Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-1486

"BREAK-POINT" statement should not be used in production

    XMLWordPrintable

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Remove this BREAK-POINT statement.
    • Default Severity:
      Minor
    • Impact:
      Low
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      ABAP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      1min
    • CWE:
      CWE-489
    • OWASP:
      A3

      Description

      A BREAK-POINT statement is used when debugging an application with help of the ABAP Debugger. But such debugging statements could make an application vulnerable to attackers, and should not be left in the source code.

      Noncompliant Code Example

      IF wv_parallel EQ 'X'.
        BREAK-POINT.  
        WAIT UNTIL g_nb_return EQ wv_nb_call.
      ENDIF.
      

      Compliant Solution

      IF wv_parallel EQ 'X'.
        WAIT UNTIL g_nb_return EQ wv_nb_call.
      ENDIF.
      

      See

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              freddy.mallet Freddy Mallet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: