[SONARPY-313] Rule S4507: Delivering code in production with debug features activated is security-sensitive - SonarSource

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.13
Component/s: Rules
Labels:
None

Description

from django.conf import settings

settings.configure(DEBUG=True)  # Questionable when set to True
settings.configure(DEBUG_PROPAGATE_EXCEPTIONS=True)  # Questionable when set to True

def custom_config(config):
    settings.configure(default_settings=config, DEBUG=True)  # Questionable

Django's "global_settings.py" configuration file

# NOTE: The following code raises issues only if the file is named "global_settings.py". This is the default
# name of Django configuration file

DEBUG = True  # Questionable
DEBUG_PROPAGATE_EXCEPTIONS = True  # Questionable

Attachments

Issue Links

contributes to

MMF-1578 SonarPython: Provide 11 Common Security Hotspots

Closed

implements

RSPEC-4507 Delivering code in production with debug features activated is security-sensitive

Active

relates to

SONARPY-373 Rule S4507 should consider settings.py in addition to global_settings.py

Closed

Activity

People

Assignee:

Andrea Guarino

Reporter:

Nicolas Harraudeau

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Due:

07/Mar/19

Created:

06/Feb/19 6:36 PM

Updated:

15/Aug/19 7:02 PM

Resolved:

07/Mar/19 3:59 PM