Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bring Initial React and Flask App #25

Merged
merged 10 commits into from
Nov 7, 2024
Merged

Bring Initial React and Flask App #25

merged 10 commits into from
Nov 7, 2024

Conversation

ksek87
Copy link
Owner

@ksek87 ksek87 commented Nov 7, 2024

No description provided.

@ksek87 ksek87 merged commit 73dc0f1 into main Nov 7, 2024
1 of 4 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 7, 2024
View reviewed changes
backend/app.py
return jsonify({'fragrance': generated_fragrance})

if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True)

Check failure

Code scanning / CodeQL

Flask app is run in debug mode High

A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger.

Copilot Autofix AI 4 months ago

To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. The best way to achieve this is by using an environment variable to control the debug mode. This way, we can set the debug mode to True during development and False in production.

  1. Import the os module to access environment variables.
  2. Modify the app.run call to set the debug parameter based on an environment variable.
  3. Set a default value for the environment variable to ensure the application does not run in debug mode by default.
Suggested changeset 1
backend/app.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/app.py b/backend/app.py
--- a/backend/app.py
+++ b/backend/app.py
@@ -25,3 +25,5 @@
 if __name__ == '__main__':
-    app.run(host="0.0.0.0", port=5000, debug=True)
+    import os
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
+    app.run(host="0.0.0.0", port=5000, debug=debug_mode)
     
\ No newline at end of file
EOF
@@ -25,3 +25,5 @@
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True)
import os
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
app.run(host="0.0.0.0", port=5000, debug=debug_mode)

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ksek87