Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or information leaks.
Debug code is often written to allow easier testing and debugging. This code is not intended to be shipped to production but is sometimes inadvertently left in the product. Debug code often exposes information about the product's internal structure or creates additional attack surface.
Comment corriger cette vulnérabilité
Stratégies de prévention pour Active Debug Code basées sur 6 règles de détection Shoulder.
Load DEBUG from environment variables, defaulting to False in production
# settings.py - DEBUG = True - ALLOWED_HOSTS = ['*'] + import os + + DEBUG = os.getenv('DJANGO_DEBUG', 'False').lower() == 'true' + ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',')
Load Flask debug mode from environment variables, defaulting to False
- from flask import Flask - - app = Flask(__name__) - - if __name__ == '__main__': - app.run(debug=True) + import os + from flask import Flask + + app = Flask(__name__) + + if __name__ == '__main__': + debug = os.getenv('FLASK_DEBUG', 'False').lower() == 'true' + app.run(debug=debug)
Disable Echo debug mode in production to prevent stack trace exposure
package main - import "github.com/labstack/echo/v4" - - func main() { - e := echo.New() - e.Debug = true + import ( + "os" + "github.com/labstack/echo/v4" + ) + + func main() { + e := echo.New() + e.Debug = os.Getenv("ECHO_DEBUG") == "true" e.GET("/api/users", getUsers) e.Start(":8080") }
Disable Fiber debug output and route printing in production
package main import "github.com/gofiber/fiber/v2" func main() { app := fiber.New(fiber.Config{ - EnablePrintRoutes: true, - EnableStackTrace: true, + DisableStartupMessage: true, + EnablePrintRoutes: false, + Prefork: true, }) app.Get("/api/users", getUsers) app.Listen(":8080") }
Set Gin to release mode in production to suppress debug output
package main - import "github.com/gin-gonic/gin" - - func main() { - gin.SetMode(gin.DebugMode) + import ( + "os" + "github.com/gin-gonic/gin" + ) + + func main() { + if os.Getenv("GIN_MODE") == "" { + gin.SetMode(gin.ReleaseMode) + } r := gin.Default() r.GET("/api/users", getUsers) r.Run(":8080") }
Use environment variables for debug configuration instead of hardcoded flags
- const DEBUG = true; - app.use(morgan('dev')); + const DEBUG = process.env.DEBUG === 'true'; + const isProduction = process.env.NODE_ENV === 'production'; + + if (!isProduction) { + app.use(morgan('dev')); + }
Trouvez les vulnérabilités dans votre code
Utilisez Shoulder pour scanner votre code à la recherche de patterns Active Debug Code. 6 règles.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=489 # Or scan entire project npx @shoulderdev/cli trust .
Règles de Détection (6)
Ce qu'il faut surveiller lors des revues de code
Ces patterns indiquent des vulnérabilités potentielles Active Debug Code. Recherchez-les lors des revues de code et des audits de sécurité.
Scannez votre base de code pour Active Debug Code
Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.