Javascript Debugger Statement Present
Description
Identifies JavaScript debugger statements left in source code that could expose application internals or enable debugging in production. These statements can pause code execution and allow inspection of program state, which presents a security risk if accessible in deployed environments.
Detection Strategy
• Scan JavaScript source files for 'debugger' statements
• Check if any debugger statements exist in the code
• Report a vulnerability for each debugger statement found in the source code
• The check applies to .js, .jsx, .ts, and other JavaScript-related files
Vulnerable code example
async function processUserData(data) {
try {
const result = await validateData(data);
debugger; // Security risk: debugger statement can expose sensitive information in production
return result;
} catch (err) {
console.error('Error processing data');
}...✅ Secure code example
async function processUserData(data) {
try {
const result = await validateData(data);
// Only log in development environment
if (process.env.NODE_ENV !== 'production') {
console.debug('Processing user data:', result);
}
return result;...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.