fix: disable Flask debug mode in production, control via FLASK_DEBUG env var#4056
fix: disable Flask debug mode in production, control via FLASK_DEBUG env var#4056BossChaos wants to merge 2 commits intoScottcjn:mainfrom
Conversation
…env var
Flask debug mode exposes:
- Interactive debugger (code execution via PIN bypass)
- Stack traces with internal file paths
- Werkzeug debugger console
Changed from debug=True to debug=os.environ.get('FLASK_DEBUG', 'false').lower() == 'true'
across 3 files: explorer/app.py, bridge/bridge_api.py, keeper_explorer.py
github-actions
Bot
added
BCOS-L1
haoyousun60-create
left a comment
haoyousun60-create
left a comment
There was a problem hiding this comment.
Reviewed. Security hardening looks solid. LGTM! 🚀
fengqiankun6-sudo
left a comment
fengqiankun6-sudo
left a comment
There was a problem hiding this comment.
LGTM! Good security fix. ✅
|
Closing per branch-contamination audit (2026-05-09). This PR is part of a 161-PR cluster from your account where the diff carries files unrelated to the claimed fix. Specifically, 128 of 161 PRs in this batch modify This is a branching-hygiene problem, not a quality problem with the underlying fixes. The pattern means:
To get back to paid status:
I have nothing against the underlying fixes — quality has been good when scoped. But contamination at this scale is unreviewable, and Faucet Tiers policy requires clean diffs for security claims. Specifically clean PRs already approved for payout (per 2026-05-06 audit, still scope-clean as of today):
These will be paid via the admin /wallet/transfer flow. — auto-triage 2026-05-09 (this is mechanical contamination detection, not a personal judgment) |
4 participants
Flask debug mode exposes interactive debugger (code execution), stack traces, and Werkzeug console. Changed from debug=True to debug=os.environ.get('FLASK_DEBUG', 'false').lower() == 'true' across 3 files: explorer/app.py, bridge/bridge_api.py, keeper_explorer.py.