowledge base of FIPS 140 security policies
WEBUI_COLLECTION_PP_REPORTS = (
"" # The ID of the knowledge base of Common Criteria Protection Profile certification reports
)
WEBUI_COLLECTION_PP_TARGETS = "" # The ID of the knowledge base of Common Criteria Protection Profile security targets
GITHUB_OAUTH_ENABLED = False
GITHUB_OAUTH_CLIENT_ID = ""
GITHUB_OAUTH_CLIENT_SECRET = ""
# MongoDB
MONGO_URI = "mongodb://localhost:27666/seccerts"
# Redis (for Flask-Redis, dramatiq and Flask-Caching)
# Redis databases are split up like this:
# 0 -> Flask-Redis
# 1 -> dramatiq
# 2 -> Flask-Caching
REDIS_BASE = "redis://localhost:6379/"
REDIS_URL = REDIS_BASE + "0"
# dramatiq
# Not for testing, it is stubbed out.
# DRAMATIQ_BROKER_URL = REDIS_BASE + "1"
# Cache
CACHE_TYPE = "null"
CACHE_NO_NULL_WARNING = True
# nginx
USE_X_ACCEL_REDIRECT = False
X_ACCEL_REDIRECT_PATH = ""
# WHOOSH
WHOOSH_INDEX_PATH = "search"
DOCS_AUTH_TOKEN = "12345678"
# The way the Common Criteria certificate reference graphs are built.
# Can be "BOTH" to collect the references from both certificate documents and security targets,
# or "CERT_ONLY" for collecting references from certs only,
# or "ST_ONLY" for collecting references from security targets only.
CC_GRAPH = "CERT_ONLY"
# Number of items per page in the search listing.
SEARCH_ITEMS_PER_PAGE = 20
# Paths inside the instance directory where the CVE and CPE dataset will be stored.
DATASET_PATH_CVE = "cve.json"
DATASET_PATH_CVE_COMPRESSED = "cve.json.gz"
DATASET_PATH_CPE = "cpe.json"
DATASET_PATH_CPE_COMPRESSED = "cpe.json.gz"
DATASET_PATH_CPE_MATCH = "cpe_match.json"
DATASET_PATH_CPE_MATCH_COMPRESSED = "cpe_match.json.gz"
# Paths inside the instance directory where the CC, PP and FIPS datasets will be stored and processed.
DATASET_PATH_CC = "cc_dataset"
DATASET_PATH_CC_OUT = "cc.json"
DATASET_PATH_CC_OUT_MU = "cc_mu.json"
DATASET_PATH_CC_OUT_SCHEME = "cc_scheme.json"
DATASET_PATH_CC_OUT_PP = "pp.json"
DATASET_PATH_CC_DIR = "cc"
DATASET_PATH_CC_ARCHIVE = "cc.tar.gz"
DATASET_PATH_PP = "pp_dataset"
DATASET_PATH_PP_OUT = DATASET_PATH_CC_OUT_PP
DATASET_PATH_PP_DIR = "pp"
DATASET_PATH_PP_ARCHIVE = "pp.tar.gz"
DATASET_PATH_FIPS = "fips_dataset"
DATASET_PATH_FIPS_OUT = "fips.json"
DATASET_PATH_FIPS_OUT_ALGORITHMS = "fips_algorithms.json"
DATASET_PATH_FIPS_DIR = "fips"
DATASET_PATH_FIPS_ARCHIVE = "fips.tar.gz"
# Path for the sec-certs tool settings file inside the instance directory
TOOL_SETTINGS_PATH = "settings.yaml"
# Whether notification subscriptions are enabled.
SUBSCRIPTIONS_ENABLED = True
# Whether to skip the actual update (from remote CC, PP and FIPS servers) in the nightly update task. Useful for debugging.
CC_SKIP_UPDATE = False
PP_SKIP_UPDATE = False
FIPS_SKIP_UPDATE = False
FIPS_IUT_SKIP_UPDATE = False
FIPS_MIP_SKIP_UPDATE = False
CVE_SKIP_UPDATE = False
CPE_SKIP_UPDATE = False
CPE_MATCH_SKIP_UPDATE = False
# Whether to anonymize the site (for review).
ANONYMOUS = False
ANONYMOUS_GIT = ""
# Event navbar to show during special occasions
EVENT_NAVBAR = None
|
