Python logoPython/
PTC-W0029

Flask app detected with DEBUG mode enabledPTC-W0029

Critical severityCritical
Security categorySecurity
a05, owasp-top-10

Running Flask applications in debug mode results in the Werkzeug debugger being enabled. This includes a feature that allows arbitrary code execution. Documentation for both Flask and Werkzeug strongly suggests that debug mode should never be enabled on production systems.

Bad practice

from flask import Flask

app = Flask(__name__)

@app.route('/')
def main():
    return 'Hello!'

app.run(debug=True)  # Don't do this
from flask import Flask

app = Flask(__name__)

@app.route('/')
def main():
    return 'Hello!'

app.run()