== Why is this an issue?

The ``++DISPLAY++`` statement outputs data to standard out or some other destination and could reveal sensitive information. Therefore, it should be avoided.


=== Noncompliant code example

[source,cobol]
----
DISPLAY "hello world"  *> Noncompliant
----


== Resources

* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Remove this use of "DISPLAY".


=== Parameters

.checkOnlyDisplayUponConsole
****

----
true
----

Set to false to raise issues on all "DISPLAY" uses, not just "DISPLAY UPON CONSOLE"
****


=== Highlighting

The ``++DISPLAY++`` statement


'''
== Comments And Links
(visible only on this page)

=== is duplicated by: S4880

endif::env-github,rspecator-view[]