ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1486/abap/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

44 lines
935 B
Plaintext
Raw Blame History

== Why is this an issue?
A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.
=== Noncompliant code example
[source,abap]
----
IF wv_parallel EQ 'X'.
BREAK-POINT.
WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----
=== Compliant solution
[source,abap]
----
IF wv_parallel EQ 'X'.
WAIT UNTIL g_nb_return EQ wv_nb_call.
ENDIF.
----
== Resources
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Remove this BREAK-POINT statement.
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink