Games irados ( correção ) #635
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -137,4 +174,4 @@ | |||
| dbName = os.environ.get('MYSQL_DB') | |||
| database = DataBase(dbEndpoint, dbUser, dbPassword, dbName) | |||
| init_db(database) | |||
| app.run(host='0.0.0.0',port=10010, debug=True) | |||
| app.run(host='0.0.0.0', port=10010, debug=True) | |||
Check failure
Code scanning / CodeQL
Flask app is run in debug mode High
|
Hey there, @RayTdC! I checked your solution, and it seems that you successfully resolved the issue with the logs. However, you forgot to remove the flag that boots Flask in debug mode. Please do so, and then I can approve your request. Also, a little tip: for the field "id do usuário," you can censor the username. For example, you can change kevinwall to k*******l. This way, it still conveys information without revealing the actual username. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This solution refers to which of the apps?
A9 - Games Irados
What did you do to mitigate the vulnerability?
The app presented a log without objectivity, with shallow information when informing about coupons or when logging in. To change this situation, more detailed information was added, such as who made the request and what happened, so it will be clearer to discover possible attacks, based on the log description.
Note: The “id do usuário” field was used because the user name would be sensitive information exposed in the log. The information that is covered is the device's IP.