50 lines
1.6 KiB
Plaintext
50 lines
1.6 KiB
Plaintext
== Why is this an issue?
|
|
|
|
The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,rpg]
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD) DEBUG(*YES)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C 'CVTERR' DUMP DUMP for error
|
|
C Move *on *INLR
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,rpg]
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C Move *on *INLR
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
|
|
* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this use of "XXX"
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|