2021-04-28 16:49:39 +02:00
Debug statements (ones with 'D' or 'd' in the indicator area) should not be executed in production, but the ``++WITH DEBUGGING MODE++`` clause activates all debug lines, which could expose sensitive information to attackers. Therefore the ``++WITH DEBUGGING MODE++`` clause should be removed.
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Noncompliant Code Example
2022-02-04 17:28:24 +01:00
[source,cobol]
2021-04-28 16:49:39 +02:00
----
SOURCE-COMPUTER. IBM-370 WITH DEBUGGING MODE.
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== Compliant Solution
2022-02-04 17:28:24 +01:00
[source,cobol]
2021-04-28 16:49:39 +02:00
----
SOURCE-COMPUTER. IBM-370.
----
2021-04-28 18:08:03 +02:00
2021-04-28 16:49:39 +02:00
== See
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
2021-10-28 10:07:16 +02:00
* https://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Active Debug Code
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
endif::env-github,rspecator-view[]
