Skip to main content

Static analysis checks for Flask, by r2c. Available in our free program analysis tool, Bento. (ht

Project description


flake8-flask is a plugin for flake8 with checks specifically for the flask framework, written by r2c


pip install flake8-flask

Validate the install using --version.

> flake8 --version
3.7.9 (flake8-flask: 0.9.3, mccabe: 0.6.1, pycodestyle: 2.5.0, pyflakes: 2.1.1)

List of warnings

r2c-flask-send-file-open: This check detects the use of a file-like object in flask.send_file without either mimetype or attachment_filename keyword arguments. send_file will throw a ValueError in this situation.

r2c-flask-secure-set-cookie: This check detects calls to response.set_cookie that do not have secure, httponly, and samesite set. This follows the guidance in the Flask documentation.

r2c-flask-unescaped-file-extension: Flask will not autoescape Jinja templates that do not have .html, .htm, .xml, or .xhtml as extensions. This check will alert you if you do not have one of these extensions. This check will also do its best to detect if context variables are escaped if a non-escaped extension is used.

r2c-flask-use-blueprint-for-modularity: This check recommends using Blueprint when there are too many route handlers in a single file. Blueprint encourages modularity and can greatly simplify how large applications work and provide a central means for Flask extensions to register operations on applications.

r2c-flask-use-jsonify: flask.jsonify() is a Flask helper method which handles the correct settings for returning JSON from Flask routes. This check catches uses of json.dumps() returned from Flask routes and encourages flask.jsonify() instead.

r2c-flask-missing-jwt-token: This check alerts when @jwt_required, @jwt_optional, @fresh_jwt_required, and @jwt_refresh_token_required decorators are missing in files where flask_jwt, flask_jwt_extended, or flask_jwt_simple packages are imported.

Have an idea for a check? Reach out to us at!

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flake8-flask-0.9.3.tar.gz (10.5 kB view hashes)

Uploaded source

Built Distribution

flake8_flask-0.9.3-py3-none-any.whl (14.7 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page