2021-04-28 16:49:39 +02:00
A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Noncompliant Code Example
2022-02-04 17:28:24 +01:00
[source,abap]
2021-04-28 16:49:39 +02:00
----
IF wv_parallel EQ 'X'.
BREAK-POINT.
WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Compliant Solution
2022-02-04 17:28:24 +01:00
[source,abap]
2021-04-28 16:49:39 +02:00
----
IF wv_parallel EQ 'X'.
WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== See
2022-07-08 13:58:56 +02:00
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
2022-04-07 08:53:59 -05:00
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
endif::env-github,rspecator-view[]
