yaml.kubernetes.security.env.flask-debugging-enabled.flask-debugging-enabled
semgrepAuthor
137
Download Count*
License
Do not set FLASK_ENV to "development" since that sets debug=True in Flask. Use "dev" or a similar term instead.
Run Locally
Run in CI
Defintion
rules:
- id: flask-debugging-enabled
languages:
- yaml
severity: WARNING
message: Do not set FLASK_ENV to "development" since that sets `debug=True` in
Flask. Use "dev" or a similar term instead.
metadata:
owasp: A06:2017 - Security Misconfiguration
cwe:
- "CWE-489: Active Debug Code"
references:
- https://flask.palletsprojects.com/en/2.0.x/debugging/
- https://flask.palletsprojects.com/en/2.0.x/config/#ENV
category: security
technology:
- kubernetes
- flask
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Active Debug Code
patterns:
- pattern-inside: |
env: [...]
- pattern: |
{name: FLASK_ENV, value: "development"}
fix-regex:
regex: development
replacement: dev
Examples
flask-debugging-enabled.test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
labels:
tags.datadoghq.com/env: dev
spec:
template:
metadata:
labels:
tags.datadoghq.com/env: dev
spec:
initContainers:
- name: migrate-db
env:
- name: SQLALCHEMY_DATABASE_URI
valueFrom:
secretKeyRef:
name: backend-secrets
key: SQLALCHEMY_DATABASE_URI
# ruleid: flask-debugging-enabled
- name: FLASK_ENV
value: development
containers:
- name: backend
env:
# ok: flask-debugging-enabled
- name: FLASK_ENV
value: dev
Short Link: https://sg.run/y6x8