Pattern: Use of Flask
with debug=True
Issue: -
Running Flask
applications in debug mode results in the Werkzeug
debugger
being enabled. This includes a feature that allows arbitrary code execution.
Documentation for both Flask
and Werkzeug
strongly suggests that debug
mode should never be enabled on production systems.
Example of insecure code:
from flask import Flask
app = Flask(__name__)
app.run(debug=True)
Example of secure code:
from flask import Flask
app = Flask(__name__)
app.run()