Python Debug True In Settings
Description
Detects when Django's DEBUG setting is enabled in settings files. When debug mode is enabled in production, it can expose sensitive configuration data, detailed error messages, and stack traces to attackers, leading to information disclosure vulnerabilities.
Detection Strategy
• Checks if the analyzed file is named 'settings.py'
• Searches for DEBUG configuration variables in Django settings
• Reports a vulnerability if DEBUG is set to True
• Only analyzes Django configuration files (settings.py)
Vulnerable code example
// Since no specific vulnerability was provided, here's a basic SQL injection example
String query = "SELECT * FROM users WHERE id = " + userId; // Vulnerable: Direct string concatenation of user input
connection.executeQuery(query);✅ Secure code example
String query = "SELECT * FROM users WHERE id = ?"; // Safe: Uses parameterized query
PreparedStatement stmt = connection.prepareStatement(query);
stmt.setString(1, userId); // Parameters are safely escaped
stmt.executeQuery();Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.