>/iSrSSKrSSKJr SSKJr \R "S5\R"S5S55rg)a3 ====================================================== B201: Test for use of flask app with debug set to true ====================================================== Running Flask applications in debug mode results in the Werkzeug debugger being enabled. This includes a feature that allows arbitrary code execution. Documentation for both Flask [1]_ and Werkzeug [2]_ strongly suggests that debug mode should never be enabled on production systems. Operating a production server with debug mode enabled was the probable cause of the Patreon breach in 2015 [3]_. :Example: .. code-block:: none >> Issue: A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) Location: examples/flask_debug.py:10 9 #bad 10 app.run(debug=True) 11 .. seealso:: .. [1] https://flask.palletsprojects.com/en/1.1.x/quickstart/#debug-mode .. [2] https://werkzeug.palletsprojects.com/en/1.0.x/debug/ .. [3] https://labs.detectify.com/2015/10/02/how-patreon-got-hacked-publicly-exposed-werkzeug-debugger/ .. https://cwe.mitre.org/data/definitions/94.html .. versionadded:: 0.15.0 .. versionchanged:: 1.7.3 CWE information added N)issue)test_propertiesB201Callc XURS5(aURRS5(asURSS5(a[[R "[R [R[RRSURS5S9$ggg)Nflaskz.rundebugTruez~A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.)severity confidencecwetextlineno) is_module_imported_likecall_function_name_qualendswithcheck_call_arg_valuebanditIssueHIGHMEDIUMrCweCODE_INJECTIONget_lineno_for_call_arg)contexts R/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/app_debug.pyflask_debug_truer1s&&w//  * * 3 3F ; ;++GV<<||#[[%}} 007#::7C= <0) __doc__r bandit.corerrtesttest_idchecksrrrr%sD &N/fV  r