Insecure Configuration

Why is this important?

Python and frameworks like Flask/Django are very popular. While they follow secure patterns by default, there are instances where it can be configured insecurely.

Fixing Insecure Configuration

Option A: Disable Flask Debug

  1. Go through the issues that GuardRails identified in the PR.
  2. Identify code with this pattern:

    # This would enable the Werkzeug utility that can be abused by attackers.
    app.run(debug=True)
    
  3. Replace it with the following code:

    app.run()
    
  4. Test it

  5. Ship it 🚢

More information: