Disable Django Debug Mode

[pixeebot[bot]]

This codemod will flip Django's DEBUG flag to False if it's True on the settings.py file within Django's default directory structure.

Having the debug flag on may result in sensitive information exposure. When an exception occurs while the DEBUG flag in on, it will dump metadata of your environment, including the settings module. The attacker can purposefully request a non-existing url to trigger an exception and gather information about your system.

- DEBUG = True
+ DEBUG = False

More reading

• https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
• https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-DEBUG

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

Powered by: pixeebot (codemod ID: pixee:python/django-debug-flag-on)