Vulnerability

Never use Console logging in production

Description

    The rule "Never use Console logging in production" states that developers should never use Console logging when deploying their code to a production environment. Console logging is a debugging technique that allows developers to output information to the console window during code execution. While this can be useful for debugging purposes, it should not be used when the code is running in a production environment. This is because the information outputted to the console can be visible to users, which can lead to security and privacy issues. Additionally, the output from the console can also slow down the performance of the application, which can lead to an overall decrease in user experience. Therefore, it is best to avoid using Console logging in production environments.

Key Benefits

  • Debugging: Console logging can be used to debug code in development environments, but should never be used in production.
  • Security: Console logging can expose sensitive information and should never be used in production.
  • Performance: Console logging can have a negative impact on performance and should never be used in production.

 

Non-compliant Code Example

FUNCTION ulong WriteConsole(long Handle, String OutPut, long NumCharsToWrite, &REF long NumCharsWritten, long reserved) LIBRARY "Kernel32.dll" ALIAS FOR "WriteConsoleW"
Visual Expert 2023
 VEPBRULE5