Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discussion/Proposal: new requirement - no test-code in production environment. #894

Closed
elarlang opened this issue Jan 4, 2021 · 10 comments
Closed

Discussion/Proposal: new requirement - no test-code in production environment. #894

elarlang opened this issue Jan 4, 2021 · 10 comments
Assignees
@jmanico

Comments

@elarlang
Copy link
Collaborator

elarlang commented Jan 4, 2021

Spin-off from #880

#880 (comment)

New requirement like "Verify that production environment does not have test code.".
Language and grammar check and wordsmith needed.
@jmanico
Copy link
Member

jmanico commented Mar 11, 2021

I think "Verify that production environment does not include test code" is ready for a PR.

@elarlang
Copy link
Collaborator Author

Category V14.1 "Configuration" > "Build"?

@jmanico
Copy link
Member

jmanico commented Mar 11, 2021

I agree, good call! Let's do it!

@jmanico jmanico self-assigned this Mar 12, 2021
@jmanico
Copy link
Member

jmanico commented Mar 12, 2021

I'll keep an eye on this but would you care to drop the initial PR for this @elarlang ?

@elarlang
Copy link
Collaborator Author

What CWE I could use?

@elarlang elarlang mentioned this issue Mar 18, 2021
Closed
@elarlang
Copy link
Collaborator Author

Jim probably answered to another issue: #696 (comment)

@jmanico jmanico closed this as completed Mar 18, 2021
@jmanico jmanico reopened this Mar 18, 2021
@OWASP OWASP deleted a comment from elarlang Mar 18, 2021
@jmanico
Copy link
Member

jmanico commented Mar 18, 2021

@elarlang I deleted on of your comments on accident but this is indeed back open, my bad.

@jmanico
Copy link
Member

jmanico commented Mar 18, 2021

What CWE I could use?

I say 489

https://cwe.mitre.org/data/definitions/489.html (debug code in production)

or

https://cwe.mitre.org/data/definitions/215.html (sensitive data in debug code)

@elarlang
Copy link
Collaborator Author

Proposal:

@jmanico
Copy link
Member

jmanico commented Mar 19, 2021

I like it.

@elarlang elarlang mentioned this issue Mar 19, 2021
Merged
jmanico added a commit that referenced this issue Mar 19, 2021
@jmanico
Merge pull request #933 from elarlang/asvs-issue-894
6e0bc75 
closes #894 + some missing dots
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmanico jmanico

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmanico @elarlang