16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
44 lines
938 B
Plaintext
44 lines
938 B
Plaintext
== Why is this an issue?
|
|
|
|
A ``++BREAK-POINT++`` statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,abap]
|
|
----
|
|
IF wv_parallel EQ 'X'.
|
|
BREAK-POINT.
|
|
WAIT UNTIL g_nb_return EQ wv_nb_call.
|
|
ENDIF.
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,abap]
|
|
----
|
|
IF wv_parallel EQ 'X'.
|
|
WAIT UNTIL g_nb_return EQ wv_nb_call.
|
|
ENDIF.
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this BREAK-POINT statement.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|