rspec/rules/S1486/abap/rule.adoc

A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.


== Noncompliant Code Example

----
IF wv_parallel EQ 'X'.
  BREAK-POINT.  
  WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----


== Compliant Solution

----
IF wv_parallel EQ 'X'.
  WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----


== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Noncompliant Code Example`

			`----`
			`IF wv_parallel EQ 'X'.`
			`BREAK-POINT.`
			`WAIT UNTIL g_nb_return EQ wv_nb_call.`
			`ENDIF.`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Compliant Solution`

			`----`
			`IF wv_parallel EQ 'X'.`
			`WAIT UNTIL g_nb_return EQ wv_nb_call.`
			`ENDIF.`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== See`

			`* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure`
			`* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00