16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
55 lines
990 B
Plaintext
55 lines
990 B
Plaintext
== Why is this an issue?
|
|
|
|
The ``++DISPLAY++`` statement outputs data to standard out or some other destination and could reveal sensitive information. Therefore, it should be avoided.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,cobol]
|
|
----
|
|
DISPLAY "hello world" *> Noncompliant
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this use of "DISPLAY".
|
|
|
|
|
|
=== Parameters
|
|
|
|
.checkOnlyDisplayUponConsole
|
|
****
|
|
|
|
----
|
|
true
|
|
----
|
|
|
|
Set to false to raise issues on all "DISPLAY" uses, not just "DISPLAY UPON CONSOLE"
|
|
****
|
|
|
|
|
|
=== Highlighting
|
|
|
|
The ``++DISPLAY++`` statement
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== is duplicated by: S4880
|
|
|
|
endif::env-github,rspecator-view[]
|