37 lines
1.6 KiB
Plaintext
37 lines
1.6 KiB
Plaintext
Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007[CVE-2018-1999007]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306[CVE-2015-5306]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006[CVE-2013-2006]
|
|
|
|
The ``DEBUG(*YES)`` and ``DUMP`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code.
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD) DEBUG(*YES)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C 'CVTERR' DUMP DUMP for error
|
|
C Move *on *INLR
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C Move *on *INLR
|
|
----
|
|
|
|
include::../see.adoc[]
|