pinterest · 0secure · Oct 10, 2019 · Oct 10, 2019 · Oct 10, 2019 · jparise
diff --git a/snappass/main.py b/snappass/main.py
@@ -20,7 +20,15 @@
 app = Flask(__name__)
 if os.environ.get('DEBUG'):
     app.debug = True
+
+if os.environ.get('ABUSE_ORG') or os.environ.get('ABUSE_EMAIL'):
+    app.config.update(
+        dict(ABUSE_MESSAGE=True,
+            ABUSE_ORG=os.environ.get('ABUSE_ORG', 'Information Security'),
+            ABUSE_EMAIL=os.environ.get('ABUSE_EMAIL', '')))
+
 app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key')
+
 app.config.update(
     dict(STATIC_URL=os.environ.get('STATIC_URL', 'static')))
 
@@ -190,6 +198,12 @@ def show_password(password_key):
 
     return render_template('password.html', password=password)
 
+@app.errorhandler(404)
+def page_not_found(e):
+    if request.path.startswith("/snappass"):
+        return render_template('404snap.html'), 404
+    else:
+        return render_template('404.html'), 404
 
 @check_redis_alive
 def main():

diff --git a/snappass/templates/404.html b/snappass/templates/404.html
@@ -0,0 +1,11 @@
+{% extends "base.html" %}
+
+{% block content %}
+<div class="container">
+  <section>
+    <div class="page-header"><h1>Page Not Found</h1></div>
+    <p>The page you requested is not available.</p>
+  </section>
+</div>
+{% endblock %}
+
diff --git a/snappass/templates/404snap.html b/snappass/templates/404snap.html
@@ -0,0 +1,22 @@
+{% extends "base.html" %}
+
+{% block content %}
+<div class="container">
+  <section>
+    <div class="page-header"><h1>Secret Not Found</h1></div>
+    <p>The secret you requested is not available. This typically indicates that one of the three below conditions has occurred:</p> 
+    <ol>
+         <li>The secret has already been retrieved.</li>
+         <li>The link was corrupted</li>
-         <li>The link was corrupted</li>
+         <li>The link was corrupted.</li>
-         <li>The link was corrupted</li>
+         <li>The link was corrupted.</li>
+         <li>The secret has timed out based on the sender's requested setting of one hour, one day, or one week.</li>
+    </ol>
+  </section>
+  {% if config.ABUSE_MESSAGE %}
+	<div class="alert alert-danger">
+        <p>If there is any indication that an unauthorized party may have retrieved the secret, please rotate the secret and contact {% if config.ABUSE_EMAIL %}<a href="mailto:{{ config.ABUSE_EMAIL }}">{{ config.ABUSE_ORG }}</a>{% else %}{{ config.ABUSE_ORG }}{% endif %} for assistance.</p>
+	</div>
+  {% endif %}
+
+</div>
+{% endblock %}
+
diff --git a/snappass/templates/base.html b/snappass/templates/base.html
@@ -22,5 +22,11 @@
     <script src="{{ config.STATIC_URL }}/jquery/jquery-1.12.4.min.js"></script>
     <script src="{{ config.STATIC_URL }}/bootstrap/js/bootstrap.min.js"></script>
     {% block js %}{% endblock %}
+
+    {% if config.ABUSE_MESSAGE %}
+    <div class=container>
+    Please report abuse to {% if config.ABUSE_EMAIL %}<a href="mailto:{{ config.ABUSE_EMAIL }}">{{ config.ABUSE_ORG }}</a>{% else %}{{ config.ABUSE_ORG }}{% endif %}.
+    </div>
+    {% endif %}
   </body>
 </html>