Modify rule S4507: Add support for Flask-GraphQL (#3428)

* Added how to fix it section for flask-graphql * Restructured code examples * Adjusted format * Change to allowed_framework_names not needed anymore * Update rule.adoc * Applied suggestion.
SonarSource · Feb 3, 2025 · 071e229 · 071e229
1 parent fc7ed69
commit 071e229
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/rules/S4507/python/rule.adoc b/rules/S4507/python/rule.adoc
@@ -28,6 +28,7 @@ DEBUG = True  # Sensitive
 DEBUG_PROPAGATE_EXCEPTIONS = True  # Sensitive
 ----
 
+
 Flask application startup:
 
 [source,python,diff-id=3,diff-type=noncompliant]
@@ -39,6 +40,25 @@ app.debug = True  # Sensitive
 app.run(debug=True)  # Sensitive
 ----
 
+The following code defines a GraphQL endpoint with GraphiQL enabled. While this might be a useful configuration during development, it should never be enabled for applications deployed in production:
+
+[source,python,diff-id=4,diff-type=noncompliant]
+----
+from flask import Flask
+from graphql_server.flask import GraphQLView
+
+app = Flask(__name__)
+
+app.add_url_rule(
+    '/graphql',
+    view_func=GraphQLView.as_view(
+        'graphql',
+        schema=schema,
+        graphiql=True # Sensitive
+    )
+)
+----
+
 == Compliant Solution
 
 [source,python,diff-id=1,diff-type=compliant]
@@ -67,6 +87,22 @@ app.debug = False
 app.run(debug=False)
 ----
 
+[source,python,diff-id=4,diff-type=compliant]
+----
+from flask import Flask
+from graphql_server.flask import GraphQLView
+
+app = Flask(__name__)
+
+app.add_url_rule(
+    '/graphql',
+    view_func=GraphQLView.as_view(
+        'graphql',
+        schema=schema
+    )
+)
+----
+
 include::../see.adoc[]
 
 ifdef::env-github,rspecator-view[]