pallets/flask

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

https://github.com/pallets/flask.git · scanned 2026-05-16 15:07 UTC (1 day, 5 hours ago) · 10 languages

74 findings (3 legacy + 71 scanner) 95th percentile · Python · small (2-20K LoC) Scanner says 68 (higher by 20)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 day, 10 hours ago · v1 · 74 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON

{# ── 2026-05-17 R27 #5: score breakdown panel ────────────────────── Surfaces the score_breakdown JSON that's been silently stored on Repository for months. Turns hidden math into a trust signal. #}

Severity distribution — click a segment to filter

Active filters: excluding tests × Reset all

All 1513 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.

Label	Layer	Status	Path
`test_options_work`	software	healthy	`tests/test_basic.py:32`
`index`	software	healthy	`tests/test_basic.py:1941`
`test_options_on_multiple_rules`	software	healthy	`tests/test_basic.py:42`
`index_put`	software	healthy	`tests/test_basic.py:48`
`test_method_route`	software	healthy	`tests/test_basic.py:56`
`hello`	software	healthy	`tests/test_basic.py:1360`
`test_method_route_no_methods`	software	healthy	`tests/test_basic.py:67`
`test_provide_automatic_options_attr_disable`	software	healthy	`tests/test_basic.py:72`
`test_provide_automatic_options_attr_enable`	software	healthy	`tests/test_basic.py:86`
`test_provide_automatic_options_arg_disable`	software	healthy	`tests/test_basic.py:103`
`test_provide_automatic_options_method_disable`	software	healthy	`tests/test_basic.py:116`
`test_request_dispatching`	software	healthy	`tests/test_basic.py:129`
`more`	software	healthy	`tests/test_basic.py:163`
`test_disallow_string_for_allowed_methods`	software	healthy	`tests/test_basic.py:152`
`test_url_mapping`	software	healthy	`tests/test_basic.py:157`
`options`	software	healthy	`tests/test_basic.py:166`
`test_werkzeug_routing`	software	healthy	`tests/test_basic.py:193`
`bar`	software	healthy	`tests/test_basic.py:223`
`test_endpoint_decorator`	software	healthy	`tests/test_basic.py:214`
`test_session_accessed`	software	healthy	`tests/test_basic.py:234`
`do_set`	software	healthy	`tests/test_basic.py:236`
`do_get`	software	healthy	`tests/test_basic.py:241`
`do_nothing`	software	healthy	`tests/test_basic.py:245`
`test_session_path`	software	healthy	`tests/test_basic.py:276`
`test_session_using_application_root`	software	healthy	`tests/test_basic.py:288`
`__init__`	software	healthy	`tests/test_basic.py:1864`
`__call__`	software	healthy	`tests/test_basic.py:294`
`test_session_using_session_settings`	software	healthy	`tests/test_basic.py:310`
`clear`	software	healthy	`tests/test_basic.py:558`
`test_session_using_samesite_attribute`	software	healthy	`tests/test_basic.py:353`
`test_missing_session`	software	healthy	`tests/test_basic.py:380`
`expect_exception`	software	healthy	`tests/test_basic.py:383`
`test_session_secret_key_fallbacks`	software	healthy	`tests/test_basic.py:393`
`set_session`	software	healthy	`tests/test_basic.py:541`
`get_session`	software	healthy	`tests/test_basic.py:400`
`test_session_expiration`	software	healthy	`tests/test_basic.py:421`
`test`	software	healthy	`tests/test_basic.py:641`
`test_session_stored_last`	software	healthy	`tests/test_basic.py:453`
`modify_session`	software	healthy	`tests/test_basic.py:455`
`dump_session_contents`	software	healthy	`tests/test_basic.py:472`
`test_session_special_types`	software	healthy	`tests/test_basic.py:467`
`test_session_cookie_setting`	software	healthy	`tests/test_basic.py:498`
`bump`	software	healthy	`tests/test_basic.py:502`
`read`	software	healthy	`tests/test_basic.py:508`
`run_test`	software	healthy	`tests/test_basic.py:511`
`test_session_vary_cookie`	software	healthy	`tests/test_basic.py:539`
`get`	software	healthy	`tests/test_basic.py:546`
`getitem`	software	healthy	`tests/test_basic.py:550`
`setdefault`	software	healthy	`tests/test_basic.py:554`
`vary_cookie_header_set`	software	healthy	`tests/test_basic.py:563`

Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.

Label	Layer	Status	Path
`PrefixPathMiddleware`	software	healthy	`tests/test_basic.py:289`
`MyException`	software	healthy	`tests/test_basic.py:971`
`ForbiddenSubclass`	software	healthy	`tests/test_basic.py:987`
`E1`	software	healthy	`tests/test_basic.py:1019`
`E2`	software	healthy	`tests/test_basic.py:1022`
`E3`	software	healthy	`tests/test_basic.py:1025`
`View`	software	healthy	`tests/test_basic.py:1863`
`FakePath`	software	healthy	`tests/test_helpers.py:11`
`PyBytesIO`	software	healthy	`tests/test_helpers.py:25`
`TestSendfile`	software	healthy	`tests/test_helpers.py:33`
`StaticFileApp`	software	healthy	`tests/test_helpers.py:69`
`TestUrlFor`	software	healthy	`tests/test_helpers.py:94`
`MyView`	software	healthy	`tests/test_helpers.py:138`
`MyAborter`	software	healthy	`tests/test_helpers.py:189`
`MyFlask`	software	healthy	`tests/test_helpers.py:192`
`My900Error`	software	healthy	`tests/test_helpers.py:200`
`TestNoImports`	software	healthy	`tests/test_helpers.py:209`
`TestStreaming`	software	healthy	`tests/test_helpers.py:228`
`Wrapper`	software	healthy	`tests/test_helpers.py:259`
`TestHelpers`	software	healthy	`tests/test_helpers.py:327`
`Namespace`	software	healthy	`tests/test_testing.py:275`
`SubRunner`	software	healthy	`tests/test_testing.py:330`
`NS`	software	healthy	`tests/test_testing.py:353`
`Index`	software	healthy	`tests/test_views.py:186`
`Other`	software	healthy	`tests/test_views.py:50`
`BetterIndex`	software	healthy	`tests/test_views.py:71`
`BaseView`	software	healthy	`tests/test_views.py:202`
`ChildView`	software	healthy	`tests/test_views.py:205`
`GetView`	software	healthy	`tests/test_views.py:239`
`DeleteView`	software	healthy	`tests/test_views.py:224`
`GetDeleteView`	software	healthy	`tests/test_views.py:228`
`OtherView`	software	healthy	`tests/test_views.py:243`
`View`	software	healthy	`tests/test_views.py:247`
`CountInit`	software	healthy	`tests/test_views.py:260`
`ListConverter`	software	healthy	`tests/test_converters.py:9`
`ContextConverter`	software	healthy	`tests/test_converters.py:30`
`SessionError`	software	healthy	`tests/test_reqctx.py:178`
`FailingSessionInterface`	software	healthy	`tests/test_reqctx.py:181`
`CustomFlask`	software	healthy	`tests/test_reqctx.py:211`
`PathAwareSessionInterface`	software	healthy	`tests/test_reqctx.py:204`
`Base`	software	healthy	`tests/test_config.py:133`
`Test`	software	healthy	`tests/test_config.py:136`
`Config`	software	healthy	`tests/test_config.py:199`
`Flask`	software	healthy	`tests/test_config.py:202`
`Foo`	software	healthy	`tests/test_regression.py:5`
`Module`	software	healthy	`tests/test_cli.py:127`
`MockCtx`	software	healthy	`tests/test_cli.py:232`
`TestRoutes`	software	healthy	`tests/test_cli.py:446`
`MySessionInterface`	software	healthy	`tests/test_session_interface.py:12`
`MyDecoratorException`	software	healthy	`tests/test_blueprints.py:47`

Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.

Label	Layer	Status	Path
`README.md`	software	healthy	`README.md`
`.pre-commit-config.yaml`	software	healthy	`.pre-commit-config.yaml`
`.readthedocs.yaml`	software	healthy	`.readthedocs.yaml`
`pyproject.toml`	software	healthy	`pyproject.toml`
`on-create-command.sh`	software	healthy	`.devcontainer/on-create-command.sh`
`devcontainer.json`	software	healthy	`.devcontainer/devcontainer.json`
`test_basic.py`	software	healthy	`tests/test_basic.py`
`conftest.py`	software	healthy	`tests/conftest.py`
`test_helpers.py`	software	healthy	`tests/test_helpers.py`
`test_testing.py`	software	healthy	`tests/test_testing.py`
`test_views.py`	software	healthy	`tests/test_views.py`
`test_converters.py`	software	healthy	`tests/test_converters.py`
`test_reqctx.py`	software	healthy	`tests/test_reqctx.py`
`test_config.py`	software	healthy	`tests/test_config.py`
`test_signals.py`	software	healthy	`tests/test_signals.py`
`test_instance_config.py`	software	healthy	`tests/test_instance_config.py`
`test_regression.py`	software	healthy	`tests/test_regression.py`
`test_cli.py`	software	healthy	`tests/test_cli.py`
`test_session_interface.py`	software	healthy	`tests/test_session_interface.py`
`test_blueprints.py`	software	healthy	`tests/test_blueprints.py`
`test_subclassing.py`	software	healthy	`tests/test_subclassing.py`
`test_templating.py`	software	healthy	`tests/test_templating.py`
`test_json_tag.py`	software	healthy	`tests/test_json_tag.py`
`test_logging.py`	software	healthy	`tests/test_logging.py`
`test_request.py`	software	healthy	`tests/test_request.py`
`test_appctx.py`	software	healthy	`tests/test_appctx.py`
`test_json.py`	software	healthy	`tests/test_json.py`
`test_async.py`	software	healthy	`tests/test_async.py`
`test_user_error_handler.py`	software	healthy	`tests/test_user_error_handler.py`
`.env`	software	healthy	`tests/test_apps/.env`
`hello.py`	software	healthy	`tests/test_apps/helloworld/hello.py`
`wsgi.py`	software	warning	`tests/test_apps/helloworld/wsgi.py`
`__init__.py`	software	healthy	`tests/test_apps/subdomaintestmodule/__init__.py`
`__init__.py`	software	healthy	`tests/test_apps/blueprintapp/__init__.py`
`__init__.py`	software	healthy	`tests/test_apps/blueprintapp/apps/__init__.py`
`__init__.py`	software	healthy	`tests/test_apps/blueprintapp/apps/frontend/__init__.py`
`index.html`	software	healthy	`tests/test_apps/blueprintapp/apps/frontend/templates/fronte…`
`__init__.py`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/__init__.py`
`test.css`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/static/css/test.css`
`index.html`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/templates/admin/ind…`
`__init__.py`	software	healthy	`tests/test_apps/cliapp/__init__.py`
`multiapp.py`	software	warning	`tests/test_apps/cliapp/multiapp.py`
`app.py`	software	warning	`tests/test_apps/cliapp/app.py`
`factory.py`	software	healthy	`tests/test_apps/cliapp/factory.py`
`importerrorapp.py`	software	warning	`tests/test_apps/cliapp/importerrorapp.py`
`__init__.py`	software	healthy	`tests/test_apps/cliapp/inner1/__init__.py`
`__init__.py`	software	healthy	`tests/test_apps/cliapp/inner1/inner2/__init__.py`
`flask.py`	software	warning	`tests/test_apps/cliapp/inner1/inner2/flask.py`
`index.html`	software	healthy	`tests/static/index.html`
`config.json`	software	healthy	`tests/static/config.json`

Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.

Label	Layer	Status	Path
`.devcontainer`	software	healthy	`.devcontainer`
`tests`	software	healthy	`tests`
`test_apps`	software	healthy	`tests/test_apps`
`helloworld`	software	healthy	`tests/test_apps/helloworld`
`subdomaintestmodule`	software	healthy	`tests/test_apps/subdomaintestmodule`
`blueprintapp`	software	healthy	`tests/test_apps/blueprintapp`
`apps`	software	healthy	`tests/test_apps/blueprintapp/apps`
`frontend`	software	healthy	`tests/test_apps/blueprintapp/apps/frontend`
`templates`	software	healthy	`tests/test_apps/blueprintapp/apps/frontend/templates`
`frontend`	software	healthy	`tests/test_apps/blueprintapp/apps/frontend/templates/fronte…`
`admin`	software	healthy	`tests/test_apps/blueprintapp/apps/admin`
`static`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/static`
`css`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/static/css`
`templates`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/templates`
`admin`	software	healthy	`tests/test_apps/blueprintapp/apps/admin/templates/admin`
`cliapp`	software	healthy	`tests/test_apps/cliapp`
`inner1`	software	healthy	`tests/test_apps/cliapp/inner1`
`inner2`	software	healthy	`tests/test_apps/cliapp/inner1/inner2`
`static`	software	healthy	`tests/static`
`templates`	software	healthy	`tests/templates`
`type_check`	software	healthy	`tests/type_check`
`docs`	software	healthy	`docs`
`examples`	software	healthy	`examples`
`celery`	software	healthy	`examples/celery`
`src`	software	healthy	`examples/celery/src`
`task_app`	software	healthy	`examples/celery/src/task_app`
`templates`	software	healthy	`examples/celery/src/task_app/templates`
`javascript`	software	healthy	`examples/javascript`
`tests`	software	healthy	`examples/javascript/tests`
`js_example`	software	healthy	`examples/javascript/js_example`
`templates`	software	healthy	`examples/javascript/js_example/templates`
`tutorial`	software	healthy	`examples/tutorial`
`tests`	software	healthy	`examples/tutorial/tests`
`flaskr`	software	healthy	`examples/tutorial/flaskr`
`static`	software	healthy	`examples/tutorial/flaskr/static`
`templates`	software	healthy	`examples/tutorial/flaskr/templates`
`blog`	software	healthy	`examples/tutorial/flaskr/templates/blog`
`auth`	software	healthy	`examples/tutorial/flaskr/templates/auth`
`.github`	software	healthy	`.github`
`ISSUE_TEMPLATE`	software	healthy	`.github/ISSUE_TEMPLATE`
`workflows`	software	healthy	`.github/workflows`
`src`	software	healthy	`src`
`flask`	software	healthy	`src/flask`
`json`	software	healthy	`src/flask/json`
`sansio`	software	healthy	`src/flask/sansio`

Label	Layer	Status	Path
`ANY /`	api	healthy	`examples/celery/src/task_app/__init__.py`
`GET /result/<id>`	api	healthy	`examples/celery/src/task_app/views.py`
`POST /add`	api	healthy	`examples/celery/src/task_app/views.py`
`POST /block`	api	healthy	`examples/celery/src/task_app/views.py`
`POST /process`	api	healthy	`examples/celery/src/task_app/views.py`
`ANY /<any(xhr, jquery, fetch):js>`	api	healthy	`examples/javascript/js_example/views.py`
`ANY /add`	api	healthy	`examples/javascript/js_example/views.py`
`ANY /hello`	api	healthy	`examples/tutorial/flaskr/__init__.py`
`ANY /register`	api	healthy	`examples/tutorial/flaskr/auth.py`
`ANY /login`	api	healthy	`examples/tutorial/flaskr/auth.py`
`ANY /logout`	api	healthy	`examples/tutorial/flaskr/auth.py`
`ANY /create`	api	healthy	`examples/tutorial/flaskr/blog.py`
`ANY /<int:id>/update`	api	healthy	`examples/tutorial/flaskr/blog.py`
`ANY /<int:id>/delete`	api	healthy	`examples/tutorial/flaskr/blog.py`

Label	Layer	Status	Path
`lock`	cicd	healthy	`.github/workflows/lock.yaml`
`build`	cicd	healthy	`.github/workflows/publish.yaml`
`create-release`	cicd	healthy	`.github/workflows/publish.yaml`
`publish-pypi`	cicd	healthy	`.github/workflows/publish.yaml`
`tests`	cicd	healthy	`.github/workflows/tests.yaml`
`typing`	cicd	healthy	`.github/workflows/tests.yaml`
`zizmor`	cicd	healthy	`.github/workflows/zizmor.yaml`
`main`	cicd	healthy	`.github/workflows/pre-commit.yaml`

Label	Layer	Status	Path
`gha::lock`	cicd	healthy	`.github/workflows/lock.yaml`
`gha::publish`	cicd	healthy	`.github/workflows/publish.yaml`
`gha::tests`	cicd	healthy	`.github/workflows/tests.yaml`
`gha::zizmor`	cicd	healthy	`.github/workflows/zizmor.yaml`
`gha::pre-commit`	cicd	healthy	`.github/workflows/pre-commit.yaml`

Label	Layer	Status	Path
`127.0.0.1`	network	healthy	`tests/test_basic.py`
`192.168.0.22`	network	healthy	`tests/test_testing.py`
`127.0.0.2`	network	healthy	`tests/test_testing.py`
`3.6.4.0`	network	healthy	`examples/celery/requirements.txt`

Label	Layer	Status	Path
`redis`	data	healthy	`examples/celery/pyproject.toml`
`sqlite`	data	healthy	`examples/tutorial/flaskr/__init__.py`

Label	Layer	Status	Path
`user`	data	healthy	`examples/tutorial/flaskr/schema.sql`
`post`	data	healthy	`examples/tutorial/flaskr/schema.sql`

Label	Layer	Status	Path
`repobility-clone-kafpg9jb`	software	healthy	`/tmp/repobility-clone-kafpg9jb`

Label	Layer	Status	Path
`celery`	data	healthy	`examples/celery/make_celery.py`

Label	Layer	Status	Path
`port:5000`	network	healthy	`src/flask/app.py`

Label	Layer	Status	Path
`.env in repo`	security	healthy	`tests/test_apps/.env`

{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/6d775c59-9374-4383-9b10-add804ee2792/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/6d775c59-9374-4383-9b10-add804ee2792/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.

pallets/flask

Complete repo analysis

function 50+

class 50+

file 50+

directory 45

endpoint 14

job 8

pipeline 5

service 4

database 2

table 2

repo 1

queue 1

port 1

secret 1