Configuration: React Development Build¶

Identifier: react_development_build

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

React development builds expose debugging information and development-specific features that should not be present in production environments. When a development build is deployed to production, it can reveal internal application structure, debugging tools, and other sensitive information that could aid attackers in understanding and exploiting the application. The common mistake is forgetting to build the application in production mode before deployment, leaving development artifacts and debugging capabilities exposed to end users.

References:

https://react.dev/learn/development-tools

Configuration¶

Example¶

Example configuration:

---
security_tests:
  react_development_build:
    assets_allowed:
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.