Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2778

CICS "DUMP" and "DUMP TRANSACTION" should not be used

    XMLWordPrintable

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Remove this use of "xxx".
    • Default Severity:
      Minor
    • Impact:
      Low
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      Cobol
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • CWE:
      CWE-497
    • OWASP:
      A3

      Description

      The use of DUMP and DUMP TRANSACTION, while potentially useful during development and debugging, could expose system information to attackers and should not be used in production.

      Noncompliant Code Example

      EXEC CICS DUMP TRANSACTION  *> Noncompliant
        DUMPCODE('dumpfile')
        FROM (area-to-dump)
        LENGTH (data-to-dump)
      END-EXEC.
      

      See

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ann.campbell.2 Ann Campbell
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: