B201: Test for use of flask app with debug set to true¶
Running Flask applications in debug mode results in the Werkzeug debugger being enabled. This includes a feature that allows arbitrary code execution. Documentation for both Flask  and Werkzeug  strongly suggests that debug mode should never be enabled on production systems.
Operating a production server with debug mode enabled was the probable cause of the Patreon breach in 2015 .
>> Issue: A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code. Severity: High Confidence: High Location: examples/flask_debug.py:10 9 #bad 10 app.run(debug=True) 11
|||http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly-exposed-werkzeug # noqa|
New in version 0.15.0.