Insecure Configuration
Why is this important?
Python and frameworks like Flask/Django are very popular. While they follow secure patterns by default, there are instances where it can be configured insecurely.
Fixing Insecure Configuration
Option A: Disable Flask Debug
- Go through the issues that GuardRails identified in the PR.
- Identify code with this pattern:
# This would enable the Werkzeug utility that can be abused by attackers.
app.run(debug=True)
- Replace it with the following code:
app.run()
- Test it
- Ship it 🚢