Summary
Several standalone Flask entrypoints bind to 0.0.0.0 while forcing debug=True in app.run(...).
Impact
If one of these helper services is started on a reachable interface, Flask/Werkzeug debug mode is enabled by default. Debug mode is not safe for exposed services and can disclose stack traces and enable debugger behavior that should only ever be available during local development.
Affected entrypoints found locally:
bcos_directory.pybridge/bridge_api.pycontributor_registry.pyexplorer/app.pykeeper_explorer.pysecurity_test_payment_widget.py
Reproduction
From the current main branch, inspect the affected files and note that each calls app.run(..., host=0.0.0.0, debug=True) or the single-quoted equivalent.
A static check can reproduce this without starting a server by parsing the files' AST and finding app.run calls whose debug keyword is the constant True.
Expected behavior
Debug mode should be off by default for any Flask app that binds to a public interface. Developers who explicitly need debug mode locally can opt in with an environment variable such as FLASK_DEBUG=1.
Proposed fix
Use an environment-controlled boolean for debug mode and default it to False, then add a regression test that prevents public Flask entrypoints from hard-coding debug=True again.
Summary
Several standalone Flask entrypoints bind to
0.0.0.0while forcingdebug=Trueinapp.run(...).Impact
If one of these helper services is started on a reachable interface, Flask/Werkzeug debug mode is enabled by default. Debug mode is not safe for exposed services and can disclose stack traces and enable debugger behavior that should only ever be available during local development.
Affected entrypoints found locally:
bcos_directory.pybridge/bridge_api.pycontributor_registry.pyexplorer/app.pykeeper_explorer.pysecurity_test_payment_widget.pyReproduction
From the current
mainbranch, inspect the affected files and note that each callsapp.run(..., host=0.0.0.0, debug=True)or the single-quoted equivalent.A static check can reproduce this without starting a server by parsing the files' AST and finding
app.runcalls whosedebugkeyword is the constantTrue.Expected behavior
Debug mode should be off by default for any Flask app that binds to a public interface. Developers who explicitly need debug mode locally can opt in with an environment variable such as
FLASK_DEBUG=1.Proposed fix
Use an environment-controlled boolean for debug mode and default it to
False, then add a regression test that prevents public Flask entrypoints from hard-codingdebug=Trueagain.