no-debug-mode

Try in Playground
python-flaskPerformanceWarning

0

No tags

No CWE or CVE

Flask applications in production should not run in debug mode. Debug mode should only be kept for debugging locally, not in production.

Ast Rule: function call


no-debug-mode

How to write a rule
function printArgument(a) {
  if(a.name && a.value){
    return `${a.name.str} = ${a.value.str}`;
  }
  return `${a.value.str}`;
}

function visit(node) {

  const useFlask = node.context.imports.filter(i => {
    const useFlaskAsImport = i.astType === "importpackage" && i.name.str === "flask";
    const useFlaskAsFrom = i.astType === "fromstatement" && i.pkg.str === "flask";
    return useFlaskAsImport || useFlaskAsFrom;
  }).length > 0;
  const useDebug = node.arguments && node.arguments.values && node.arguments.values.filter(a => a.name && a.name.str === "debug" && a.value && a.value.str === "True").length > 0;


  if (useDebug && useFlask) {
    const lastArgument = node.arguments.values[node.arguments.values.length - 1];
    const lastArgumentPosition = lastArgument.value.end;

    const argumentsWithoutDebug = node.arguments.values.filter(a => (a.name && a.name.str !== "debug") && (a.value && a.value.str !== "True"));
    const newArguments = argumentsWithoutDebug.map(a => printArgument(a)).join(", ");
    const newFunctionCall = `app.run(${argumentsWithoutDebug})`;
    const editRemoveDebugFlag = buildEditUpdate(node.arguments.start.line, node.arguments.start.col, lastArgumentPosition.line, lastArgumentPosition.col, newArguments)
    const fix = buildFix("remove debug flag", [editRemoveDebugFlag]);

    const error = buildError(node.start.line, node.start.col, node.end.line, node.end.col, "do not use debug = True", "CRITICAL", "SAFETY");

    addError(error.addFix(fix));
  }

}

flask-with-debug.py

Expected test result: has error

from flask import Flask

app = Flask(__name__)

@app.route('/')

def index():
  return 'Flask webapp'

if __name__ == "__main__":
  app.run(debug = True)

flask-no-debug.py

Expected test result: no error

from flask import Flask

app = Flask(__name__)

@app.route('/')

def index():
  return 'Flask webapp'

if __name__ == "__main__":
  app.run()
Add comment

Log in to add a comment


    Be the first one to leave a comment!

Codiga Logo
Codiga Hub
  • Rulesets
  • Explore
  • Cookbooks
  • Playground
soc-2 icon

We are SOC-2 Compliance Certified

G2 high performer medal

Codiga – All rights reserved 2022.