Metadata-Version: 2.1
Name: flake8-flask
Version: 0.10.0b1
Summary: Static analysis checks for Flask, by r2c. Available in our free program analysis tool, Bento. (ht
Author: grayson
Author-email: grayson@returntocorp.com
Requires-Python: >=3.6,<4.0
Classifier: License :: Other/Proprietary License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Requires-Dist: flake8 (>=3.7.9,<4.0.0)
Requires-Dist: python-taint (>=0.42.0,<0.43.0)
Requires-Dist: r2c-py-ast (==0.1.0b1)
Description-Content-Type: text/markdown

# flake8-flask

flake8-flask is a plugin for flake8 with checks specifically for the [flask](https://pypi.org/project/Flask/) framework, written by [r2c](https://r2c.dev)

## Installation

```
pip install flake8-flask
```

Validate the install using `--version`.

```
> flake8 --version
3.7.9 (flake8-flask: 0.2.1, mccabe: 0.6.1, pycodestyle: 2.5.0, pyflakes: 2.1.1)
```

## List of warnings

`r2c-flask-send-file-open`: This check detects the use of a file-like object in `flask.send_file` without either `mimetype` or `attachment_filename` keyword arguments. `send_file` will throw a ValueError in this situation.

`r2c-flask-secure-set-cookie`: This check detects calls to `response.set_cookie` that do not have `secure`, `httponly`, and `samesite` set. This follows the [guidance in the Flask documentation](https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options).

`r2c-flask-unescaped-file-extension`: Flask will not autoescape Jinja templates that do not have .html, .htm, .xml, or .xhtml as extensions. This check will alert you if you do not have one of these extensions. This check will also do its best to detect if context variables are escaped if a non-escaped extension is used.

`r2c-flask-use-blueprint-for-modularity`: This check recommends using Blueprint when there are too many route handlers in a single file. Blueprint encourages modularity and [can greatly simplify how large applications work and provide a central means for Flask extensions to register operations on applications.](https://flask.palletsprojects.com/en/1.1.x/blueprints/#blueprints)

`r2c-flask-use-jsonify`: `flask.jsonify()` is a [Flask](https://palletsprojects.com/p/flask/) helper method which handles the correct settings for returning JSON from Flask routes. This check catches uses of `json.dumps()` returned from Flask routes and encourages `flask.jsonify()` instead.

`r2c-flask-missing-jwt-token`: This check alerts when `@jwt_required`, `@jwt_optional`, `@fresh_jwt_required`, and `@jwt_refresh_token_required` decorators are missing in files where `flask_jwt`, `flask_jwt_extended`, or `flask_jwt_simple` packages are imported.

Have an idea for a check? Reach out to us at https://r2c.dev!

