517ab2f7ab
When executed with debug=True, Flask applications expose the Werkzeug debugger which includes an abritrary code execution function. This check looks for a combination of the flask module being imported, a .run() call, and a named argument debug=True. Setting it up in plugins/app_debug.py so we can add checks for Django and perhaps other frameworks in future. Change-Id: If49e53d0807dfc2fccad6433edc5ef43f5464f22 Implements: blueprint detect-werkzeug-debug-enabled
20 lines
195 B
Python
20 lines
195 B
Python
from flask import Flask
|
|
|
|
app = Flask(__name__)
|
|
|
|
@app.route('/')
|
|
def main():
|
|
raise
|
|
|
|
#bad
|
|
app.run(debug=True)
|
|
|
|
#okay
|
|
app.run()
|
|
app.run(debug=False)
|
|
|
|
#unrelated
|
|
run()
|
|
run(debug=True)
|
|
run(debug)
|