CWE-531 通过测试代码导致的信息暴露
Information Exposure Through Test Code
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 540 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 540 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Confidentiality | Read Application Data |
可能的缓解方案
['Distribution', 'Installation']
策略:
Remove test code before deploying the application into production.
示例代码
例
Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP28 | Unexpected access points |