# Active Debug Code (CWE-489)

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or information leaks.

**Stack:** Go

- Prevalence: उच्च बार-बार शोषित
- Impact: क्रिटिकल 1 क्रिटिकल गंभीरता वाले नियम
- Prevention: प्रलेखित 6 फिक्स उदाहरण

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

Debug code is often written to allow easier testing and debugging. This code is not intended to be shipped to production but is sometimes inadvertently left in the product. Debug code often exposes information about the product's internal structure or creates additional attack surface.

## Prevention

3 Shoulder डिटेक्शन नियमों पर आधारित Active Debug Code के लिए रोकथाम रणनीतियाँ।

### Go

Disable Echo debug mode in production to prevent stack trace exposure

Disable Fiber debug output and route printing in production

Set Gin to release mode in production to suppress debug output

## Consequences

- एप्लिकेशन डेटा पढ़ना
- सुरक्षा तंत्र को बायपास करना
- अनधिकृत कोड निष्पादित करना

## Mitigations

- उत्पाद को प्रोडक्शन में डिप्लॉय करने से पहले डिबगिंग कोड हटाएँ
- ऐसी build कॉन्फ़िगरेशनों का उपयोग करें जो प्रोडक्शन builds से डिबग कोड स्वतः बाहर रखें
- रिलीज़ से पहले डिबग endpoints और backdoors के लिए कोड का ऑडिट करें

## Detection

- Total rules: 6
- Critical: 1
- Languages: python, go, javascript, typescript

## Rules by Language

### Go (3 rules)

- **Echo Debug Mode in Production** [MEDIUM]: Echo debug mode exposes stack traces and verbose errors in production.
  - Remediation: Disable debug mode in production.

```go
e := echo.New()
e.Debug = false
```

Learn more: https://shoulder.dev/learn/go/cwe-489/debug-mode
- **Fiber Debug Mode in Production** [MEDIUM]: Fiber debug configuration exposes route structure and stack traces.
  - Remediation: Use production configuration to disable debug output.

```go
app := fiber.New(fiber.Config{
    DisableStartupMessage: true,
    EnablePrintRoutes:     false,
})
```

Learn more: https://shoulder.dev/learn/go/cwe-489/debug-mode
- **Gin Debug Mode in Production** [MEDIUM]: Gin debug mode exposes routing info and verbose errors in production.
  - Remediation: Set release mode before creating the router.

```go
gin.SetMode(gin.ReleaseMode)
r := gin.Default()
```

Learn more: https://shoulder.dev/learn/go/cwe-489/debug-mode