Pyramid debug mode
Description
This Pyramid web application is configured to run in debug mode, likely through the PYRAMID_DEBUG_ALL environment variable. Debug mode enables development-focused features that should never be active in production environments. When enabled, the application may expose sensitive information including source code excerpts, internal file system paths, configuration details, and detailed error stack traces that reveal application internals.
Remediation
Disable debug mode in all production and production-like environments immediately. Remove or set the PYRAMID_DEBUG_ALL environment variable to false. In your production configuration file (typically production.ini), ensure debug settings are explicitly disabled:
pyramid.reload_templates = false pyramid.debug_authorization = false pyramid.debug_notfound = false pyramid.debug_routematch = false
Verify that your deployment process does not set debug-related environment variables. Implement environment-specific configuration management to ensure debug features are only enabled in isolated development environments. After making changes, restart the application and verify that detailed error pages and debug information are no longer accessible.