ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1525/javascript/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

47 lines
1.1 KiB
Plaintext
Raw Permalink Blame History

== Why is this an issue?
The debugger statement can be placed anywhere in procedures to suspend execution. Using the debugger statement is similar to setting a breakpoint in the code. By definition such statement must absolutely be removed from the source code to prevent any unexpected behavior or added vulnerability to attacks in production.
=== Noncompliant code example
[source,javascript]
----
for (i = 1; i<5; i++) {
// Print i to the Output window.
Debug.write("loop index is " + i);
// Wait for user to resume.
debugger;
}
----
=== Compliant solution
[source,javascript]
----
for (i = 1; i<5; i++) {
// Print i to the Output window.
Debug.write("loop index is " + i);
}
----
== Resources
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Remove this debugger statement.
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink