JAVA.DEBUG.ENTRY

Production code must not contain debugging entry points

Vulnerability and risk

Retaining main() functions can introduce unintended entry points that can lead to a security threat.

Mitigation and prevention

Remove the main entry in the application. Ensure that only required entry points are retained.

Vulnerable code example

Copy

1
2
3
4
5
6
7
package com.klocwork;

public class JAVA_DEBUG_ENTRY_POSITIVE {
    public static void main(String args[]) {
        System.out.println("hello world");
    }
}

Fixed code example

Copy

1
2
3
4
5
6
7
package com.klocwork;

public class JAVA_DEBUG_ENTRY_NEGATIVE {
    public static void test(String args[]) {
        System.out.println("hello world");
    }
}

External guidance

CERT ENV06-J: Production code must not contain debugging entry points