gitlab.bandit.B201

385

Download Count*

License

Detected Flask app with debug=True. Do not deploy to production with this flag enabled as it will leak sensitive information. Instead, consider using Flask configuration variables or setting 'debug' using system environment variables.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B201
    patterns:
      - pattern-inside: |
          import flask
          ...
      - pattern: $APP.run(..., debug=True, ...)
    message: >
      Detected Flask app with debug=True. Do not deploy to production with this
      flag enabled

      as it will leak sensitive information. Instead, consider using Flask configuration

      variables or setting 'debug' using system environment variables.
    metadata:
      cwe: "CWE-489: Active Debug Code"
      owasp: "A6: Security Misconfiguration"
      primary_identifier: bandit.B201
      secondary_identifiers:
        - name: Bandit Test ID B201
          type: bandit_test_id
          value: B201
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/eK4b