2023-05-03 11:06:20 +02:00
== Why is this an issue?
2021-04-28 16:49:39 +02:00
The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code.
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
=== Noncompliant code example
2021-04-28 16:49:39 +02:00
2022-02-04 17:28:24 +01:00
[source,rpg]
2021-04-28 16:49:39 +02:00
----
H*-------------------------------------------------------------------------
H DATEDIT(*YMD) DEBUG(*YES)
H**************************************************************************
C SR990 BegSR
C 'CVTERR' DUMP DUMP for error
C Move *on *INLR
----
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
=== Compliant solution
2021-04-28 16:49:39 +02:00
2022-02-04 17:28:24 +01:00
[source,rpg]
2021-04-28 16:49:39 +02:00
----
H*-------------------------------------------------------------------------
H DATEDIT(*YMD)
H**************************************************************************
C SR990 BegSR
C Move *on *INLR
----
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
== Resources
2021-04-28 16:49:39 +02:00
2022-07-08 13:58:56 +02:00
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
2022-04-07 08:53:59 -05:00
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
2023-05-25 14:18:12 +02:00
=== Message
Remove this use of "XXX"
2021-09-20 15:38:42 +02:00
endif::env-github,rspecator-view[]
