VariantIncomplete

CWE-531Inclusion of Sensitive Information in Test Code

Category: data-exposure

Description

Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 1

  • [Distribution, Installation]Remove test code before deploying the application into production.

References

  1. https://cwe.mitre.org/data/definitions/531.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Inclusion of Sensitive Information in an Include File
CWE
Inclusion of Sensitive Information in Source Code
CWE
Insertion of Sensitive Information Into Sent Data
CWE
Inclusion of Sensitive Information in Source Code Comments
CWE
Insertion of Sensitive Information Into Debugging Code
CWE
Use of HTTP Request With Sensitive Query String
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.