Django Debug Method Enabled

What is the "Django Debug Method Enabled?" module?

The "Django Debug Method Enabled" module is a test case designed to detect misconfigurations in Django applications. It targets the Django framework and specifically checks for the presence of debug mode enabled, which can pose a security risk. This module has a medium severity level and was authored by dhiyaneshDK and hackergautam.

Impact

If the "Django Debug Method Enabled" module detects that debug mode is enabled in a Django application, it indicates a potential security vulnerability. Debug mode should not be enabled in a production environment as it can expose sensitive information and allow attackers to gain unauthorized access to the application.

How does the module work?

The "Django Debug Method Enabled" module works by sending an HTTP request to a non-existing path in the target Django application. It then checks for specific response patterns and status codes to determine if debug mode is enabled.

For example, the module may check for the presence of phrases like "URLconf defined," "Page not found," and "Django tried these URL patterns, in this order" in the response body. Additionally, it verifies that the response status code is 404 (Not Found).

The module uses matching conditions to ensure that all specified patterns and status codes are present in the response. If the conditions are met, the module reports a potential misconfiguration.

It's important to note that this module only performs one specific test case and is part of a larger set of modules used by the Vidoc platform for scanning purposes.