# Active Debug Code (CWE-489) The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or information leaks. **Stack:** JavaScript - Prevalence: Alta Frecuentemente explotada - Impact: Crítico 1 reglas de severidad crítica - Prevention: Documentada 6 ejemplos de corrección **OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5 ## Description Debug code is often written to allow easier testing and debugging. This code is not intended to be shipped to production but is sometimes inadvertently left in the product. Debug code often exposes information about the product's internal structure or creates additional attack surface. ## Prevention Estrategias de prevención para Active Debug Code basadas en 1 reglas de detección de Shoulder. ### JavaScript Use environment variables for debug configuration instead of hardcoded flags ## Warning Signs - [MEDIUM] Debug flag at line ... is hardcoded to true - [MEDIUM] hardcoded debug flags that expose sensitive information or enable debugging features in production ## Consequences - Leer datos de la aplicación - Eludir mecanismo de protección - Ejecutar código no autorizado ## Mitigations - Elimina el código de depuración antes de desplegar el producto en producción - Usa configuraciones de build que excluyan automáticamente el código de depuración de las compilaciones de producción - Audita el código en busca de endpoints de depuración y puertas traseras antes del lanzamiento ## Detection - Total rules: 6 - Critical: 1 - Languages: python, go, javascript, typescript ## Rules by Language ### Javascript (1 rules) - **Debug Mode Enabled in Production** [MEDIUM]: Detects hardcoded debug flags that expose sensitive information or enable debugging features in production. - Remediation: Use environment variables for debug/development mode configuration. ### Typescript (1 rules) - **Debug Mode Enabled in Production** [MEDIUM]: Detects hardcoded debug flags that expose sensitive information or enable debugging features in production. - Remediation: Use environment variables for debug/development mode configuration.