rspec/rules/S1486/abap/rule.adoc

== Why is this an issue?

A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.


=== Noncompliant code example

[source,abap]
----
IF wv_parallel EQ 'X'.
  BREAK-POINT.  
  WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----


=== Compliant solution

[source,abap]
----
IF wv_parallel EQ 'X'.
  WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----


== Resources

* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Remove this BREAK-POINT statement.


endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,abap]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`IF wv_parallel EQ 'X'.`
			`BREAK-POINT.`
			`WAIT UNTIL g_nb_return EQ wv_nb_call.`
			`ENDIF.`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,abap]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`IF wv_parallel EQ 'X'.`
			`WAIT UNTIL g_nb_return EQ wv_nb_call.`
			`ENDIF.`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00			`* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure`
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Remove this BREAK-POINT statement.`

RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`endif::env-github,rspecator-view[]`