owasp-flask

python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host

semgrep

Running flask app with host 0.0.0.0 could expose the server publicly.

python.flask.security.audit.secure-set-cookie.secure-set-cookie

semgrep

Found a Flask cookie with insecurely configured properties. By default the secure, httponly and samesite ar configured insecurely. cookies should be handled securely by setting `secure=True`, `httponly=True`, and `samesite='Lax'` in response.set_cookie(...). If these parameters are not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker. Include the `secure=True`, `httponly=True`, `samesite='Lax'` arguments or set these to be true in the Flask configuration.