Skip to content

Latest commit

 

History

History
35 lines (23 loc) · 899 Bytes

B201.md

File metadata and controls

35 lines (23 loc) · 899 Bytes

Pattern: Use of Flask with debug=True

Issue: -

Description

Running Flask applications in debug mode results in the Werkzeug debugger being enabled. This includes a feature that allows arbitrary code execution. Documentation for both Flask and Werkzeug strongly suggests that debug mode should never be enabled on production systems.

Example of insecure code:

from flask import Flask

app = Flask(__name__)
app.run(debug=True)

Example of secure code:

from flask import Flask

app = Flask(__name__)
app.run()

Further Reading