Skip to content

Information Disclosure: Sensitive Comments

Identifier: sensitive_comments

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Sensitive comments are pieces of code documentation that unintentionally reveal details about the application's inner workings. This is dangerous because, if attackers access your source codeeven just the commentsthey can learn about potential security weaknesses and design flaws that could be exploited. Many developers might leave personal notes or debugging information in the code, not realizing that these details can be gathered by anyone who gets access to the repository, ultimately making the application more vulnerable to targeted attacks.

Configuration

Example

Example configuration:

---
security_tests:
  sensitive_comments:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.