Severity: CRITICAL
File: `ApiCore/settings.py`, `ApiApp/utils.py`
Lines: settings.py:56, utils.py:159-161, utils.py:211-213
Description
When `DEBUG=True`, the `AppleConfig` is initialized with `production=False`, which tells `pyattest` to skip production-level attestation validation. This effectively bypasses the entire iOS attestation mechanism in debug/development mode.
If a production server is accidentally deployed with `DEBUG=True`, any device (including emulators, jailbroken devices, and pure software clients) can register without real hardware attestation.
Affected code in `utils.py`:
```python
config = AppleConfig(
self._key_id,
APP_ATTEST_APP_ID,
not DEBUG # <-- When DEBUG=True, this becomes False, disabling production validation
)
```
Affected code in `settings.py`:
```python
PLAY_INTEGRITY_CONFIG = GooglePlayIntegrityApiConfig(
...
production=not DEBUG, # <-- Same issue for Android
...
)
```
Impact
- Complete attestation bypass: Any client can register as an "attested" device when DEBUG is enabled
- Notification infrastructure compromised: Attackers can register arbitrary devices
- Deployment accident risk: A single misconfiguration (DEBUG=True in production) disables all security
Root Cause
The `production` parameter of both `GooglePlayIntegrityApiConfig` and `AppleConfig` is directly tied to `DEBUG`. There is no independent configuration to enforce production attestation regardless of debug mode.
Fix
- Use a separate environment variable for attestation production mode (e.g., `ATTESTATION_STRICT_MODE`)
- Default to strict mode even when DEBUG is True, but allow an explicit override
- Add a warning/health check that refuses to serve if DEBUG=True but attestation is not in strict mode
Severity: CRITICAL
File: `ApiCore/settings.py`, `ApiApp/utils.py`
Lines: settings.py:56, utils.py:159-161, utils.py:211-213
Description
When `DEBUG=True`, the `AppleConfig` is initialized with `production=False`, which tells `pyattest` to skip production-level attestation validation. This effectively bypasses the entire iOS attestation mechanism in debug/development mode.
If a production server is accidentally deployed with `DEBUG=True`, any device (including emulators, jailbroken devices, and pure software clients) can register without real hardware attestation.
Affected code in `utils.py`:
```python
config = AppleConfig(
self._key_id,
APP_ATTEST_APP_ID,
not DEBUG # <-- When DEBUG=True, this becomes False, disabling production validation
)
```
Affected code in `settings.py`:
```python
PLAY_INTEGRITY_CONFIG = GooglePlayIntegrityApiConfig(
...
production=not DEBUG, # <-- Same issue for Android
...
)
```
Impact
Root Cause
The `production` parameter of both `GooglePlayIntegrityApiConfig` and `AppleConfig` is directly tied to `DEBUG`. There is no independent configuration to enforce production attestation regardless of debug mode.
Fix