2021-04-28 16:49:39 +02:00
The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code.
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Noncompliant Code Example
----
H*-------------------------------------------------------------------------
H DATEDIT(*YMD) DEBUG(*YES)
H**************************************************************************
C SR990 BegSR
C 'CVTERR' DUMP DUMP for error
C Move *on *INLR
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Compliant Solution
----
H*-------------------------------------------------------------------------
H DATEDIT(*YMD)
H**************************************************************************
C SR990 BegSR
C Move *on *INLR
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== See
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
2021-10-28 10:07:16 +02:00
* https://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Active Debug Code
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
endif::env-github,rspecator-view[]
