AWS logo
Amazon QDetector Library

Enabling and overriding debug feature Medium

Don't enable or override an application's debug feature. Instead, use OS environment variables to set up the debug feature.

Detector ID
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def detect_activated_debug_feature_noncompliant():
2    from django.conf import settings
3    # Noncompliant: The debug feature is enabled.
4    settings.configure(DEBUG=True)

Compliant example

1def detect_activated_debug_feature_compliant():
2    from django.conf import settings
3    import os
4    # Compliant: The debug feature is set through the environment variable.
5    settings.configure(DEBUG=os.environ['DEBUG'])