search

CreoDAMO / Creo-eVTOL

Welcome to the Creo-eVTOL project repository! This project is dedicated to advancing the software for electric vertical takeoff and landing (eVTOL) vehicles, focusing on safety, efficiency, and user experience. Our mission is to integrate cutting-edge technologies such as AI, AR/VR, quantum computation, and constructive theory to revolutionize urba
Apache License 2.0
1 stars 1 forks source link

Fix code scanning alert - Flask app is run in debug mode #2

Closed CreoDAMO closed 2 months ago

CreoDAMO commented 2 months ago

Tracking issue for:

CreoDAMO commented 2 months ago

To address the security concern raised by CodeQL about running a Flask application in debug mode, you should disable debug mode when deploying your application to production. Running in debug mode can expose sensitive information and allow for remote code execution, which is a significant security risk.

Here's how you can disable debug mode in your Flask application:

if __name__ == '__main__':
    app.run(debug=False, port=5000)

By setting debug=False, you turn off the Flask debugger, which should not be active in a production environment. This change ensures that the Werkzeug debugger is not accessible in the production deployment of your application.

Additionally, you can manage the debug mode setting through environment variables, which allows you to have different configurations for development and production environments. For example:


import os

DEBUG_MODE = os.environ.get('FLASK_DEBUG', 'False') == 'True'

if __name__ == '__main