51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
104 lines
2.8 KiB
Plaintext
104 lines
2.8 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
``++Throwable.printStackTrace(...)++`` prints a Throwable and its stack trace to ``++System.Err++`` (by default) which is not easily parseable and can expose sensitive information:
|
|
|
|
[source,java]
|
|
----
|
|
try {
|
|
/* ... */
|
|
} catch(Exception e) {
|
|
e.printStackTrace(); // Sensitive
|
|
}
|
|
----
|
|
|
|
https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.html[EnableWebSecurity] annotation for SpringFramework with ``++debug++`` to ``++true++`` enables debugging support:
|
|
|
|
[source,java]
|
|
----
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity(debug = true) // Sensitive
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
// ...
|
|
}
|
|
----
|
|
|
|
https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(true)] for Android enables debugging support:
|
|
|
|
[source,java]
|
|
----
|
|
import android.webkit.WebView;
|
|
|
|
WebView.setWebContentsDebuggingEnabled(true); // Sensitive
|
|
WebView.getFactory().getStatics().setWebContentsDebuggingEnabled(true); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
Loggers should be used (instead of ``++printStackTrace++``) to print throwables:
|
|
|
|
[source,java]
|
|
----
|
|
try {
|
|
/* ... */
|
|
} catch(Exception e) {
|
|
LOGGER.log("context", e);
|
|
}
|
|
----
|
|
|
|
https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.html[EnableWebSecurity] annotation for SpringFramework with ``++debug++`` to ``++false++`` disables debugging support:
|
|
|
|
[source,java]
|
|
----
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity(debug = false)
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
// ...
|
|
}
|
|
----
|
|
|
|
https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(false)] for Android disables debugging support:
|
|
[source,java]
|
|
----
|
|
import android.webkit.WebView;
|
|
|
|
WebView.setWebContentsDebuggingEnabled(false);
|
|
WebView.getFactory().getStatics().setWebContentsDebuggingEnabled(false);
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
=== Highlighting
|
|
|
|
debug = true
|
|
|
|
printStackTrace
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|