mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
25 lines
854 B
Plaintext
25 lines
854 B
Plaintext
/**
|
|
* @name Creating an ASP.NET debug binary may reveal sensitive information
|
|
* @description ASP.NET projects should not produce debug binaries when deploying to production as
|
|
* debug builds provide additional information useful to a malicious attacker.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @security-severity 7.5
|
|
* @precision very-high
|
|
* @id cs/web/debug-binary
|
|
* @tags security
|
|
* maintainability
|
|
* frameworks/asp.net
|
|
* external/cwe/cwe-11
|
|
* external/cwe/cwe-532
|
|
*/
|
|
|
|
import csharp
|
|
import semmle.code.asp.WebConfig
|
|
|
|
from SystemWebXmlElement web, XmlAttribute debugAttribute
|
|
where
|
|
debugAttribute = web.getAChild("compilation").getAttribute("debug") and
|
|
not debugAttribute.getValue().toLowerCase() = "false"
|
|
select debugAttribute, "The 'debug' flag is set for an ASP.NET configuration file."
|