Disable Django Debug Mode

[pixeebot]

This codemod will flip Django's DEBUG flag to False if it's True on the settings.py file within Django's default directory structure.

Having the debug flag on may result in sensitive information exposure. When an exception occurs while the DEBUG flag in on, it will dump metadata of your environment, including the settings module. The attacker can purposefully request a non-existing url to trigger an exception and gather information about your system.

- DEBUG = True
+ DEBUG = False

More reading

• https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
• https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-DEBUG
• https://cwe.mitre.org/data/definitions/489

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/django-debug-flag-on

[pixeebot]

I'm confident in this change, and the CI checks pass, too!

If you see any reason not to merge this, or you have suggestions for improvements, please let me know!

[pixeebot]

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!

[pixeebot]

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.