Scanning flask's package dependencies to check for code-related security issues.

We ignore some non-security related or trivial violations:

* `S101`: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
* `E203`: whitespace
* `E402`: module level import not at top of file
* `E501`: line too long
* `CFQ002`: too many function arguments

#### Flask Source Code

In [1]:
!flake8 --extend-ignore=S101,E203,E402,E501,CFQ002 ./flask/src

./flask/src/flask/config.py:118:1: S102 Use of exec detected.
./flask/src/flask/config.py:118:17: DUO105 use of "exec" is insecure
./flask/src/flask/config.py:118:22: DUO110 use of "compile" is insecure
./flask/src/flask/sessions.py:313:34: DUO130 insecure use of "hashlib" module
./flask/src/flask/app.py:349:5: CFQ001 Function __init__ has length 122 that exceeds max allowed length 100
./flask/src/flask/app.py:1942:13: E722 do not use bare 'except'
./flask/src/flask/cli.py:886:1: S307 Use of possibly insecure function - consider using safer ast.literal_eval.
./flask/src/flask/cli.py:886:13: DUO104 use of "eval" is insecure
./flask/src/flask/cli.py:886:18: DUO110 use of "compile" is insecure
./flask/src/flask/cli.py:960:7: T101 fixme found (TODO)
./flask/src/flask/__init__.py:1:1: F401 'markupsafe.escape' imported but unused
./flask/src/flask/__init__.py:2:1: F401 'markupsafe.Markup' imported but unused
./flask/src/flask/__init__.py:3:1: F401 'werkzeug.exceptions.abort' imported but unu

#### Flask Tests

In [2]:
!flake8 --extend-ignore=S101,E203,E402,E501,CFQ002 ./flask/tests

./flask/tests/test_config.py:13:1: S105 Possible hardcoded password: 'config'
./flask/tests/test_config.py:51:1: S106 Possible hardcoded password: 'config'
./flask/tests/test_config.py:64:1: S105 Possible hardcoded password: 'config'
./flask/tests/test_templating.py:394:1: S201 A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
./flask/tests/conftest.py:48:1: S105 Possible hardcoded password: 'test key'
./flask/tests/conftest.py:180:1: S404 Consider possible security implications associated with subprocess module.
./flask/tests/conftest.py:182:1: S603 subprocess call - check for execution of untrusted input.
./flask/tests/test_reqctx.py:36:1: S110 Try, Except, Pass detected.
./flask/tests/test_reqctx.py:55:1: S110 Try, Except, Pass detected.
./flask/tests/test_appctx.py:64:1: S110 Try, Except, Pass detected.
./flask/tests/test_appctx.py:83:1: S110 Try, Except, Pass detected.
./flask/tests/test_basic.py:803:1: S

#### Flask Examples

In [3]:
!flake8 --extend-ignore=S101,E203,E402,E501,CFQ002 ./flask/examples

./flask/examples/tutorial/tests/conftest.py:51:1: S107 Possible hardcoded password: 'test'
./flask/examples/tutorial/flaskr/__init__.py:9:1: S106 Possible hardcoded password: 'dev'
