hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-29 18:41:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ad60ca59cbffd977cd68e666510129a5ae2e301
codeql/python/ql/src/Security/CWE-215/FlaskDebug.qhelp
Rasmus Wriedt Larsen 7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
2021-02-17 16:32:53 +01:00

40 lines
1.1 KiB
XML
Raw Blame History

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Running a Flask application with debug mode enabled may allow an
attacker to gain access through the Werkzeug debugger.
</p>
</overview>
<recommendation>
<p>
Ensure that Flask applications that are run in a production
environment have debugging disabled.
</p>
</recommendation>
<example>
<p>
Running the following code starts a Flask webserver that has
debugging enabled. By visiting <code>/crash</code>, it is possible
to gain access to the debugger, and run arbitrary code through the
interactive debugger.
</p>
<sample src="FlaskDebug.py" />
</example>
<references>
<li>Flask Quickstart Documentation: <a href="http://flask.pocoo.org/docs/1.0/quickstart/#debug-mode">Debug Mode</a>.</li>
<li>Werkzeug Documentation: <a href="http://werkzeug.pocoo.org/docs/0.14/debug/">Debugging Applications</a>.</li>
</references>
</qhelp>
Reference in New Issue View Git Blame Copy Permalink