Typescript Debugger Statement Present
Description
Detects the presence of debugger statements in TypeScript/JavaScript code which could expose sensitive debugging information in production environments. When executed, these statements trigger debugging breakpoints that can be exploited by attackers to analyze application flow and gather information about the application's internal workings.
Detection Strategy
• Scans for 'debugger' statements in TypeScript/JavaScript source code
• Reports a vulnerability when debugger statements are found in application code
• Each discovered debugger statement triggers a distinct vulnerability report since they each represent a potential security exposure point
Vulnerable code example
function processUserData(userData) {
try {
// Process some sensitive data
const result = userData.process();
debugger; // SECURITY: Debugger statement can expose sensitive data in production
return result;
} catch (error) {
console.error('Error processing user data');...✅ Secure code example
function processUserData(userData) {
try {
// Process some sensitive data
const result = userData.process();
// Removed debugger statement to prevent exposing sensitive data
return result;
} catch (error) {
// Proper error logging without exposing details...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.