Set Flask MAX_CONTENT_LENGTH for uploads | Critiq Docs

#Metadata

Rule ID: py.security.flask-missing-upload-body-limit
Severity: medium
Confidence: 0.72
Languages: python
Presets: security, strict
Stability: stable
Applies to: file
Tags: dos, flask, python, rules-catalog, security, upload

#Why it matters

Missing upload limits enables trivial denial-of-service via oversized multipart payloads.

#Remediation

Set `app.config["MAX_CONTENT_LENGTH"]` (or equivalent) to a bounded maximum aligned with product limits.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.flask-missing-upload-body-limit.rule.yaml.

Back to directory Open rule in repository