Pattern: Use of Flask with debug=True
Issue: -
Running Flask applications in debug mode results in the Werkzeug debugger
being enabled. This includes a feature that allows arbitrary code execution.
Documentation for both Flask and Werkzeug strongly suggests that debug
mode should never be enabled on production systems.
Example of insecure code:
from flask import Flask
app = Flask(__name__)
app.run(debug=True)Example of secure code:
from flask import Flask
app = Flask(__name__)
app.run()