34 lines
1.4 KiB
Plaintext
34 lines
1.4 KiB
Plaintext
The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD) DEBUG(*YES)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C 'CVTERR' DUMP DUMP for error
|
|
C Move *on *INLR
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C Move *on *INLR
|
|
----
|
|
|
|
|
|
== See
|
|
|
|
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code
|
|
|