Create more_more_new.py #45
Conversation
![semgrep-app[bot]](https://avatars.githubusercontent.com/in/60555?s=60&v=4){kind=small}
| app = flask.Flask(__name__) | ||
|
|
||
| # ruleid: active-debug-code-flask | ||
| app.run(debug=True, use_debugger=False, use_reloader=False) |
There was a problem hiding this comment.
The application is running debug code or has debug mode enabled. This may expose sensitive information, like stack traces and environment variables, to attackers. It may also modify application behavior, potentially enabling attackers to bypass restrictions. To remediate this finding, ensure that the application's debug code and debug mode are disabled or removed from the production environment.
Ignore this finding from active-debug-code-flask.
| app = flask.Flask(__name__) | ||
|
|
||
| # ruleid: active-debug-code-flask | ||
| app.run(debug=True, use_debugger=False, use_reloader=False) |
There was a problem hiding this comment.
Detected Flask app with debug=True. Do not deploy to production with this flag enabled as it will leak sensitive information. Instead, consider using Flask configuration variables or setting 'debug' using system environment variables.
Ignore this finding from debug-enabled.
| app = flask.Flask(__name__) | ||
|
|
||
| # ruleid: active-debug-code-flask | ||
| app.run(debug=True, use_debugger=False, use_reloader=False) |
There was a problem hiding this comment.
top-level app.run(...) is ignored by flask. Consider putting app.run(...) behind a guard, like inside a function
Ignore this finding from avoid_using_app_run_directly.
No description provided.