debug-enabled
secure-set-cookie
directly-returned-format-string
avoid_hardcoded_config_TESTING
TESTING
detected. Use environment variables or config files insteadavoid_hardcoded_config_SECRET_KEY
SECRET_KEY
detected. Use environment variables or config files insteadavoid_hardcoded_config_ENV
ENV
detected. Set this by using FLASK_ENV environment variableavoid_hardcoded_config_DEBUG
DEBUG
detected. Set this by using FLASK_DEBUG environment variableavoid_app_run_with_bad_host
flask-wtf-csrf-disabled
render-template-string
avoid_using_app_run_directly
host-header-injection-python
flask.request.host
is used to construct an HTTP request. This can lead to host header injection issues. Vulnerabilities that generally occur due to this issue are authentication bypasses, password reset issues, Server-Side-Request-Forgery (SSRF), and many more. It is recommended to validate the URL before passing it to a request library, or using application logic such as authentication or password resets.